Create and verify JSON Web Tokens (JWT) with Deno or the browser.
Very Popular
import * as djwt from "";


Takes Header, Payload and CryptoKey and returns the url-safe encoded jwt.

Takes a jwt and returns a 3-tuple [unknown, unknown, Uint8Array] if the jwt has a valid serialization. Otherwise it throws an Error. This function does not verify the digital signature.

This helper function simplifies setting a NumericDate. It takes either a Date object or a number (in seconds) and returns the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time.

It does not verify the digital signature.

Takes jwt, CryptoKey and VerifyOptions and returns the Payload of the jwt if the jwt is valid. Otherwise it throws an Error.


JWS §4.1.1: The "alg" value is a case-sensitive ASCII string containing a StringOrURI value. This Header Parameter MUST be present and MUST be understood and processed by implementations.

JWT §1: JWTs encode claims to be transmitted as a JSON [RFC7159] object [...]. JWT §4.1: The following Claim Names are registered in the IANA "JSON Web Token Claims" registry established by Section 10.1. None of the claims defined below are intended to be mandatory to use or implement in all cases, but rather they provide a starting point for a set of useful, interoperable claims. Applications using JWTs should define which specific claims they use and when they are required or optional.

Type Aliases

With expLeeway and nbfLeeway implementers may provide for some small leeway to account for clock skew (JWT §4.1.4). The default is 1 second. By passing the option audience, this application tries to identify the recipient with a value in the aud claim. If the values don't match, an Error is thrown.