diff --git a/src/main/java/com/covas/Resources/TokenRessource.java b/src/main/java/com/covas/Resources/TokenRessource.java
index b5a1552..95e0426 100644
--- a/src/main/java/com/covas/Resources/TokenRessource.java
+++ b/src/main/java/com/covas/Resources/TokenRessource.java
@@ -43,32 +43,25 @@ public class TokenRessource {
         String name = "anonymous";
         String password = "";
 
-        
-        if (jwtCookie == null) {
-            if(auth == null){
-                return Response.status(Response.Status.BAD_REQUEST).build();
-            }
-            String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":");
-            name = hash[0];
-            password = Hash.encryptSHA512(hash[1]);
-
-            UsersEntity users = UsersEntity.findByPseudo(name);
-            if(users != null){
-
-                if(password.equals(users.password)){
-                    // Create a JWT token signed using the 'HS256' algorithm
-                    String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).sign();
-                    // or create a JWT token encrypted using the 'A256KW' algorithm
-                    // Jwt.upn("alice").encryptWithSecret(secret);
-                    return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie)).build();
-                } else {
-                    return Response.status(Response.Status.FORBIDDEN).build();
-                }
-
-                 
-            }
+        if(auth == null){
+            return Response.status(Response.Status.BAD_REQUEST).build();
+        }
+        String[] hash = new String(Base64.decode(auth.split(" ")[1]), StandardCharsets.UTF_8).split(":");
+        name = hash[0];
+        password = Hash.encryptSHA512(hash[1]);
+        UsersEntity users = UsersEntity.findByPseudo(name);
+        if (users == null){
             return Response.status(Response.Status.NOT_FOUND).build();
-          
+        }        
+        if (jwtCookie == null) {
+            if(!password.equals(users.password)){
+                return Response.status(Response.Status.FORBIDDEN).build();                
+            }
+            // Create a JWT token signed using the 'HS256' algorithm
+            String newJwtCookie = Jwt.issuer("https://example.com/issuer").upn(name).groups(users.roles).claim(Claims.kid, users.id.toString()).sign();
+            // or create a JWT token encrypted using the 'A256KW' algorithm
+            // Jwt.upn("alice").encryptWithSecret(secret);
+            return Response.status(Response.Status.CREATED).cookie(new NewCookie("jwt", newJwtCookie)).build();
       } 
       // All mp.jwt and smallrye.jwt properties are still effective, only the verification key is customized.
       try {