JWT Signer

Type a header, a payload, and a shared secret. The tool computes the HMAC-SHA-256, HMAC-SHA-384, or HMAC-SHA-512 signature with the browser's built-in SubtleCrypto and shows you the signed header.payload.signature token. Everything stays in this tab — the secret is never uploaded.

Algorithm

alg, typ, kid …

The alg field must match the algorithm you picked above. We refuse to sign otherwise.

iss, sub, aud, iat, nbf, exp …
at least 32 bytes for HS256 (RFC 7518 §3.2)
— bytes — bits of entropy
Type a header, payload, and secret to sign.
How to use this signer
  • Pick an algorithm. HS256 is the default; it's what most APIs want.
  • Type a header as JSON. The minimum valid header is {"alg":"HS256"}. A typ of "JWT" is conventional.
  • Type a payload as JSON. Standard claims (iss, sub, aud, exp, nbf, iat) are highlighted below the breakdown.
  • Type or generate a shared secret. HS256 wants at least 32 bytes; we warn on anything shorter.
  • Click Load sample for a working example you can edit.
  • The signed token updates as you type. Copy it with the button or by selecting the box.
  • This tool signs locally. The secret never leaves your browser. Don't paste a real production secret into a machine you don't trust.
  • Verification is the server's job. This tool is a signer, not a verifier — pair it with the JWT decoder to inspect tokens you receive.