Expiration Checker
JWT expiration checker online. Check if your JWT is expired, see time remaining, and view exp/iat/nbf timestamps in human-readable format with timezone support.
Time Claims Explained
- • exp (expiration) — Token is invalid after this time
- • iat (issued at) — When the token was created
- • nbf (not before) — Token is invalid before this time
- • All times are Unix timestamps (seconds since Jan 1, 1970)
Features
- Tells you at a glance whether a token is expired or still valid
- Shows the time remaining until expiry (or how long ago it lapsed)
- Converts exp, iat, and nbf into readable dates in your timezone
- Explains the not-before window so early tokens make sense
- Processes the token locally without sending it anywhere
Common Use Cases
- Diagnosing "401 Unauthorized" errors caused by expired tokens
- Confirming how long a session token is meant to last
- Checking that a freshly issued token is not rejected by an nbf in the future
- Comparing issued-at and expiry to understand a provider’s token lifetime
How JWT expiry actually works
Time in a JWT is stored as Unix timestamps — the number of seconds since January 1, 1970 (UTC). Three claims control timing: iat (when the token was issued), exp (when it stops being valid), and nbf (a time before which it must not be accepted).
A token is considered active when the current time is at or after nbf and strictly before exp. Most servers also allow a small amount of "clock skew" — usually a minute or two — so tokens are not rejected just because two machines' clocks disagree slightly.
Expiry is enforced by whoever verifies the token, not by the token itself. This checker reads the timestamps for you, but the real decision still happens server-side.
Examples
{ "iat": 1516239022, "exp": 1916239022 }{ "iat": 1516239022, "exp": 1516242622 }