diff --git a/server/main.go b/server/main.go
index 4f1cbd639dfca8d2a41dade005d751ae45591e9b..786fc9f42d9c10e2d1ef672c32bccb85663e5139 100644
--- a/server/main.go
+++ b/server/main.go
@@ -152,13 +152,10 @@ func callbackHandler(a *appContext, w http.ResponseWriter, r *http.Request) (int
 // rootHandler starts the auth process. If the client is authenticated it renders the token to the user.
 func rootHandler(a *appContext, w http.ResponseWriter, r *http.Request) (int, error) {
 	tok := a.getAuthCookie(r)
-	if !tok.Valid() {
+	if !tok.Valid() || !a.authprovider.Valid(tok) {
 		http.Redirect(w, r, "/auth/login", http.StatusSeeOther)
 		return http.StatusSeeOther, nil
 	}
-	if !a.authprovider.Valid(tok) {
-		return http.StatusUnauthorized, errors.New(http.StatusText(http.StatusUnauthorized))
-	}
 	j := jwt.New(jwt.SigningMethodHS256)
 	j.Claims["token"] = tok.AccessToken
 	j.Claims["exp"] = tok.Expiry.Unix()