JWT TTL Check
Inspect auth headers and token data in your browser. No input is sent to a server. Use it for first-pass checks on expiry, claims, and schemes.
Status
Runs in your browser. No input is sent to a server. Use this as a first-pass diagnostic step.
How to use
Paste a JWT or payload JSON and click “Parse”. It shows exp/iat/nbf dates and TTL.
Notes (this tool)
- No signature verification is performed.
About this page
What does this tool do?
Paste a JWT (or payload JSON) and it calculates TTL and validity windows from exp/iat/nbf.
You can quickly verify “when it expires” and “whether it is usable now.”
Typical use cases
- Quickly confirm expiry and validity
- Investigate auth failures due to iat/nbf skew
- Check whether configured TTL is too short/long
How TTL works
In JWT, exp (Expires At) and iat (Issued At) define a token’s lifetime.
If nbf (Not Before) exists, the token is only valid after that time.
What this tool does
- Display exp/iat/nbf as dates
- Compute TTL (exp-now) and expiry state
- Check lifetime (exp-iat)
- Accept JWT or payload JSON
Notes
- Signature verification is not performed (use JWT Verifier)
- Uses the client device clock for “now”
Debugging workflow (recommended)
- Paste tokens or authentication headers
- Check claims, auth scheme, and expiration
- Verify signature, scopes, and issuer with related tools
Operational notes
- Result output alone is not enough for trust decisions. Always validate signatures and issuer.
- Clock skew and environment differences affect reproducibility, so record test time and settings.
Referenced specs
- RFC 7519 (JSON Web Token)
FAQ
Is exp sometimes in milliseconds?
JWT uses seconds, but this tool auto-detects millisecond values.
Can I paste payload JSON only?
Yes. It reads exp/iat/nbf keys and computes TTL.
References
Next to view (diagnostic order)
These links are generated from site_map rules in recommended diagnostic order.
- JWT 401/403 Troubleshooting — Troubleshoot 401/403 auth failures from headers and JWT claims
- JWT Clock Skew Check — Detect timestamp skew across iat/nbf/exp
- JWT Claim Audit — Audit missing required/recommended JWT claims
- JWT Verifier — Verify JWT signatures (HS/RS/ES)
- JWT 401/403 Diagnostic Playbook — Separate 401 and 403 using Authorization, WWW-Authenticate, claims, and signature checks
- JWT Decoder — Decode and pretty-print JWT header/payload
- OAuth Bearer Diagnostic — Diagnose consistency between Bearer and WWW-Authenticate
- Authorization Inspect — Parse Authorization header formats
Same-theme links
Auth
Trace auth failures across Bearer, WWW-Authenticate, and JWT
- OAuth Bearer Diagnostic — Diagnose consistency between Bearer and WWW-Authenticate
- JWT 401/403 Troubleshooting — Troubleshoot 401/403 auth failures from headers and JWT claims
- JWT Claim Audit — Audit missing required/recommended JWT claims
- JWT Clock Skew Check — Detect timestamp skew across iat/nbf/exp
- Authorization Inspect — Parse Authorization header formats
- WWW-Authenticate Inspect — Parse WWW-Authenticate challenges
- JWT Decoder — Decode and pretty-print JWT header/payload
- JWT Verifier — Verify JWT signatures (HS/RS/ES)
Example
{"iat": 1710000000, "nbf": 1710000000, "exp": 1710003600}