yigityalim
projectshandbookslabshireshare
xgithub
siteprojectshandbookslabschangelog
aboutusesnowhireshare
elsewherexgithublinkedinemail
metarssllms.txtsitemap
© 2026 Yiğit Yalım. All rights reserved.
/
Back to Labs
May 10, 2026·auth

JWT Generator

Payload + secret + algorithm → signed JWT. The reverse of JwtDecoder. HS256/384/512, auto-regenerate on input change, exp/iat/nbf claim helpers.

jwt · jose · hmac · hs256

JwtDecoder reads existing tokens; JwtGenerator produces new ones. For tests, debugging, fixture data — when you need a local token, build it here.

JwtGenerator
header claims
alg: HS256 · typ: JWT (varsayılan)
secret (HMAC key)
Yaygın örnek secret kullanıyorsun — production'da rastgele üret.

Structure

JWT = base64url(header) + "." + base64url(payload) + "." + base64url(HMAC(header.payload, secret))

On any input change the lab:

  1. Builds the header with your chosen alg + typ: "JWT"
  2. Base64url-encodes the payload JSON
  3. Signs with HMAC via WebCrypto (crypto.subtle.sign)
  4. Joins the three parts with .

Claim helpers

+ iat / + exp / + nbf buttons inject Unix timestamps:

  • iat (issued at) — now
  • exp (expires at) — now + 1 hour
  • nbf (not before) — now

For production JWTs, use jose or jsonwebtoken. This lab is for learning/testing.

PreviousJWT Decoder + VerifierNextPassword Entropy Meter