diff --git a/package-lock.json b/package-lock.json
index 6554344..453b787 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "auth-server",
-  "version": "1.8.3",
+  "version": "1.8.4",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "auth-server",
-      "version": "1.8.3",
+      "version": "1.8.4",
       "license": "ISC",
       "dependencies": {
         "bcryptjs": "^2.4.3",
diff --git a/package.json b/package.json
index e984583..6c0407a 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "auth-server",
-  "version": "1.8.3",
+  "version": "1.8.4",
   "description": "An API centric auth server. Uses Sequelize and mariaDB by default.",
   "main": "server/server.js",
   "scripts": {
diff --git a/server/utilities/token-decode.js b/server/utilities/token-decode.js
index 1dca7b3..a02fc50 100644
--- a/server/utilities/token-decode.js
+++ b/server/utilities/token-decode.js
@@ -9,13 +9,9 @@ module.exports = (req, res, next) => {
 		return res.status(401).send('No access token provided');
 	}
 
-	return jwt.decode(accessToken, process.env.SECRET_ACCESS, (err, user) => {
-		if (err) {
-			return res.status(403).send(err);
-		}
+	const decoded = jwt.decode(accessToken);
 
-		req.user = user;
+	req.user = decoded.payload;
 
-		return next();
-	});
+	return next();
 };
\ No newline at end of file
diff --git a/tools/react/token-provider.jsx b/tools/react/token-provider.jsx
index 9a800a4..6f017f0 100644
--- a/tools/react/token-provider.jsx
+++ b/tools/react/token-provider.jsx
@@ -48,6 +48,9 @@ const TokenProvider = props => {
 			//ping the auth server for a new access token
 			const response = await fetch(`${process.env.AUTH_URI}/auth/token`, {
 				method: 'POST',
+				headers: {
+					'Authorization': `Bearer ${bearer}`
+				},
 				credentials: 'include'
 			});
 
@@ -79,6 +82,9 @@ const TokenProvider = props => {
 
 	//access the refreshed token via callback
 	const tokenCallback = async (cb) => {
+		//use this?
+		let bearer = accessToken;
+
 		//if expired (10 minutes, normally)
 		const expired = new Date(decode(accessToken).exp) < Date.now() / 1000;
 
@@ -86,6 +92,9 @@ const TokenProvider = props => {
 			//ping the auth server for a new token
 			const response = await fetch(`${process.env.AUTH_URI}/auth/token`, {
 				method: 'POST',
+				headers: {
+					'Authorization': `Bearer ${bearer}`
+				},
 				credentials: 'include'
 			});