I noticed there was a minor difference on the server generating the JWT and the server decoding it (on an openid connect project) and although the difference is within millisecs, very often the iat verification failed so I had to read up at the documentation and verify there is some recommendation at least for the exp and the nbf. so I've considered adding a leeway time to all time verification.

Sources:
http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef
http://openid.net/specs/openid-connect-core-1_0.html#IDToken

I've create a pull request #39 to resolve this issue a while back so I'm not sure if the workflow in this project is to see an issue first before heading for the push requests :)