diff --git a/.rubocop.yml b/.rubocop.yml
index 414a9e22..ced0ed3f 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -54,7 +54,7 @@ Metrics/AbcSize:
   Max: 25
 
 Metrics/ClassLength:
-  Max: 101
+  Max: 103
 
 Metrics/ModuleLength:
   Max: 100
@@ -95,4 +95,4 @@ Layout/HashAlignment:
   EnforcedLastArgumentHashStyle: always_ignore
 
 Style/TrivialAccessors:
-  AllowPredicates: true
\ No newline at end of file
+  AllowPredicates: true
diff --git a/lib/jwt/decode.rb b/lib/jwt/decode.rb
index c4f9dfe2..5a288bfc 100644
--- a/lib/jwt/decode.rb
+++ b/lib/jwt/decode.rb
@@ -24,6 +24,7 @@ def decode_segments
       validate_segment_count!
       if @verify
         decode_crypto
+        verify_algo
         set_key
         verify_signature
         verify_claims
@@ -46,11 +47,13 @@ def verify_signature
       raise(JWT::VerificationError, 'Signature verification failed')
     end
 
-    def set_key
+    def verify_algo
       raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
       raise(JWT::IncorrectAlgorithm, 'Token is missing alg header') unless algorithm
       raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?
+    end
 
+    def set_key
       @key = find_key(&@keyfinder) if @keyfinder
       @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks]).key_for(header['kid']) if @options[:jwks]
       if (x5c_options = @options[:x5c])