JWT Faker
Decode, verify (HMAC), and generate JSON Web Tokens (JWT) directly in your browser. Use the tabs below to analyze or create tokens.
Only HMAC supported initially. RSA/ECDSA require key pairs.
About JWT Faker
JSON Web Tokens carry claims between a client and a server in a compact, signed form — three Base64URL segments joined by dots: a header, a payload, and a signature. When you're debugging an auth flow, you constantly need to peek inside a token to see who it's for and when it expires, confirm a signature was produced with the right secret, or craft a test token with specific claims. This tool does all three without sending anything to a backend.
Paste a token to decode it and the header and payload are pulled apart and pretty-printed, with timestamps like exp and iat shown in a readable form. Supply the HMAC secret and the tool verifies whether the signature matches, so you can tell a valid token from a tampered or stale one. Switch to generate mode to build a token from scratch — set the claims you want and sign it with HS256/HS384/HS512 to produce test fixtures for your auth code.
Because the decoding, verification, and signing all run locally in your browser, real tokens and secrets never leave your machine. That's important: a JWT often contains live session claims, and its signing secret is a credential. Keeping the work client-side means you can debug production tokens without leaking them to a third-party server.
How to use JWT Faker
Paste a token to decode
Drop a JWT into the input and the tool splits and pretty-prints the header and payload, showing claims like exp and iat in readable form.
Verify the signature
Enter the HMAC secret used to sign the token. The tool recomputes the signature and tells you whether it matches — proving the token is authentic and unmodified.
Generate a test token
Switch to generate mode, set the claims you need, choose an HMAC algorithm (HS256/384/512), and provide a secret to sign a fresh token.
Copy the result
Copy the decoded claims or the newly generated token into your tests, API client, or auth debugging session.
Frequently asked questions
Related developer tools
JWT Debugger / Decoder
Decode and inspect JSON Web Tokens (JWTs). Instantly view header, payload, signature, and expiration status.
Base64 Encoder / Decoder
Encode text or files to Base64, or decode Base64 back to its original form. Supports text input and file drag-and-drop.
Hash Generator & Verifier
Generate MD5, SHA-1, SHA-256, SHA-512, and bcrypt hashes. Verify strings against known hashes.