diff --git a/website/sandbox/learnpianochords/src/server/GoogleSignIn.hs b/website/sandbox/learnpianochords/src/server/GoogleSignIn.hs
index 43fd79fbd..1ea252eea 100644
--- a/website/sandbox/learnpianochords/src/server/GoogleSignIn.hs
+++ b/website/sandbox/learnpianochords/src/server/GoogleSignIn.hs
@@ -10,5 +10,5 @@ import Web.JWT
 -- * The value of `iss` matches is "accounts.google.com" or
 --   "https://accounts.google.com"
 -- * The `exp` time has not passed
-jwtIsValid :: JWT UnverifiedJWT -> Bool
-jwtIsValid jwt = False
+jwtIsValid :: JWT UnverifiedJWT -> IO Bool
+jwtIsValid jwt = pure False
diff --git a/website/sandbox/learnpianochords/src/server/Spec.hs b/website/sandbox/learnpianochords/src/server/Spec.hs
index 69add5261..1f9b9bb4b 100644
--- a/website/sandbox/learnpianochords/src/server/Spec.hs
+++ b/website/sandbox/learnpianochords/src/server/Spec.hs
@@ -18,12 +18,12 @@ main = hspec $ do
         let mJWT = F.defaultJWTFields { F.overwriteSigner = hmacSecret "wrong" }
                    |> F.googleJWT
         case mJWT of
-          Nothing -> True == False
-          Just jwt -> GoogleSignIn.jwtIsValid jwt == False
+          Nothing  -> True `shouldBe` False
+          Just jwt -> GoogleSignIn.jwtIsValid jwt `shouldReturn` False
 
       it "returns false when the aud field doesn't match my client ID" $ do
         let mJWT = F.defaultJWTFields { F.overwriteAud = stringOrURI "wrong" }
                   |> F.googleJWT
         case mJWT of
-          Nothing -> True == False
-          Just jwt -> GoogleSignIn.jwtIsValid jwt == False
+          Nothing  -> True `shouldBe` False
+          Just jwt -> GoogleSignIn.jwtIsValid jwt `shouldReturn` False