JWT Token Expired Error — JSON Web Token Expiration and Renewal
About JWT Token Expired Error
Fix JWT token expired errors when access tokens pass their expiration time, causing authentication failures in API requests. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.
Here are the key things to understand: JWT tokens include an 'exp' (expiration) claim as a Unix timestamp after which the token is no longer valid. Token expiration is verified server-side; expired tokens are rejected with 401 Unauthorized. Access tokens typically expire in 15-60 minutes; refresh tokens last days to months. Clock skew between client and server can cause premature expiration detection. Expired token errors are normal in healthy systems — the key is handling them gracefully. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.
The most common reasons this occurs include: Access token has naturally expired after its configured lifetime. Clock skew between the token issuer and the validating server. Client-side token caching not checking expiration before sending requests. Refresh token flow not implemented, so tokens are never renewed. Identifying the root cause is the first step toward finding the right solution.
To resolve this, follow these recommended steps: Implement a token refresh interceptor that catches 401 responses and automatically refreshes the token. Check token expiration client-side before making API calls: decode the JWT and compare 'exp' with current time. Add a clock skew tolerance (usually 30-60 seconds) in your JWT validation library configuration. Store tokens securely (httpOnly cookies or secure storage) and implement silent token refresh in the background. Set appropriate token lifetimes: short for access tokens (15-30 min), longer for refresh tokens (7-30 days). If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.
This article is part of our HTTP Status Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.
Quick Answer
How long should a JWT access token last?
15-30 minutes is standard for access tokens. Shorter durations are more secure but require more frequent refreshes. Never set access tokens to last longer than 1 hour.
Overview
Fix JWT token expired errors when access tokens pass their expiration time, causing authentication failures in API requests.
Key Details
- JWT tokens include an 'exp' (expiration) claim as a Unix timestamp after which the token is no longer valid
- Token expiration is verified server-side; expired tokens are rejected with 401 Unauthorized
- Access tokens typically expire in 15-60 minutes; refresh tokens last days to months
- Clock skew between client and server can cause premature expiration detection
- Expired token errors are normal in healthy systems — the key is handling them gracefully
Common Causes
- Access token has naturally expired after its configured lifetime
- Clock skew between the token issuer and the validating server
- Client-side token caching not checking expiration before sending requests
- Refresh token flow not implemented, so tokens are never renewed
Steps
- 1Implement a token refresh interceptor that catches 401 responses and automatically refreshes the token
- 2Check token expiration client-side before making API calls: decode the JWT and compare 'exp' with current time
- 3Add a clock skew tolerance (usually 30-60 seconds) in your JWT validation library configuration
- 4Store tokens securely (httpOnly cookies or secure storage) and implement silent token refresh in the background
- 5Set appropriate token lifetimes: short for access tokens (15-30 min), longer for refresh tokens (7-30 days)