JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

- From JWT Website

It's possible to return JWT expire date in javascript using the JWT library, like this:

const {exp} = jwt.decode(token)

Security tips:

• Add a token as a Bearer HTTP Authentication header to all request to the server
• Add fingerprint to the token (randomly generated string; add to Cookies as a raw text and a hashed version to the token)

Nevertheless, tokens in Cookies or Local Storage can be retrieved by an XSS attack. To keep them secure, you should always store JWT's inside an httpOnly
cookie.

Flowchart of a JWT authentication