What causes "JsonWebTokenError: jwt expired"?

The token's exp claim has passed Server and client clocks are out of sync (clock skew) The token was issued with a very short expiry (e.g., 60 seconds) The user's session was not refreshed before the token expired

JWT Error3 Fixes Available

JsonWebTokenError: jwt expired

JsonWebTokenError: jwt expired

What does this error mean?

This error means the JWT's 'exp' (expiration) claim is in the past. The token was valid when it was issued but has since expired. This is a security feature — tokens should expire to limit the damage if they are stolen.

Common Causes

The token's exp claim has passed
Server and client clocks are out of sync (clock skew)
The token was issued with a very short expiry (e.g., 60 seconds)
The user's session was not refreshed before the token expired

How to Fix It (3 Solutions)

Decode the token to check the expiry

Use our JWT Decoder to inspect the exp claim and see exactly when it expired.

Implement refresh token logic

Issue a short-lived access token and a long-lived refresh token. Refresh automatically.

Code

async function fetchWithAuth(url) {
  let res = await fetch(url, {
    headers: { Authorization: `Bearer ${getAccessToken()}` }
  });
  
  if (res.status === 401) {
    // Token expired — refresh it
    await refreshAccessToken();
    res = await fetch(url, {
      headers: { Authorization: `Bearer ${getAccessToken()}` }
    });
  }
  return res;
}

Allow clock skew tolerance

If using jsonwebtoken on Node.js, add a clockTolerance option.

Code

jwt.verify(token, secret, { clockTolerance: 30 }); // 30 seconds

Fix this error faster with our free tool

JWT Decoder

Open JWT Decoder

Related Errors

JWT

JsonWebTokenError: invalid signature

View fix

HTTP

401 Unauthorized — Authentication Required

View fix

Browse all error fixes