jwt-encode
JWT Encode
Create and sign JWTs for testing and development.
Steps
- Gather inputs: claims/payload, algorithm (default: HS256), secret or key, expiration (default: 1 hour).
- Build header:
{"alg": "HS256", "typ": "JWT"}. Addkidif provided. - Build payload: Always include
iatandexpunless the user opts out. Add user-specified claims. - Sign the token using the best available method (see below).
- Display the result: the full JWT string and a decoded breakdown of header + payload.
Signing Methods
Pick the first available. Use the user's claims, secret, and algorithm — the examples below are templates only. Always pass the secret via an inline env var to avoid shell history exposure.
Node.js (preferred):
First, ensure jose is available — install it globally if missing:
More from jsonwebtoken/jwt-skills
jwt-decode
Decode and inspect JSON Web Tokens (JWTs) without verification. Use when the user provides a JWT string and wants to see its header, payload, or claims — e.g. "decode this JWT", "what's in this token", "inspect this JWT", "show me the claims", "parse this token". Also triggers on raw JWT strings (three base64url segments separated by dots).
155jwt-validate
Verify and validate JSON Web Tokens (JWTs) by checking signatures, expiration, claims, and structure. Use when the user wants to verify, validate, or check a JWT — e.g. "verify this token", "is this JWT valid", "check the signature", "validate this token against my JWKS", "is this token expired". Supports HMAC, RSA, and ECDSA with secrets, PEM keys, or JWKS endpoints.
124