diff --git a/lib/jwt.rb b/lib/jwt.rb
index 2e8d006d..101e8e90 100644
--- a/lib/jwt.rb
+++ b/lib/jwt.rb
@@ -122,7 +122,7 @@ def decode(jwt, key = nil, verify = true, custom_options = {}, &keyfinder)
     merged_options = DEFAULT_OPTIONS.merge(custom_options)
     decoder = Decode.new jwt, key, verify, merged_options, &keyfinder
     header, payload, signature, signing_input = decoder.decode_segments
-    decode_verify_signature(key, header, signature, signing_input, merged_options, &keyfinder) if verify
+    decode_verify_signature(key, header, payload, signature, signing_input, merged_options, &keyfinder) if verify
     decoder.verify
 
     raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload
@@ -130,16 +130,23 @@ def decode(jwt, key = nil, verify = true, custom_options = {}, &keyfinder)
     [payload, header]
   end
 
-  def decode_verify_signature(key, header, signature, signing_input, options, &keyfinder)
-    algo, key = signature_algorithm_and_key(header, key, &keyfinder)
+  def decode_verify_signature(key, header, payload, signature, signing_input, options, &keyfinder)
+    algo, key = signature_algorithm_and_key(header, payload, key, &keyfinder)
     if options[:algorithm] && algo != options[:algorithm]
       raise JWT::IncorrectAlgorithm, 'Expected a different algorithm'
     end
     verify_signature(algo, key, signing_input, signature)
   end
 
-  def signature_algorithm_and_key(header, key, &keyfinder)
-    key = yield(header) if keyfinder
+  def signature_algorithm_and_key(header, payload, key, &keyfinder)
+    if keyfinder
+      key = if keyfinder.arity == 2
+        yield(header, payload)
+      else
+        yield(header)
+      end
+      raise JWT::DecodeError, 'No verification key available' unless key
+    end
     [header['alg'], key]
   end