Monu Tools

JWT 產生器

在瀏覽器中從 Payload 和密鑰建立並簽署 HS256 JSON Web Token。

如何使用 JWT 產生器

  1. 01

    以 JSON 物件形式編輯 Payload。

  2. 02

    輸入您的 HS256 密鑰。

  3. 03

    生成並複製簽署後的 Token。

Sign tokens in the browser

A JWT generator that builds and signs JSON Web Tokens from your payload and secret, entirely in your browser using the Web Crypto API. It pairs with the JWT decoder, which inspects an existing token.

How a JWT is put together

A JWT has three parts separated by dots: a header, a payload of claims, and a signature, each Base64url encoded. The signature is what makes the token trustworthy: it proves the payload has not been altered and was issued by someone who holds the secret.

HS256 and your secret

This tool signs with HS256, that is HMAC using SHA-256, the most common symmetric JWT algorithm. The same secret both signs and verifies the token, so it must be kept private on the server.

For HS256, use a long, random secret. A short or guessable secret undermines the whole token, since anyone who guesses it can mint valid tokens of their own.

Encoded, not encrypted

An important point about JWTs: the payload is only encoded, not encrypted. Anyone with the token can read its claims by Base64-decoding them, so never put passwords or sensitive data in a JWT. The signature stops tampering, it does not provide secrecy.

Security note

Because signing happens locally, your secret and payload never leave your device. Even so, avoid pasting real production secrets on a shared or public computer.

常見問題

使用哪種演算法?

HS256(HMAC with SHA-256),最常見的對稱 JWT 演算法,使用 Web Crypto API 在瀏覽器中簽署。

我的密鑰會傳送到任何地方嗎?

不會。簽署完全在瀏覽器中進行,密鑰和 Payload 永遠不會離開您的裝置。即便如此,請避免在共用電腦上使用真實的正式環境密鑰。

也能解碼 Token 嗎?

可以,使用 JWT 解碼工具來檢視現有 Token 的 Header 和 Payload。

來源

嵌入此工具

將此工具加入你自己的網站。複製下方的程式碼片段,它會自動保持最新。

<iframe src="https://monu.tools/embed/zh-Hant/jwt-generator" width="100%" height="640" style="border:1px solid #e5e5e5;border-radius:12px;max-width:680px" loading="lazy" title="Monu Tools"></iframe>

相關工具