Check JWT Expiry & Convert Timestamps
Check when your JWT token expires and convert its timestamps. Our tool shows issuance, activation, and expiration times in your local timezone, with a live countdown for active tokens.
Common Timestamps
How the JWT Expiry Checker Works
Paste your JWT token and the tool extracts the exp, nbf, and iat claims from the payload. It decodes the base64url-encoded second segment and parses the JSON to find timestamp fields.
The checker compares these Unix timestamps against the current time to determine if the token is expired, not yet valid, or actively valid. You get a human-readable countdown showing days, hours, and minutes until expiry (or since expiration).
What the timestamps mean:
- exp (Expiration Time) - When the token becomes invalid
- nbf (Not Before) - When the token becomes valid
- iat (Issued At) - When the token was created
The timestamp converter lets you input any Unix timestamp (in seconds) and see the corresponding human-readable date and time in your local timezone.
When You'd Actually Use This
Debugging authentication failures
A user reports being logged out unexpectedly. You grab their JWT and check if the expiry time is too short or if server clock skew is causing premature expiration.
Testing token refresh logic
You're implementing automatic token refresh and need to verify your code triggers refresh at the right time. Check tokens with various expiry windows to test edge cases.
Security audit investigations
During a security review, you find JWTs with unusually long expiration times. The checker reveals tokens valid for months or years, flagging a potential vulnerability.
API integration troubleshooting
Your API calls start failing with 401 errors. You extract the JWT from the Authorization header and discover it expired during a long-running batch process.
Converting log timestamps
Your logs show Unix timestamps from JWT claims. You paste them into the converter to understand when specific authentication events occurred in human-readable format.
Validating token from third-party service
A partner service sends you a JWT for API access. Before integrating it into your code, you verify the expiration window and ensure it won't expire mid-operation.
What to Know Before Using
Client-side only decoding.The tool runs entirely in your browser using JavaScript's atob() function. Your token never leaves your machine, but this also means it can't verify the signature.
Timestamps are in seconds, not milliseconds.JWT uses Unix timestamps in seconds (e.g., 1735689600). JavaScript's Date.now() returns milliseconds. The converter handles this automatically.
Clock skew can cause issues.If your server's clock differs from the client's by even a minute, tokens may appear expired prematurely. Production systems should account for 1-2 minutes of skew.
No signature verification.This tool only reads the payload. It doesn't check if the token was actually signed by your secret key. A tampered token will still decode successfully.
Pro tip: For production, set expiry times between 15 minutes and 24 hours. Short-lived tokens reduce attack surface; use refresh tokens for longer sessions.
Common Questions
Why does my token show as expired when it shouldn't be?
Check for timezone mismatches or clock skew. JWT timestamps are UTC. If your server generates tokens using local time instead of UTC, expiry calculations will be wrong.
Can I modify the expiry time of a JWT?
You can change the payload, but the signature will become invalid. Only the server with the signing key can create a new token with a different expiry.
What's a reasonable JWT expiration time?
Access tokens: 15 minutes to 1 hour. Refresh tokens: 7 to 30 days. Shorter windows limit damage if a token is stolen, but require more frequent refreshes.
How do I handle tokens that expire during a long operation?
Implement automatic token refresh before expiry. Check the exp claim before starting the operation and refresh if less than 5 minutes remain.
What's the difference between exp and nbf?
exp marks when the token expires. nbf (not before) marks when it becomes valid. Both are optional claims that validators can enforce.
Can I use this to decode any JWT?
Yes, as long as it's a valid three-part JWT. The tool doesn't validate signatures, so it works with tokens from any provider (Auth0, Firebase, custom backends, etc.).
Is it safe to paste my production JWT here?
The tool runs client-side, so your token isn't sent anywhere. However, never paste tokens with sensitive data (PII, passwords) into any online tool. Use test tokens when possible.
Other Free Tools
JWT Decoder & Validator
Decode & Validate JWT Tokens Instantly
JWT Generator & Signer
Generate & Sign Custom JWT Tokens
JWT Debugger & Tester
Debug & Test JWT Tokens Step-by-Step
JWT Secret & Key Generator
Generate JWT Secrets & Key Pairs
JWT Claim Extractor & Formatter
Extract & Format JWT Claims
ASCII to Hex Converter
ASCII to Hex Converter: Text to Hexadecimal Translator
Barcode Generator
Free Barcode Generator
Binary to Text Converter
Binary to Text Converter
Free Printable Calendar Maker
Create & Print Your Custom Calendar
Pie Chart Maker
Free Pie Chart Maker Online