🦊Foxulator
🔐

JWT Expiry Calculator

Decode JWT tokens to check expiration time and generate time claims for new tokens. Safe for client-side use without signature verification.

⚠️ This tool does not verify signatures. Security-critical verification must be performed on the server.

📖 How to Use

  1. Paste your JWT token in the input field
  2. Header and Payload are automatically decoded
  3. Expiration time and remaining time are shown in real-time
  4. Use the Generate tab to calculate expiry times for new tokens

Features

  • Automatic JWT token decoding (Header, Payload)
  • Check expiration time (exp) and issued time (iat)
  • Real-time countdown showing remaining time
  • Instant expiry status verification
  • Calculate time claims for token generation
  • Set expiry in minutes/hours/days
  • Optional nbf (Not Before) claim
  • Copy claims in JSON format

📐 Formula

exp = iat + validity(seconds), iat = current Unix timestamp

💡 How It Works

  • JWT (JSON Web Token) consists of three parts: Header.Payload.Signature
  • Header contains the algorithm (alg) and token type (typ).
  • Payload contains claims, where iat/exp/nbf are standard time-related claims.
  • iat (Issued At): The time the token was issued (Unix timestamp)
  • exp (Expiration Time): The time the token expires (Unix timestamp)
  • nbf (Not Before): The time when the token becomes valid (Unix timestamp)
  • Signature is created with the server's secret key, so client-side verification is not possible.

FAQ

Q. Why doesn't this tool verify signatures?

A. Signature verification requires the server's secret key. Exposing the secret key on the client side creates security risks, so actual verification must be done on the server.

Q. Can expired tokens be decoded?

A. Yes, decoding works regardless of expiry status. However, expired status will be displayed in red.

Q. Are tokens without iat, exp, nbf valid?

A. Yes, these claims are optional. Tokens without expiration can be valid indefinitely, but this is not recommended for security reasons.

Q. How do I use the generated claims?

A. Copy the JSON and add it to your server's JWT generation payload. Actual signing must be performed on the server.

Q. What's an appropriate expiry time?

A. It depends on the use case. Access tokens typically use 15 minutes to 1 hour, refresh tokens use 7-30 days. Shorter expiry times are recommended for sensitive operations.

이 포스팅은 쿠팡 파트너스 활동의 일환으로, 이에 따른 일정액의 수수료를 제공받습니다.