diff --git a/auth/jwtcodec.py b/auth/jwtcodec.py
index 32138547..4d077fc8 100644
--- a/auth/jwtcodec.py
+++ b/auth/jwtcodec.py
@@ -1,7 +1,7 @@
 from datetime import datetime
 import time
 import jwt
-from base.exceptions import ExpiredToken
+from base.exceptions import ExpiredToken, InvalidToken
 from validations.auth import TokenPayload
 from settings import JWT_ALGORITHM, JWT_SECRET_KEY
 
@@ -9,12 +9,16 @@ from settings import JWT_ALGORITHM, JWT_SECRET_KEY
 class JWTCodec:
     @staticmethod
     def encode(user_id: int, exp: datetime) -> str:
+        issued = int(time.mktime(datetime.now().timetuple()))
+        print('[jwtcodec] issued at %r' % issued)
+        expires = time.mktime(exp.timetuple())
+        print('[jwtcodec] expires at %r' % expires)
         payload = {
             "user_id": user_id,
             # "user_email": user.email,  # less secure
             # "device": device,  # no use cases
-            "exp": exp,
-            "iat": time.mktime(datetime.now().timetuple()),
+            "exp": expires,
+            "iat": issued,
             "iss": "discours"
         }
         try:
@@ -39,4 +43,10 @@ class JWTCodec:
             print('[jwtcodec] debug payload %r' % r)
             return r
         except jwt.ExpiredSignatureError:
-            raise ExpiredToken
+            raise ExpiredToken('check token lifetime')
+        except jwt.InvalidTokenError:
+            raise InvalidToken('token is not valid')
+        except jwt.InvalidSignatureError:
+            raise InvalidToken('token is not valid')
+        except jwt.InvalidIssuedAtError:
+            raise ExpiredToken('check token issued time')
diff --git a/base/exceptions.py b/base/exceptions.py
index 0536dc4b..3b4a69f2 100644
--- a/base/exceptions.py
+++ b/base/exceptions.py
@@ -16,6 +16,11 @@ class InvalidToken(BaseHttpException):
     message = "403 Invalid Token"
 
 
+class Unauthorized(BaseHttpException):
+    code = 401
+    message = "401 Unauthorized"
+
+
 class ObjectNotExist(BaseHttpException):
     code = 404
     message = "404 Object Does Not Exist"
@@ -23,9 +28,9 @@ class ObjectNotExist(BaseHttpException):
 
 class OperationNotAllowed(BaseHttpException):
     code = 403
-    message = "403 Operation is not allowed"
+    message = "403 Operation Is Not Allowed"
 
 
 class InvalidPassword(BaseHttpException):
-    code = 401
-    message = "401 Invalid Password"
+    code = 403
+    message = "403 Invalid Password"