How to Generate JWT Tokens

Create and sign JWT tokens with custom claims, algorithms, and expiration. Free online JWT generator with HS256, RS256 support and payload editor.

Open JWT Generator →

Step-by-Step Guide

1

Choose a signing algorithm

Select your signing algorithm from the dropdown — HS256 (HMAC-SHA256) for shared-secret signing, or RS256 (RSA-SHA256) for public/private key pairs. HS256 is simpler and ideal for internal services, while RS256 is standard for OAuth 2.0 and OpenID Connect flows.

2

Set payload claims

Edit the JSON payload with your custom claims. Add standard claims like iss (issuer), sub (subject), aud (audience), and exp (expiration). You can also add any custom key-value pairs your application needs, such as user roles or permissions.

3

Configure header and expiration

Set the token expiration time — common values are 15 minutes for access tokens and 7 days for refresh tokens. The header is auto-populated with the algorithm and token type (JWT), but you can add custom header fields like kid (key ID) if needed.

4

Generate and copy the token

Click Generate to create your signed JWT. The tool displays the encoded token string along with a decoded view showing header, payload, and signature. Copy the token to use in Authorization headers or paste it into your application configuration.

Try It Now — Free

No signup, no download. Runs entirely in your browser.

Open JWT Generator

Frequently Asked Questions

Is it safe to generate JWT tokens in the browser?
Yes — all token generation happens entirely in your browser using JavaScript. Your secret keys and payload data never leave your machine. However, never embed production secrets in client-side code; use this tool for development and testing only.
What signing algorithms are supported?
The tool supports HS256 (HMAC with SHA-256) which uses a shared secret, and RS256 (RSA with SHA-256) which uses a public/private key pair. HS256 is the most common for simple setups, while RS256 is preferred when tokens need to be verified by multiple services.
How do I validate a JWT token I generated?
Use our JWT Decoder tool to paste and decode any JWT token. It will show the header, payload, and verify the signature if you provide the secret key. You can also validate tokens programmatically using libraries like jsonwebtoken (Node.js) or PyJWT (Python).
Related Reference

JavaScript Cheat Sheet

View Cheat Sheet →

More Guides

How to Format JSON Online How to Encode & Decode Base64 How to Generate UUID Online How to Test an API Online