diff --git a/google-oauth2-jwt.cabal b/google-oauth2-jwt.cabal
--- a/google-oauth2-jwt.cabal
+++ b/google-oauth2-jwt.cabal
@@ -1,30 +1,30 @@
 name:                google-oauth2-jwt
-version:             0.1.2.0
+version:             0.1.2.1
 synopsis:            Get a signed JWT for Google Service Accounts
 description:         Please see README.md
 homepage:            https://github.com/MichelBoucey/google-oauth2-jwt
 license:             BSD3
 license-file:        LICENSE
 author:              Michel Boucey
-maintainer:          michel.boucey@gmail.com
-copyright:           Copyright (c) 2016 - Michel Boucey
+maintainer:          michel.boucey@cybervisible.fr
+copyright:           (c) 2016 - Michel Boucey
 category:            Google
 build-type:          Simple
 extra-source-files:  README.md
 cabal-version:       >= 1.10
 
 library
-  hs-source-dirs:      src
-  exposed-modules:     Network.Google.OAuth2.JWT
-  build-depends:       base >= 4.7 && < 5
-                     , base64-bytestring >= 1.0.0.1
-                     , bytestring >= 0.10.6.0
-                     , HsOpenSSL >= 0.11.1.1
-                     , RSA >= 2.2.0
-                     , text >= 1.2.2.0
-                     , unix-time >= 0.3.6
-  default-language:    Haskell2010
-  GHC-options:       -Wall
+  hs-source-dirs:   src
+  exposed-modules:  Network.Google.OAuth2.JWT
+  build-depends:    base >= 4.7 && < 5
+                  , base64-bytestring >= 1.0.0.1
+                  , bytestring >= 0.10.6.0
+                  , HsOpenSSL >= 0.11.1.1
+                  , RSA >= 2.2.0
+                  , text >= 1.2.2.0
+                  , unix-time >= 0.3.6
+  default-language: Haskell2010
+  GHC-options:      -Wall
 
 source-repository head
   type:     git
diff --git a/src/Network/Google/OAuth2/JWT.hs b/src/Network/Google/OAuth2/JWT.hs
--- a/src/Network/Google/OAuth2/JWT.hs
+++ b/src/Network/Google/OAuth2/JWT.hs
@@ -3,7 +3,7 @@
 -- | Create a signed JWT needed to make the access token request
 -- to gain access to Google APIs for server to server applications.
 --
--- For all details : https://developers.google.com/identity/protocols/OAuth2ServiceAccount
+-- For all usage details, see https://developers.google.com/identity/protocols/OAuth2ServiceAccount
 --
 
 module Network.Google.OAuth2.JWT
@@ -49,20 +49,21 @@
 -- >
 fromPEMString :: String -> IO PrivateKey
 fromPEMString s =
-    fromJust . toKeyPair <$> readPrivateKey s PwNone
-        >>= \k -> return PrivateKey
-            { private_pub =
-                  PublicKey { public_size = rsaSize k
-                            , public_n    = rsaN k
-                            , public_e    = rsaE k
-                            }
-            , private_d    = rsaD k
-            , private_p    = rsaP k
-            , private_q    = rsaQ k
-            , private_dP   = 0
-            , private_dQ   = 0
-            , private_qinv = 0
-            }
+  fromJust . toKeyPair <$> readPrivateKey s PwNone >>=
+    \k -> return
+      PrivateKey
+        { private_pub =
+            PublicKey { public_size = rsaSize k
+                      , public_n    = rsaN k
+                      , public_e    = rsaE k
+                      }
+        , private_d    = rsaD k
+        , private_p    = rsaP k
+        , private_q    = rsaQ k
+        , private_dP   = 0
+        , private_dQ   = 0
+        , private_qinv = 0
+        }
 
 -- | Create the signed JWT ready for transmission
 -- in the access token request as assertion value.
@@ -70,43 +71,42 @@
 -- >grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=
 --
 getSignedJWT :: Email
-       -- ^ The email address of the service account.
-       -> Maybe Email
-       -- ^ The email address of the user for which the
-       -- application is requesting delegated access.
-       -> [Scope]
-       -- ^ The list of the permissions that the application requests.
-       -> Maybe Int
-       -- ^ Expiration time (maximun and default value is an hour, 3600).
-       -> PrivateKey
-       -- ^ The private key gotten from the PEM string obtained from the
-       -- Google API Console.
-       -> IO (Either String B.ByteString)
-       -- ^ Either an error message or a signed JWT.
+             -- ^ The email address of the service account.
+             -> Maybe Email
+             -- ^ The email address of the user for which the
+             -- application is requesting delegated access.
+             -> [Scope]
+             -- ^ The list of the permissions that the application requests.
+             -> Maybe Int
+             -- ^ Expiration time (maximun and default value is an hour, 3600).
+             -> PrivateKey
+             -- ^ The private key gotten from the PEM string obtained from the
+             -- Google API Console.
+             -> IO (Either String B.ByteString)
+             -- ^ Either an error message or a signed JWT.
 getSignedJWT iss msub scopes met privateKey = do
-    let et = fromIntegral $ fromMaybe 3600 met
-    if et < 1 || et > 3600
-        then return $ Left "Bad expiration time"
-        else do
-            cs <- jwtClaimsSet
-                 (maybe T.empty (\s -> "\"sub\":\"" <> s <> "\",") msub) et
-            let i = toJWT "{\"alg\":\"RS256\",\"typ\":\"JWT\"}" <> "." <> cs
-            return $
-                case rsassa_pkcs1_v1_5_sign hashSHA256 privateKey (fromStrict i) of
-                    Right s -> Right $ i <> "." <> encode (toStrict s)
-                    Left _  -> Left "RSAError"
+  let et = fromIntegral $ fromMaybe 3600 met
+  if et >= 1 && et <= 3600
+    then do
+      cs <-
+        jwtClaimsSet
+          (maybe T.empty (\s -> "\"sub\":\"" <> s <> "\",") msub) et
+      let i = toJWT "{\"alg\":\"RS256\",\"typ\":\"JWT\"}" <> "." <> cs
+      return $
+        case rsassa_pkcs1_v1_5_sign hashSHA256 privateKey (fromStrict i) of
+          Right s -> Right (i <> "." <> encode (toStrict s))
+          Left _  -> Left "RSAError"
+    else fail "Bad expiration time"
   where
     jwtClaimsSet s e = do
-        (exp',iat') <-
-            getUnixTime >>= \t ->
-                return ( toText $ utSeconds t + CTime e
-                       , toText $ utSeconds t
-                       )
-        return $ toJWT $
-               "{\"iss\":\"" <> iss <> "\"," <> s <> "\"scope\":\""
-            <> T.intercalate " " scopes <> "\",\"aud\":\"https://ww\
-               \w.googleapis.com/oauth2/v4/token\",\"exp\":" <> exp'
-            <> ",\"iat\":" <> iat' <> "}"
+      (exp',iat') <- getUnixTime >>=
+        \t -> return (toText (utSeconds t + CTime e),toText (utSeconds t))
+      return $
+        toJWT $
+          "{\"iss\":\"" <> iss <> "\"," <> s <> "\"scope\":\""
+          <> T.intercalate " " scopes <> "\",\"aud\":\"https:\
+          \//www.googleapis.com/oauth2/v4/token\",\"exp\":" <>
+          exp' <> ",\"iat\":" <> iat' <> "}"
     toText = T.pack . show
     toJWT = encode . encodeUtf8
 
