JWT Encoder, Decoder & Generator
Encode, decode, and generate JSON Web Tokens with support for HS256, HS384, and HS512 algorithms.
About JWT Encoder, Decoder & Generator
Our free online JWT (JSON Web Token) tool allows you to encode, decode, and generate JWT tokens with support for HS256, HS384, and HS512 algorithms. JWTs are compact, URL-safe tokens used for securely transmitting claims between parties as JSON objects.
A JWT consists of three parts: Header (algorithm and token type), Payload (claims and data), and Signature (verification). The header and payload are Base64Url encoded, and the signature is created by signing the encoded header and payload with a secret key using the specified algorithm.
This tool processes all data entirely in the browser using JavaScript and CryptoJS, ensuring your tokens and secret keys never leave your device. Decode JWTs to inspect their contents or generate new tokens for testing and development.
The auto-update feature refreshes the output in real-time as you type, making it convenient for rapid iteration. You can customize the algorithm, secret key, header, and payload to generate JWT tokens for various authentication and authorization scenarios.
Features
Dual Mode
Switch between Generate JWT and Decode JWT modes for different use cases.
Multiple Algorithms
Support for HS256, HS384, and HS512 HMAC signing algorithms.
Structured Display
Displays Header, Payload, and Signature separately for easy inspection.
Auto-Update
Automatically decode or generate JWT as you type for instant results.
Privacy First
All processing happens in your browser. Your tokens never leave your device.
One-Click Copy
Copy the generated JWT token or decoded output to clipboard with a single click.
How to Use
Select Mode
Choose between Generate JWT or Decode JWT based on your needs.
Enter Required Data
For generate mode, enter header and payload JSON. For decode mode, paste the JWT token.
Set Algorithm and Key
Choose the signing algorithm (HS256/HS384/HS512) and enter your secret key.
Generate or Decode
Click the action button or enable auto-update. Copy the result when done.
Frequently Asked Questions
What is a JWT?
JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting claims between parties as a JSON object. It is commonly used for authentication and information exchange in web applications.
What are the three parts of a JWT?
A JWT consists of Header (algorithm and token type), Payload (claims and data), and Signature (verification). These parts are separated by dots in the encoded token format.
What is the difference between HS256, HS384, and HS512?
These are HMAC-SHA algorithms with different hash sizes. HS256 uses 256-bit hashes, HS384 uses 384-bit, and HS512 uses 512-bit. Higher bit sizes provide stronger security but may be slightly slower.
Can I decode a JWT without the secret key?
Yes, the header and payload of a JWT are only Base64Url encoded, not encrypted. Anyone can decode and read them. The signature is what prevents tampering, as it requires the secret key to verify.
Is this JWT tool free?
Yes, it is completely free to use with no registration, sign-up, or limits. All encoding and decoding happens in your browser using JavaScript and CryptoJS.
Does it work offline?
Yes, once the page is loaded, all JWT encoding and decoding happens entirely in your browser. No server communication is needed after the initial page load.