diff --git a/packages/core/auth-js/src/GoTrueClient.ts b/packages/core/auth-js/src/GoTrueClient.ts
index f23bc954e..f86ad5a00 100644
--- a/packages/core/auth-js/src/GoTrueClient.ts
+++ b/packages/core/auth-js/src/GoTrueClient.ts
@@ -3649,8 +3649,8 @@ export default class GoTrueClient {
         raw: { header: rawHeader, payload: rawPayload },
       } = decodeJWT(token)
 
-      if (!options?.allowExpired) {
-        // Reject expired JWTs should only happen if jwt argument was passed
+      // Only validate expiration if allowExpired is NOT true
+      if (options?.allowExpired !== true) {
         validateExp(payload.exp)
       }