edit_note

JWT Sign (HS256)

Create and sign JWT tokens using HS256 algorithm. Generate secure tokens with custom payloads.

Secret Key

Secret should be at least 256 bits (32 characters) for HS256

Payload

Issuer (iss)

Subject (sub)

Audience (aud)

Issued At (iat)

Expires (exp)

Custom Claims (JSON)

edit_note

Configure payload and click Sign Token

HS256 Algorithm

1Header + Payload

add

2Secret Key

arrow_forward

3HMAC-SHA256

AlgorithmHMAC-SHA256

Key TypeSymmetric (shared secret)

Signature Size256 bits

About JWT Signing

HS256 (HMAC with SHA-256) uses a shared secret key to sign and verify tokens. Both the issuer and verifier must have the same secret key. This is suitable for applications where both parties are trusted and can securely share a secret.

Use a cryptographically strong secret (at least 256 bits)
Never expose your secret key in client-side code
Set appropriate expiration times for security
Consider RS256 for distributed systems where secret sharing is impractical
All token generation happens locally in your browser