diff --git a/package-lock.json b/package-lock.json
index 60797b2..6554344 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "auth-server",
-  "version": "1.8.2",
+  "version": "1.8.3",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "auth-server",
-      "version": "1.8.2",
+      "version": "1.8.3",
       "license": "ISC",
       "dependencies": {
         "bcryptjs": "^2.4.3",
diff --git a/package.json b/package.json
index 153cefb..e984583 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "auth-server",
-  "version": "1.8.2",
+  "version": "1.8.3",
   "description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
   "main": "server/server.js",
   "scripts": {
diff --git a/server/auth/index.js b/server/auth/index.js
index 4ea687f..cfb9bc2 100644
--- a/server/auth/index.js
+++ b/server/auth/index.js
@@ -5,6 +5,7 @@ const { accounts } = require('../database/models');
 
 //middleware
 const tokenAuth = require('../utilities/token-auth');
+const tokenDecode = require('../utilities/token-decode');
 
 //signup -> validate -> login all without a token
 router.post('/signup', require('./signup'));
@@ -20,7 +21,7 @@ router.patch('/reset', require('./password-reset'));
 router.delete('/logout', require('./logout'));
 
 //authenticate token
-router.use(tokenAuth);
+router.use(tokenDecode);
 
 //middleware
 router.use(async (req, res, next) => {
@@ -44,6 +45,9 @@ router.use(async (req, res, next) => {
 //refresh token
 router.post('/token', require('./token'));
 
+//authenticate token
+router.use(tokenAuth);
+
 //basic account management (needs a token)
 router.get('/account', require('./account-query'));
 router.patch('/account', require('./account-update'));
diff --git a/server/utilities/token-auth.js b/server/utilities/token-auth.js
index 79c3643..8f85003 100644
--- a/server/utilities/token-auth.js
+++ b/server/utilities/token-auth.js
@@ -6,7 +6,7 @@ module.exports = (req, res, next) => {
 	const accessToken = authHeader?.split(' ')[1]; //'Bearer token'
 
 	if (!accessToken) {
-		return res.status(401).send('No access token found');
+		return res.status(401).send('No access token provided');
 	}
 
 	return jwt.verify(accessToken, process.env.SECRET_ACCESS, (err, user) => {
diff --git a/server/utilities/token-decode.js b/server/utilities/token-decode.js
new file mode 100644
index 0000000..1dca7b3
--- /dev/null
+++ b/server/utilities/token-decode.js
@@ -0,0 +1,21 @@
+const jwt = require('jsonwebtoken');
+
+//middleware to decode the JWT token
+module.exports = (req, res, next) => {
+	const authHeader = req.headers['authorization'];
+	const accessToken = authHeader?.split(' ')[1]; //'Bearer token'
+
+	if (!accessToken) {
+		return res.status(401).send('No access token provided');
+	}
+
+	return jwt.decode(accessToken, process.env.SECRET_ACCESS, (err, user) => {
+		if (err) {
+			return res.status(403).send(err);
+		}
+
+		req.user = user;
+
+		return next();
+	});
+};
\ No newline at end of file