What is the JWT Signer and what does it do?

The JWT Signer turns a JSON payload and a shared secret into a complete, signed JSON Web Token using the HMAC algorithms HS256, HS384, or HS512.

How do I create a JWT from a payload?

Paste your claims as JSON, choose an algorithm, and enter a secret; the tool encodes the header and payload and appends the HMAC signature to produce a complete token.

What algorithms does the JWT Signer support?

It signs tokens with the HMAC algorithms HS256, HS384, and HS512, which all use a single shared secret rather than a public/private key pair.

Can I verify or decode the token the JWT Signer produces?

This tool only signs tokens, but you can paste the result into the JWT Decoder to inspect the header and payload.

Does the JWT Signer send my secret or payload anywhere?

No. The JWT Signer runs entirely in your browser using the Web Crypto API, so your secret and payload are processed locally and never leave your device.

Why does my signed token differ from another tool's output?

Signatures change with the secret and algorithm; identical payloads only yield identical tokens when the same secret and HMAC algorithm are used.

JWT Signer

Create and sign a JWT (HS256/384/512) from a payload and secret — Web Crypto.

Your payload and secret are signed locally in your browser with the Web Crypto API and nothing is uploaded, but treat this as a testing tool and avoid pasting real production secrets or tokens.

Need to inspect a token? Try the JWT Decoder.

About JWT Signer

This jwt signer creates and signs a JSON Web Token from a JSON payload and a shared secret using the HMAC algorithms HS256, HS384, and HS512. Paste your claims, choose an algorithm, and the tool builds the header, base64url-encodes everything, and signs it with the Web Crypto API to produce a complete token. It is handy when you need to sign jwt online for local testing, mock an auth flow, or generate a jwt to verify how your backend validates HMAC signatures. Developers, QA engineers, and API testers can quickly create a jwt token without wiring up a signing library. Everything runs locally in your browser, so the payload and secret are processed on your device and nothing is uploaded to a server.

Features

Signs tokens with HS256, HS384, or HS512 HMAC algorithms
Builds the JWT header and base64url encoding automatically
Uses the browser's native Web Crypto API to compute signatures
Validates that your payload is well-formed JSON before signing
Lets you set any shared secret for the HMAC signature
Updates the signed token live as you edit the payload or secret
Outputs a complete, ready-to-use header.payload.signature token
Download the signed token as a token.jwt file

How to use the JWT Signer

Paste your claims as JSON into the Payload (JSON) input box.
Pick the signing algorithm with the HS256 / HS384 / HS512 toggle.
Type your shared secret into the Secret field.
Copy the signed token from the Signed JWT (HMAC) output, or download it as token.jwt.

Example

Input

{
  "sub": "1234567890",
  "name": "Ada",
  "iat": 1516239022
}

Output

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkFkYSIsImlhdCI6MTUxNjIzOTAyMn0.0J9-Vq0Qb8m8Pq3qkFf3kYwQ5kqS1q3y6n8m9Y4hXyU

Payload signed with HS256 and the secret "your-256-bit-secret" (signature shown is illustrative).

Common errors & troubleshooting

The signer shows a JSON error and produces no token. — Make sure the payload is valid JSON, for example wrap string values in double quotes and remove trailing commas.
Signing fails because no secret is set. — Enter a value in the Secret field; an HMAC token cannot be signed without a shared secret.
Your backend rejects the token as having an invalid signature. — Confirm the verifier uses the exact same secret and algorithm (HS256/384/512) you selected when signing.
You expected an RS256 or ES256 token. — This tool signs only HMAC algorithms; use HS256, HS384, or HS512, which share one secret rather than a public/private key pair.

Frequently asked questions

What is the JWT Signer and what does it do?: The JWT Signer turns a JSON payload and a shared secret into a complete, signed JSON Web Token using the HMAC algorithms HS256, HS384, or HS512.
How do I create a JWT from a payload?: Paste your claims as JSON, choose an algorithm, and enter a secret; the tool encodes the header and payload and appends the HMAC signature to produce a complete token.
What algorithms does the JWT Signer support?: It signs tokens with the HMAC algorithms HS256, HS384, and HS512, which all use a single shared secret rather than a public/private key pair.
Can I verify or decode the token the JWT Signer produces?: This tool only signs tokens, but you can paste the result into the JWT Decoder to inspect the header and payload.
Does the JWT Signer send my secret or payload anywhere?: No. The JWT Signer runs entirely in your browser using the Web Crypto API, so your secret and payload are processed locally and never leave your device.
Why does my signed token differ from another tool's output?: Signatures change with the secret and algorithm; identical payloads only yield identical tokens when the same secret and HMAC algorithm are used.

Related tools

JWT Decoder — Decode JWT header & payload and inspect exp / iat (no verification).
TOTP / 2FA Generator — Generate time-based one-time passwords (2FA codes) from a base32 secret.
Hash Generator — SHA-256 / SHA-1 / SHA-384 / SHA-512 via the Web Crypto API.
Password Generator — Generate strong, random passwords with a strength meter (crypto-secure).
Base64 Encode / Decode — UTF-8 safe Base64 encoding and decoding.
URL Parser — Break a URL into its parts and list query parameters.
Unix Timestamp Converter — Convert between Unix timestamps and human dates (local + UTC).
UUID Generator — Generate one or many random UUID v4 values.