← back to flaviocopes.com

JWT generator & signer

← All tools

Build and sign JSON Web Tokens with HMAC (HS256/HS384/HS512) using Web Crypto. For decode-only inspection use the JWT decoder. Secrets never leave the browser.

~~~
Warnings: HS256 secrets must be long and random (32+ bytes). Never put secrets or PII in the payload — it is only base64, not encrypted. RS256/ES256 need key pairs; use a proper library for asymmetric signing.
~~~

About this tool

Signs JWTs with HMAC via crypto.subtle — same algorithms browsers support for symmetric keys. Verification re-signs and compares. Production apps should use established libraries and never log secrets.

~~~

Read more