Generate JSON Web Tokens with HMAC signing — pure client-side, no server needed.
Frequently Asked Questions
What is a JWT token?▼
JWT (JSON Web Token) is an open standard for securely transmitting information as a JSON object. It consists of three parts: header, payload, and signature, separated by dots.
How does JWT signing work?▼
The header and payload are Base64URL-encoded and combined with a dot. The server then creates an HMAC signature using the secret key, which is appended to form the complete token.
What algorithms are supported?▼
HS256 (HMAC-SHA256), HS384 (HMAC-SHA384), and HS512 (HMAC-SHA512) are supported. All use symmetric signing with a shared secret.
Is my secret safe?▼
Yes. Everything runs in your browser using the Web Crypto API. Your secret is never sent to any server.
What can I put in the payload?▼
Any valid JSON. Common claims include sub (subject), iat (issued at), exp (expiration), name, email, and role.
Can I set an expiration time?▼
Yes. Use the quick-add buttons to include iat (issued at) and exp (expiration) claims with preset durations.
What is the difference between HS256, HS384, and HS512?▼
They use different SHA hash functions (256, 384, or 512 bits). Higher numbers produce longer signatures but HS256 is sufficient for most uses.
Can I decode a JWT token here?▼
This tool focuses on generation. To decode, paste any JWT and the decoded header and payload will be shown.