We recommend you use https://github.com/IBM-Swift/Swift-JWT maintained by IBM to generate a signed JWT. If that’s not an option the code below can help you.

import Foundation
import CommonCrypto

public enum CryptoAlgorithm {
    case MD5, SHA1, SHA224, SHA256, SHA384, SHA512
    
    var HMACAlgorithm: CCHmacAlgorithm {
        var result: Int = 0
        switch self {
        case .MD5:      result = kCCHmacAlgMD5
        case .SHA1:     result = kCCHmacAlgSHA1
        case .SHA224:   result = kCCHmacAlgSHA224
        case .SHA256:   result = kCCHmacAlgSHA256
        case .SHA384:   result = kCCHmacAlgSHA384
        case .SHA512:   result = kCCHmacAlgSHA512
        }
        return CCHmacAlgorithm(result)
    }
    
    var digestLength: Int {
        var result: Int32 = 0
        switch self {
        case .MD5:      result = CC_MD5_DIGEST_LENGTH
        case .SHA1:     result = CC_SHA1_DIGEST_LENGTH
        case .SHA224:   result = CC_SHA224_DIGEST_LENGTH
        case .SHA256:   result = CC_SHA256_DIGEST_LENGTH
        case .SHA384:   result = CC_SHA384_DIGEST_LENGTH
        case .SHA512:   result = CC_SHA512_DIGEST_LENGTH
        }
        return Int(result)
    }
}

@objcMembers class JwtHelper: NSObject {    
    public static func createJwtToken(username: String, hmacKey: String) -> String {
        let calendar = Calendar.current
        let expiryDate = calendar.date(byAdding: .minute, value: 30, to: Date())!.timeIntervalSince1970.rounded()
        let header = ["alg": "HS256", "typ": "JWT"]
        let payload = ["sub": username, "exp": expiryDate] as [String : Any]
        
        let headerJWTData = try! JSONSerialization.data(withJSONObject: header, options: [])
        let payloadJWTData = try! JSONSerialization.data(withJSONObject: payload, options: [])
        let headerJWTBase64 = base64Encode(headerJWTData)
        let payloadJWTBase64 = base64Encode(payloadJWTData)
        let encodedHeaderAndPayload = "\(headerJWTBase64).\(payloadJWTBase64)"
        let signatureJWTBase64 = hmac(string: encodedHeaderAndPayload, algorithm: .SHA256, key: hmacKey)
                
        return "\(headerJWTBase64).\(payloadJWTBase64).\(signatureJWTBase64)"
    }
    
    static private func hmac(string: String, algorithm: CryptoAlgorithm, key: String) -> String {
        //based on https://stackoverflow.com/a/24411522
        let str = string.cString(using: String.Encoding.utf8)
        let strLen = Int(string.lengthOfBytes(using: String.Encoding.utf8))
        let digestLen = algorithm.digestLength
        let result = UnsafeMutablePointer<CUnsignedChar>.allocate(capacity: digestLen)
        let keyStr = key.cString(using: String.Encoding.utf8)
        let keyLen = Int(key.lengthOfBytes(using: String.Encoding.utf8))
        
        CCHmac(algorithm.HMACAlgorithm, keyStr!, keyLen, str!, strLen, result)
        
        let data = Data(bytes: result, count: digestLen)
        let base64 = base64Encode(data)
        result.deallocate()
        
        return base64
    }
    
    static private func base64Encode(_ data: Data) -> String {
        return data.base64EncodedString()
            .replacingOccurrences(of: "=", with: "")
            .replacingOccurrences(of: "/", with: "_")
            .replacingOccurrences(of: "+", with: "-")
    }
}