diff --git a/include/jwt/impl/jwt.ipp b/include/jwt/impl/jwt.ipp
index d6a8772..b1ab54c 100644
--- a/include/jwt/impl/jwt.ipp
+++ b/include/jwt/impl/jwt.ipp
@@ -391,7 +391,7 @@ std::error_code jwt_object::verify(
     auto p_exp = payload()
                  .get_claim_value<uint64_t>(registered_claims::expiration);
 
-    if (p_exp < (curr_time + dparams.leeway)) {
+    if (curr_time > (p_exp + dparams.leeway)) {
       ec = VerificationErrc::TokenExpired;
       return ec;
     }
diff --git a/include/jwt/jwt.hpp b/include/jwt/jwt.hpp
index 6753559..ec3ddbc 100644
--- a/include/jwt/jwt.hpp
+++ b/include/jwt/jwt.hpp
@@ -762,7 +762,7 @@ public: // 'tors
    *
    * 4. headers : Can pass a initializer list of pairs or any associative
    * containers which models `MappingConcept` (see `meta::is_mapping_concept`)
-   * to populate header. Not much use.
+   * to populate header. Can be used to set JTI.
    */
   template <typename... Args>
   jwt_object(Args&&... args);
diff --git a/tests/test_jwt_decode_verifiy.cc b/tests/test_jwt_decode_verifiy.cc
new file mode 100644
index 0000000..6950bba
--- /dev/null
+++ b/tests/test_jwt_decode_verifiy.cc
@@ -0,0 +1,64 @@
+#include <iostream>
+#include <chrono>
+#include <ctime>
+
+#include "jwt/jwt.hpp"
+#include "gtest/gtest.h"
+
+TEST (DecodeVerify, BeforeExpiryTest)
+{
+  using namespace jwt::params;
+
+  jwt::jwt_object obj{algorithm("hs256"), secret("secret")};
+  obj.add_claim("iss", "arun.muralidharan")
+     .add_claim("exp", std::chrono::system_clock::now() + std::chrono::seconds{10})
+     ;
+
+  std::error_code ec;
+  auto enc_str = obj.signature(ec);
+
+  ASSERT_FALSE (ec);
+
+  auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), verify(true));
+  ASSERT_FALSE (ec);
+}
+
+TEST (DecodeVerify, AfterExpiryTest)
+{
+  using namespace jwt::params;
+
+  jwt::jwt_object obj{algorithm("hs256"), secret("secret")};
+  obj.add_claim("iss", "arun.muralidharan")
+     .add_claim("exp", std::chrono::system_clock::now() - std::chrono::seconds{1})
+     ;
+
+  std::error_code ec;
+  auto enc_str = obj.signature(ec);
+  ASSERT_FALSE (ec);
+
+  auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), verify(true));
+  ASSERT_TRUE (ec);
+  EXPECT_EQ (ec.value(), static_cast<int>(jwt::VerificationErrc::TokenExpired));
+}
+
+TEST (DecodeVerify, AfterExpiryWithLeeway)
+{
+  using namespace jwt::params;
+
+  jwt::jwt_object obj{algorithm("hs256"), secret("secret")};
+  obj.add_claim("iss", "arun.muralidharan")
+     .add_claim("exp", std::chrono::system_clock::now() - std::chrono::seconds{1})
+     ;
+
+  std::error_code ec;
+  auto enc_str = obj.signature(ec);
+  ASSERT_FALSE (ec);
+
+  auto dec_obj = jwt::decode(enc_str, algorithms({"hs256"}), ec, secret("secret"), verify(true), leeway(2));
+  ASSERT_FALSE (ec);
+}
+
+int main(int argc, char* argv[]) {
+  ::testing::InitGoogleTest(&argc, argv);
+  return RUN_ALL_TESTS();
+}
diff --git a/tests/test_jwt_decode_verify b/tests/test_jwt_decode_verify
new file mode 100755
index 0000000..3da6140
Binary files /dev/null and b/tests/test_jwt_decode_verify differ