unjwt
Low-level JWT toolkit on Web Crypto API
Sign, verify, encrypt, and decrypt JSON Web Tokens with Web Crypto APIs. JWS, JWE, and JWK in a single zero-dependency package.
// Sign a JWT (JWS)
import { sign, verify } from "unjwt/jws";
import { generateJWK } from "unjwt/jwk";
const key = await generateJWK("HS256");
const token = await sign({ sub: "user_1" }, key, { expiresIn: "1h" });
const { payload } = await verify(token, key);
// Encrypt a JWT (JWE)
import { encrypt, decrypt } from "unjwt/jwe";
const jwe = await encrypt({ secret: "data" }, "my-password");
const { payload: p } = await decrypt(jwe, "my-password");
- Web Crypto, zero dependencies
Core is built entirely on the Web Crypto API — no Node-specific imports, no runtime dependencies. Install once, run anywhere.
- Runtime-agnostic, with framework adapters
Works in Node 22+, Deno, Bun, Cloudflare Workers, browsers — anywhere Web Crypto runs. Ships H3 v1 and v2 adapters for cookie-based JWT sessions.
- Typed and ergonomic
Strongly-typed JWK-first key model, algorithm inference from keys, and clear error codes. The easy path stays short; the advanced path stays available.