— About this tool
A JSON Web Token (JWT) is a signed, URL-safe token with three parts — header, payload and signature — used to carry authentication claims between services. This generator takes your JSON payload, signs it with the algorithm and key you choose, and outputs a ready-to-use token. For HS256/384/512 you supply a shared secret; for RS256 you paste a PKCS#8 private key and the matching public key verifies it elsewhere.
Signing happens locally with the jose library on top of the Web Crypto API, so your payload and keys never touch a server. Use it to mint test tokens for an API, reproduce an auth bug, or understand exactly what a given header and payload sign to. To inspect an existing token instead, use the JWT decoder.
Your payload and signing key stay in your browser — the token is signed locally.
Frequently asked questions
What is the difference between HS256 and RS256?
HS256 uses a single shared secret to both sign and verify (symmetric). RS256 uses a private key to sign and a separate public key to verify (asymmetric), which lets you distribute the public key without exposing the ability to sign. Choose based on what your verifier expects.
Does this set exp, iat or other claims automatically?
No — it signs exactly the payload you provide, so you stay in control. Add registered claims like exp (expiry) or iat (issued-at) to your JSON yourself, as Unix timestamps in seconds.
How do I read a token I already have?
Use the JWT decoder, which splits a token into its header and payload and shows the claims without needing the secret.