diff --git a/data/users.py b/data/users.py
index c5fe926e9..480ce0eca 100644
--- a/data/users.py
+++ b/data/users.py
@@ -100,7 +100,8 @@ class JWTAuthUsers(object):
       raise Exception('Missing exp field in JWT')
 
     # Verify that the expiration is no more than 300 seconds in the future.
-    if datetime.fromtimestamp(payload['exp']) > datetime.utcnow() + timedelta(seconds=300):
+    expiration = datetime.utcfromtimestamp(payload['exp'])
+    if expiration > datetime.utcnow() + timedelta(seconds=300):
       logger.debug('Payload expiration is outside of the 300 second window: %s', payload['exp'])
       return (None, 'Invalid username or password')