diff --git a/backend/src/graphql/directive/isAuthorized.ts b/backend/src/graphql/directive/isAuthorized.ts
index b8595a2bd..ddd78f1fa 100644
--- a/backend/src/graphql/directive/isAuthorized.ts
+++ b/backend/src/graphql/directive/isAuthorized.ts
@@ -21,7 +21,7 @@ export const isAuthorized: AuthChecker<Context> = async ({ context }, rights) =>
   }
 
   // Decode the token
-  const decoded = decode(context.token)
+  const decoded = await decode(context.token)
   if (!decoded) {
     throw new LogError('403.13 - Client certificate revoked')
   }
@@ -49,6 +49,6 @@ export const isAuthorized: AuthChecker<Context> = async ({ context }, rights) =>
   }
 
   // set new header token
-  context.setHeaders.push({ key: 'token', value: encode(decoded.gradidoID) })
+  context.setHeaders.push({ key: 'token', value: await encode(decoded.gradidoID) })
   return true
 }
diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index 60b4403af..918b65885 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -185,7 +185,7 @@ export class UserResolver {
 
     context.setHeaders.push({
       key: 'token',
-      value: encode(dbUser.gradidoID),
+      value: await encode(dbUser.gradidoID),
     })
 
     await EVENT_USER_LOGIN(dbUser)