diff --git a/src/main/java/org/imixs/jwt/JWTBuilder.java b/src/main/java/org/imixs/jwt/JWTBuilder.java
index b3e4fdb..c4114ee 100644
--- a/src/main/java/org/imixs/jwt/JWTBuilder.java
+++ b/src/main/java/org/imixs/jwt/JWTBuilder.java
@@ -31,6 +31,10 @@
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.crypto.SecretKey;
 import javax.json.Json;
@@ -50,6 +54,7 @@ public class JWTBuilder {
 	String header;
 	String payload;
 	String signature;
+	Map<String,String> claims;
 	
 	public static String DEFAULT_HEADER = "{\"alg\":\"HS256\",\"typ\":\"JWT\"}";
 
@@ -96,7 +101,44 @@ public JWTBuilder setPayload(String payload) {
 		this.payload = HMAC.encodeBase64(payload.getBytes());
 		return this;
 	}
+	
+	public JWTBuilder setClaim(String claim,String value) {
+		if (claims==null) {
+			claims=new HashMap<String,String>();
+		}
+		claims.put(claim, value);
+		return this;
+	}
 
+	/** 
+	 * Builds the payload with all claims
+	 * @return
+	 */
+	@SuppressWarnings("rawtypes")
+	public JWTBuilder build() {
+		if (claims==null) {
+			claims=new HashMap<String,String>();
+		}
+		if (!claims.containsKey("iat")) {
+			// iat does not exist - so we add it
+			claims.put("iat", ""+((new Date().getTime())/1000));
+		}
+		
+		payload="{";
+		Iterator<Entry<String, String>> it = claims.entrySet().iterator();
+	    while (it.hasNext()) {
+	        Map.Entry pair = (Map.Entry)it.next();
+	        payload=payload+"\""+pair.getKey() + "\":\""+ pair.getValue() + "\",";
+	        it.remove(); // avoids a ConcurrentModificationException
+	    }
+	    // remove last ,
+	    payload=payload.substring(0,payload.length()-1) + "}";
+	    
+	    this.payload = HMAC.encodeBase64(payload.getBytes());
+	    
+		return this;
+	}
+	
 	/**
 	 * Set an base64 encoded header
 	 * 
diff --git a/src/main/java/org/imixs/jwt/jaspic/JWTAuthModule.java b/src/main/java/org/imixs/jwt/jaspic/JWTAuthModule.java
index af07122..5b6ae7d 100644
--- a/src/main/java/org/imixs/jwt/jaspic/JWTAuthModule.java
+++ b/src/main/java/org/imixs/jwt/jaspic/JWTAuthModule.java
@@ -202,7 +202,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
 			} else {
 				// validate iat
 				long lIat = Long.parseLong("" + request.getSession().getAttribute(JWT_IAT));
-				long lexpireTime=3600; // 1h
+				long lexpireTime = 3600; // 1h
 				String sExpireTime = (String) options.get(MODULE_OPTION_EXPIRE);
 				if (sExpireTime == null || sExpireTime.isEmpty()) {
 					// default 60 minutes
@@ -215,7 +215,7 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
 				}
 				if (lexpireTime > 0) {
 					long lNow = new Date().getTime();
-					if (lIat + lexpireTime < lNow) {
+					if (((lIat*1000)  + (lexpireTime * 1000)) < lNow) {
 						logger.warning("JWT expired!");
 						return AuthStatus.FAILURE;
 					}