Tiny Online Tools logoTiny Online ToolssearchBuscar ferramentas…grid_viewTodas as ferramentas
Iniciochevron_rightFerramentas para Desenvolvedoreschevron_rightJWT geradorJWT gerador

JWT gerador

Generate e sign JSON Web Tokens com HMAC, or decodificar any JWT.

keyGerarlock_openDecode
warningSignature is not verified here — this tool only decodes the header and payload for inspection purposes.

Ferramentas semelhantes

JSON validador

JSON validador

validar JSON syntax quickly.

HEX visualizador

HEX visualizador

View any file as a HEX dump com offset, HEX bytes, e ASCII columns.

Text to Binary

Text to Binary

Convert text into binary code (0s and 1s) with per-character breakdown.

HEX para RGB

HEX para RGB

converter HEX color codes para RGB, HSL, HSV values com a live color preview.

Sobrepor imagens

Sobrepor imagens

Combine duas imagens colocando uma imagem de sobreposicao sobre uma imagem base com posicao, escala, opacidade e modo de mesclagem ajustaveis.

Recortar vídeo

Recortar vídeo

Corte e recorte clipes de vídeo para um horário inicial e final específico no navegador.

Mesclar CSV

Mesclar CSV

Mescle vários arquivos CSV empilhando linhas ou unindo por uma coluna chave.

apps

Mais ferramentas

Explore nossa colecao completa de ferramentas online gratuitas.

Gera & Decodifica JWTs for Authentication Testing

JSON Web Tokens (JWTs) are the standard for API authentication and authorization. Whether you're building an auth system, testing token flows, or debugging authentication issues, you need a way to quickly Cria and inspect JWTs without writing code.

This JWT Generator lets you Cria tokens with custom headers and payloads, sign them with HMAC secrets, and instantly inspect any JWT by decoding it. Test your authentication before deploying, verify token structure without extra tools, and debug token-related issues faster.

Gera Custom JWTs

Define your token in three parts:

Header: Standard JWT header fields identifying the token type and hashing algorithm. Edit the JSON to customize if needed, though defaults work for most cases.

Payload: The actual token data—user ID, claims, roles, expiration time, etc. Define whatever claims your application expects. The tool accepts any valid JSON.

Secret Key: The HMAC secret used to sign the token. This is crucial: use the same secret when validating tokens in your application. The tool never sends this anywhere—it stays in your navegador.

Click Gera, and you instantly get a valid, signed JWT ready to use in testing.

Three HMAC Algorithms Supported

HS256 (HMAC-SHA-256): The most common choice. Balances security and performance.

HS384 (HMAC-SHA-384): Stronger hashing for higher security requirements.

HS512 (HMAC-SHA-512): Maximum security with SHA-512 hashing.

Choose based on your application's security needs.

Decodifica Any JWT

Have a JWT from an API response or log? Paste it in the Decodifica section and instantly see the Decodificad header and payload. This is invaluable for:

  • Inspecting API Responses: Extract the JWT from an authentication response and see what claims it contains
  • Debugging Auth Issues: Check if a token has the expected user ID, roles, expiration time, etc.
  • Verifying Token Structure: Ensure your auth server is issuing tokens with the correct Formata
  • Token Analysis: See at a glance what data a token carries

Note: Decoding doesn't verify the signature—it just extracts and displays the data. This is safe for inspection but doesn't prove the token is valid.

Color-Coded Token Display

When you Gera a JWT, it's displayed with color coding showing the three segments:

  • Header segment in one color
  • Payload segment in another
  • Signature segment in a third

This makes it easy to spot which part is which and understand the token structure.

Common Testing Scenarios

Auth Flow Testing: Gera tokens with different payloads and test how your application handles them. Cria tokens with various expiration times, roles, or user IDs without needing a full auth server.

Bearer Token Validation: Gera a token, copy it, add it as a Bearer token to API requests, and verify your authorization middleware accepts it.

Token Claims Verification: Test that your application correctly extracts and uses claims from tokens by generating tokens with specific claim values and checking if your app processes them correctly.

Security Testing: Gera tokens with expired timestamps or invalid signatures (by using different secrets) to test how your app handles invalid tokens.

100% Navegador-Based, Completely Secure

All JWT generation and decoding happens in your navegador using the native Web Crypto API. Your secrets never leave your machine, and your Gerad tokens aren't sent anywhere. This is safe for testing with production secret values—they never touch an external server.

Copy & Use Immediately

Gerad JWTs copy with one click. Paste directly into API request headers or tool test fields without additional Formatating.