Skip to tool
All tools
FeuTex · free tools runs in-browser no bloat built by LiMiT

Online JWT Generator

Generate a JWT from header/payload JSON and a shared secret, or paste an existing token to decode and verify it. Everything runs locally in your browser (no network calls).

Category: Developer · URL: /tools/online-jwt-generator.html

Generate

Tip: "none" creates an unsigned token (third part is empty). For HS* algorithms, signing/verification uses Web Crypto (SubtleCrypto) and runs locally.

Decode / Verify

Related tools: Base64 Converter · JSON to CSV · Cron Checker · YAML Formatter · XML from Excel · XML Tools Notepad++
Privacy: runs locally in your browser. No uploads, no tracking scripts.

How to use

Use this tool to build or inspect tokens.

  1. To generate: choose an algorithm, enter a secret, and edit the header/payload JSON (optionally auto-add iat/nbf/exp), then click Generate JWT.
  2. To decode/verify: paste a token into the JWT input box and click Decode or Verify.
  3. Use Copy Output to copy the token or decoded result.
Keywords this page targets (natural cluster): online jwt generator, jwt generator hs256, jwt generator hs512, jwt generator hs384, jwt encode online, jwt decode online, jwt verify online, jwt signature validator, base64url jwt encoder, jwt header payload editor, add exp iat nbf to jwt, hmac jwt signer, create bearer token online, jwt token builder, decode jwt header payload, verify jwt with secret, jwt alg none generator, jwt claims exp calculator, jwt json payload generator, jwt tool no backend
Secondary intents covered: Generate a signed JWT from JSON header and payload, Decode a JWT into header, payload, and signature parts, Verify an HS256/HS384/HS512 JWT against a shared secret, Add iat/nbf/exp claims using a simple expiry input, Troubleshoot invalid JWT format or Base64URL issues, Copy a generated token quickly for Authorization: Bearer usage, Compare two tokens by regenerating with the same inputs, Create an unsigned token with alg=none for testing

FAQ

Does this JWT tool send my secret or token to a server?

No. Signing/decoding/verification runs locally in your browser and the script does not make network calls.

Which algorithms are supported?

HS256, HS384, HS512, and alg=none (unsigned). RSA/ECDSA are not included in this lightweight version.

Why does verification fail even though the token looks correct?

Most failures are due to a wrong secret, a changed token character, or a different alg than expected in the header.

What are iat, nbf, and exp?

They are standard timestamp claims (seconds since epoch): issued-at, not-before, and expiration.

Can I generate a token without a signature?

Yes—select alg=none. The signature part will be empty and verification is only a format check for alg=none.

Why does my payload JSON change order in the token?

JWT signing uses the exact JSON string; JSON key order may be normalized by the serializer, which changes the token value even if the data is equivalent.

Is this safe for production security decisions?

Use it for development/debugging. Production systems should verify tokens server-side with proper key management and constant-time comparisons.