Check if JWT Token is Expired
Decode a JWT to check its expiration (exp) claim. See if your token is still valid or has expired.
Open JWT Decoder →How JWT Expiration Works
JWTs use the
exp (expiration time) claim — a Unix timestamp indicating when the token becomes invalid. When a server receives a JWT, it checks if exp is in the future. If the current time is past exp, the token is rejected. Related claims: iat (issued at) records when the token was created, and nbf (not before) sets the earliest time the token is valid. Together, these define the token's validity window.Common Expiration Issues
- Clock skew: If server and client clocks differ by a few seconds, tokens near expiration may be rejected early. Most JWT libraries allow a configurable clock tolerance (typically 30-60 seconds).
- Refresh tokens: Short-lived access tokens (5-15 minutes) paired with longer-lived refresh tokens (days/weeks) balance security and user experience.
- Token revocation: JWTs are stateless — you can't "invalidate" one before expiration without a server-side blocklist or short expiration times.
// JavaScript - check if JWT is expired
function isExpired(token) {
const payload = JSON.parse(atob(token.split('.')[1]));
return payload.exp * 1000 < Date.now();
}
// Python
import jwt, time
payload = jwt.decode(token, options={"verify_signature": False})
is_expired = payload['exp'] < time.time()
// Typical exp claim in payload
{
"sub": "user123",
"exp": 1710432000, // Unix timestamp
"iat": 1710428400
}