diff --git a/pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/security/Auth0Util.java b/pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/security/Auth0Util.java
index 3e42d24c3e..be3c04ecfc 100755
--- a/pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/security/Auth0Util.java
+++ b/pepper-apis/dsm-core/src/main/java/org/broadinstitute/dsm/security/Auth0Util.java
@@ -17,6 +17,7 @@
 import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTVerificationException;
 import com.auth0.jwt.exceptions.TokenExpiredException;
+import com.auth0.jwt.impl.PublicClaims;
 import com.auth0.jwt.interfaces.Claim;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.auth0.jwt.interfaces.RSAKeyProvider;
@@ -225,7 +226,11 @@ public static DecodedJWT verifyAuth0Token(String jwt, String auth0Domain, String
                 verification.withIssuer(signer);
             }
             JWTVerifier verifier = verification.build();
-            return verifier.verify(jwt);
+            DecodedJWT validToken = verifier.verify(jwt);
+            if (validToken.getClaim(PublicClaims.EXPIRES_AT).isNull()) {
+                throw new InvalidTokenException("Token missing expiration time in the claims.");
+            }
+            return validToken;
         } catch (JWTVerificationException e) {
             throw new InvalidTokenException("Could not verify auth0 token", e);
         }