JWT Generator
Create JSON Web Tokens with custom claims, algorithms, and expiration. Generate HS256/HS384/HS512 tokens instantly. Process data securely in your browser with no information transmitted to external servers..
Standard Claims
Custom Claims
No custom claims added yet
What is JWT Generator | Rune
JWT Generator creates signed JSON Web Tokens with customizable headers, standard claims, and any custom claims you need. Choose from HMAC algorithms (HS256, HS384, HS512), set expiration time, issuer, subject, audience, and add unlimited custom claims with string, number, or boolean types.
Ideal for developers building authentication flows, testing APIs, or learning about JWT structure. All token generation uses the Web Crypto API and runs entirely in your browser. Implements industry-standard cryptographic algorithms and security protocols for reliable results. All security operations run locally in your browser, ensuring sensitive data never leaves your device.
Key Features of JWT Generator
Everything you need for professional jwt generator
Multiple Algorithms
Generate tokens signed with HS256, HS384, or HS512 using HMAC with your secret key.
Standard Claims
Set issuer (iss), subject (sub), audience (aud), and expiration time with intuitive form fields.
Custom Claims
Add unlimited custom claims with string, number, or boolean value types for complete flexibility.
Expiration Control
Set token expiration in minutes. Generated tokens include iat (issued at) automatically.
One-Click Copy
Copy the generated JWT token to clipboard instantly for use in your API requests.
Client-Side Security
Token generation uses the Web Crypto API. Your secret key never leaves your browser.
How to Use JWT Generator
Follow these simple steps to get started
Configure Claims
Choose algorithm, enter secret key, set standard claims and add custom claims as needed.
Generate Token
Click generate to create a signed JWT using HMAC with your selected algorithm.
Copy & Use
Copy the generated token and use it in your API authorization headers or testing.
Pro Tips
- Use a strong, random secret key (at least 32 characters) for HS256 in production environments.
- Set short expiration times (15-60 minutes) for access tokens and longer for refresh tokens.
- Always include 'iss' and 'aud' claims to restrict token usage to specific services.
- Test your JWT by pasting it into the JWT Decoder tool to verify the claims are correct.
Explore More Tools
Discover other powerful tools to boost your productivity
Frequently Asked Questions
Everything you need to know about JWT Generator
What algorithms does this JWT generator support?
Currently supports HMAC algorithms: HS256 (SHA-256), HS384 (SHA-384), and HS512 (SHA-512). These are the most common symmetric signing algorithms for JWT.
Is my secret key safe?
Yes. Token generation uses the Web Crypto API entirely in your browser. Your secret key is never sent to any server or stored anywhere.
Can I use these tokens in production?
These tokens are cryptographically valid and can be used for testing and development. For production, ensure you use strong secret keys and proper token lifecycle management.
What is the difference between HS256, HS384, and HS512?
They all use HMAC signing but with different SHA hash sizes: SHA-256 (256-bit), SHA-384 (384-bit), and SHA-512 (512-bit). Larger hashes provide stronger signatures.
Can I add custom claims?
Yes, you can add unlimited custom claims with string, number, or boolean value types. Custom claims are added to the payload alongside standard claims.
What is the 'iat' claim?
The 'iat' (issued at) claim records when the token was created as a Unix timestamp. It is automatically included in every generated token.
Is this tool free?
Yes, completely free with no limits on token generation. No account required.
How do I verify the generated token?
Use the JWT Decoder tool to decode and inspect the token, or verify it programmatically on your server with the same secret key.
Still need help?
Can't find what you're looking for? Our support team is here to assist you.
Contact Support