diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -1,10 +1,8 @@
-#Google-oauth-jwt
+# Google-oauth-jwt [![Build Status](https://travis-ci.org/MichelBoucey/google-oauth2-jwt.svg?branch=master)](https://travis-ci.org/MichelBoucey/google-oauth2-jwt)
 
 Google-oauth-jwt implements the creation of the signed JWT for Google Service Accounts,
 to make authorized calls to Google APIs from server to server. All details here:
 
-- https://developers.google.com/identity/protocols/OAuth2ServiceAccount
+- [https://developers.google.com/identity/protocols/OAuth2ServiceAccount](https://developers.google.com/identity/protocols/OAuth2ServiceAccount)
 
 Advice: be sure that the machine time is well synchronized to successfully make the access token request and get a Bearer token.
-
-Improvements and bug reports are welcome!
diff --git a/google-oauth2-jwt.cabal b/google-oauth2-jwt.cabal
--- a/google-oauth2-jwt.cabal
+++ b/google-oauth2-jwt.cabal
@@ -1,5 +1,5 @@
 name:                google-oauth2-jwt
-version:             0.1.1.1
+version:             0.1.2.0
 synopsis:            Get a signed JWT for Google Service Accounts
 description:         Please see README.md
 homepage:            https://github.com/MichelBoucey/google-oauth2-jwt
diff --git a/src/Network/Google/OAuth2/JWT.hs b/src/Network/Google/OAuth2/JWT.hs
--- a/src/Network/Google/OAuth2/JWT.hs
+++ b/src/Network/Google/OAuth2/JWT.hs
@@ -6,8 +6,18 @@
 -- For all details : https://developers.google.com/identity/protocols/OAuth2ServiceAccount
 --
 
-module Network.Google.OAuth2.JWT where
+module Network.Google.OAuth2.JWT
+    (
+       Email
+    ,  Scope
+    ,  getSignedJWT
 
+    -- * Utils
+    , fromPEMString
+    , fromPEMFile
+
+    ) where
+
 import           Codec.Crypto.RSA.Pure
 import qualified Data.ByteString            as B
 import           Data.ByteString.Base64.URL (encode)
@@ -27,13 +37,16 @@
 
 type Email = T.Text
 
--- |Get the private key obtained from
+-- | Get the private key obtained from the
 -- the Google API Console from a PEM file.
 fromPEMFile :: FilePath -> IO PrivateKey
 fromPEMFile f = readFile f >>= fromPEMString
 
--- |Get the private key obtained from
--- the Google API Console from a PEM 'String'.
+-- | Get the private key obtained from the
+-- Google API Console from a PEM 'String'.
+--
+-- >fromPEMString "-----BEGIN PRIVATE KEY-----\nB9e ... bMdF\n-----END PRIVATE KEY-----\n"
+-- >
 fromPEMString :: String -> IO PrivateKey
 fromPEMString s =
     fromJust . toKeyPair <$> readPrivateKey s PwNone
@@ -62,26 +75,27 @@
        -- ^ The email address of the user for which the
        -- application is requesting delegated access.
        -> [Scope]
-       -- ^The list of the permissions that the application requests.
+       -- ^ The list of the permissions that the application requests.
        -> Maybe Int
        -- ^ Expiration time (maximun and default value is an hour, 3600).
        -> PrivateKey
-       -- ^ The private key obtained from the Google API Console.
+       -- ^ The private key gotten from the PEM string obtained from the
+       -- Google API Console.
        -> IO (Either String B.ByteString)
        -- ^ Either an error message or a signed JWT.
-getSignedJWT iss msub scopes mexp privateKey = do
-    let expt = fromIntegral $ fromMaybe 3600 mexp
-    cs <- jwtClaimsSet
-              (maybe T.empty (\s -> "\"sub\":\"" <> s <> "\",") msub) expt
-    let i = jwtHeader <> "." <> cs
-    return $
-        if expt > 0 && expt <= 3600 then
-            case rsassa_pkcs1_v1_5_sign hashSHA256 privateKey (fromStrict i) of
-                Right s -> Right $ i <> "." <> encode (toStrict s)
-                Left _  -> Left "RSAError"
-                                    else Left "Bad expiration time"
+getSignedJWT iss msub scopes met privateKey = do
+    let et = fromIntegral $ fromMaybe 3600 met
+    if et < 1 || et > 3600
+        then return $ Left "Bad expiration time"
+        else do
+            cs <- jwtClaimsSet
+                 (maybe T.empty (\s -> "\"sub\":\"" <> s <> "\",") msub) et
+            let i = toJWT "{\"alg\":\"RS256\",\"typ\":\"JWT\"}" <> "." <> cs
+            return $
+                case rsassa_pkcs1_v1_5_sign hashSHA256 privateKey (fromStrict i) of
+                    Right s -> Right $ i <> "." <> encode (toStrict s)
+                    Left _  -> Left "RSAError"
   where
-    jwtHeader = toJWT "{\"alg\":\"RS256\",\"typ\":\"JWT\"}"
     jwtClaimsSet s e = do
         (exp',iat') <-
             getUnixTime >>= \t ->
