diff --git a/src/main/java/io/kamax/mxisd/http/undertow/handler/AuthorizationHandler.java b/src/main/java/io/kamax/mxisd/http/undertow/handler/AuthorizationHandler.java
index fb198ea..0375295 100644
--- a/src/main/java/io/kamax/mxisd/http/undertow/handler/AuthorizationHandler.java
+++ b/src/main/java/io/kamax/mxisd/http/undertow/handler/AuthorizationHandler.java
@@ -58,7 +58,8 @@ public class AuthorizationHandler extends BasicHttpHandler {
             log.error("Account not found from request from: {}", exchange.getHostAndPort());
             throw new InvalidCredentialsException();
         }
-        if (account.getExpiresIn() < System.currentTimeMillis()) {
+        long expiredAt = (account.getCreatedAt() + account.getExpiresIn()) * 1000; // expired in milliseconds
+        if (expiredAt < System.currentTimeMillis()) {
             log.error("Account for '{}' from: {}", account.getUserId(), exchange.getHostAndPort());
             accountManager.deleteAccount(token);
             throw new InvalidCredentialsException();