Does this call the issuer?

No. It performs local time math on decoded claims.

What about opaque tokens?

They require introspection endpoints. This tool focuses on JWT-shaped tokens.

Auth Token Expiry Checker

In the same workflow: Security Headers Analyzer and CORS Checker.

Auth Token Expiry Checker

Paste JWT to see exp, iat, and valid/expired. For full decode/verify: jwt.io.

JWT

⚠

Expired

-689 days ago

Exp: 2024-05-20T21:03:42.000Z

Iat: 2018-01-18T01:30:22.000Z

Now: 2026-04-10T10:44:56.000Z

Related tools

JWT Decoder — decode header and payload
Bearer Token Extractor — extract from header

Why use Auth Token Expiry Checker?

JWT exp, nbf, and iat claims are easy to misconfigure with clock skew or wrong units (seconds vs milliseconds). Paste a token to see human-readable times and whether it should be accepted right now according to standard rules.

Practical tips

Rotate refresh tokens when access tokens are shorter than your UX session.
Compare server UTC settings when mobile clients show mysterious logouts.
Pair with JWT Decoder to inspect issuer and audience claims.

Common questions

Does this call the issuer?: No. It performs local time math on decoded claims.
What about opaque tokens?: They require introspection endpoints. This tool focuses on JWT-shaped tokens.

About

Check JWT exp, iat, nbf: see if token is valid or expired. Free JWT expiry checker for auth debugging.

Related tools

Used together

Next step

After auth-token-expiry-checker, continue with Security Headers Analyzer to validate the next API or webhook layer.