diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
index b4d0e794f..e6b7c3a94 100644
--- a/src/auth/auth.service.ts
+++ b/src/auth/auth.service.ts
@@ -4,7 +4,7 @@
  * SPDX-License-Identifier: AGPL-3.0-only
  */
 
-import { Injectable } from '@nestjs/common';
+import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { UsersService } from '../users/users.service';
 import { User } from '../users/user.entity';
 import { AuthToken } from './auth-token.entity';
@@ -35,16 +35,20 @@ export class AuthService {
   }
 
   async validateToken(token: string): Promise<User> {
-    const [keyId, secret] = token.split('.');
-    const accessToken = await this.getAuthTokenAndValidate(keyId, secret);
-    await this.setLastUsedToken(keyId);
-    const user = await this.usersService.getUserByUsername(
-      accessToken.user.userName,
-    );
-    if (user) {
-      return user;
+    try {
+      const [keyId, secret] = token.split('.');
+      const accessToken = await this.getAuthTokenAndValidate(keyId, secret);
+      await this.setLastUsedToken(keyId);
+      return this.usersService.getUserByUsername(accessToken.user.userName);
+    } catch (error) {
+      if (
+        error instanceof NotInDBError ||
+        error instanceof TokenNotValidError
+      ) {
+        throw new UnauthorizedException(error.message);
+      }
+      throw error;
     }
-    return null;
   }
 
   async hashPassword(cleartext: string): Promise<string> {
diff --git a/src/auth/token.strategy.ts b/src/auth/token.strategy.ts
index 317b255f4..4f4f4e002 100644
--- a/src/auth/token.strategy.ts
+++ b/src/auth/token.strategy.ts
@@ -6,7 +6,7 @@
 
 import { Strategy } from 'passport-http-bearer';
 import { PassportStrategy } from '@nestjs/passport';
-import { Injectable, UnauthorizedException } from '@nestjs/common';
+import { Injectable } from '@nestjs/common';
 import { AuthService } from './auth.service';
 import { User } from '../users/user.entity';
 
@@ -17,10 +17,6 @@ export class TokenStrategy extends PassportStrategy(Strategy, 'token') {
   }
 
   async validate(token: string): Promise<User> {
-    const user = await this.authService.validateToken(token);
-    if (!user) {
-      throw new UnauthorizedException();
-    }
-    return user;
+    return this.authService.validateToken(token);
   }
 }