How to check if a JWT has expired

A JWT with an expired 'exp' claim causes 401 errors that can be frustrating to track down. This guide explains how to quickly read the expiry timestamp from any JWT — no library required. You'll convert the Unix timestamp in the 'exp' claim to a readable date and compare it against the current time. Useful for debugging token refresh flows, diagnosing intermittent auth failures, and confirming that your token issuance logic sets the correct lifetime.

Step-by-step guide

1. Decode the token: Paste your JWT at quickhelp.dev/jwt-decoder. The payload renders as formatted JSON.
2. Find the exp claim: Look for the 'exp' field — it's a Unix timestamp (seconds since 1970-01-01). Example: 1716998400.
3. Convert to a readable date: In your browser console run: new Date(1716998400 * 1000).toISOString(). Compare against the current time with: Date.now() > 1716998400 * 1000 — if true, the token is expired.

Frequently asked questions

What happens if a JWT has no exp claim?

Tokens without 'exp' never expire on their own — your server must revoke them explicitly via a denylist or by rotating the signing secret.

Can I trust the exp claim alone?

No. A malicious actor can craft any payload. Always verify the signature before trusting any claim, including exp.