JWT & OAuth Security Toolkit
Decode, sign, and verify JSON Web Tokens (HS256/384/512, RS256, ES256) and generate OAuth PKCE code_challenges and authorization URLs. Everything runs 100% in your browser.
- Sign and verify JWTs (HS256/384/512, RS256, ES256).
- Generate PKCE code_verifier and code_challenge.
- Build OAuth authorization URLs for debugging flows.
Quick examples
No data leaves your browser.
JWT Decode
Token input
Header
Payload
Signature (base64url)
JWT Sign
Header JSON
Payload JSON
Signing settings
PEM support: BEGIN PRIVATE KEY (PKCS8) and BEGIN PUBLIC KEY (SPKI) only.
JWT Verify
Verification settings
PEM support: BEGIN PUBLIC KEY (SPKI) only.
Asymmetric Key Helper (RS256 / ES256)
Generate JWK keypairs
OAuth PKCE Helper
Code verifier + challenge
Authorization URL Builder