How to Check JWT Expiration
A JWT can fail because it expired, is not valid yet, or was minted with a clock skew problem. The exp, iat, and nbf claims are the fastest place to start.
Updated 2026-05-25
Use the related tools
JWT and Auth Debugging
Decode JWTs locally, inspect claims, check expiration, and understand the line between decoding and validation.
Related guides
Debug JWT Tokens Locally
A JWT debugging hub for decoding tokens, checking expiration, inspecting claims, and understanding why decoded does not mean trusted.
How to Decode a JWT Locally
Inspect JWT headers, payloads, and claims in your browser without uploading the token to a third-party decoder.
Is It Safe to Paste JWT Tokens Into Online Decoders?
A safety checklist for decoding JWTs, understanding token sensitivity, and choosing local inspection over upload-based tools.
Claims to inspect
The exp claim is the expiration time. The iat claim is issued-at time. The nbf claim means not before. These values are usually Unix timestamps in seconds.
- exp: token should not be accepted after this time.
- iat: token was issued at this time.
- nbf: token should not be accepted before this time.
Debugging workflow
Decode the JWT locally, find the timestamp claims, convert them into local time, and compare them with your application server clock and identity provider clock.
Common causes
Short token lifetimes, stale client sessions, timezone confusion, milliseconds-vs-seconds mistakes, and server clock drift can all look like random authentication failures.
FAQ
Is exp measured in seconds or milliseconds?
JWT exp is normally a Unix timestamp in seconds. JavaScript timestamps are often milliseconds, so mixing them up is a common bug.
Does a future exp mean the token is valid?
No. A future exp only means the expiration claim has not passed. You still need signature, issuer, audience, scope, and policy checks.