diff --git a/src/models/creation/CreateAuth.ts b/src/models/creation/CreateAuth.ts
index 4580869..f21c026 100644
--- a/src/models/creation/CreateAuth.ts
+++ b/src/models/creation/CreateAuth.ts
@@ -33,20 +33,20 @@ export class CreateAuth {
         } else {
             const found_user = found_users[0]
             if (await argon2.verify(found_user.password, this.password + found_user.uuid)) {
-                // TODO: proper jwt creation
                 const timestamp_accesstoken_expiry = Math.floor(Date.now() / 1000) + 5 * 60
+                delete found_user.password;
                 newAuth.access_token = jsonwebtoken.sign({
-                    refreshtokencount: 5,
-                    userdetails: {},
+                    userdetails: found_user,
                     exp: timestamp_accesstoken_expiry
                 }, "securekey")
+                newAuth.access_token_expires_at = timestamp_accesstoken_expiry
+                // 
                 const timestamp_refresh_expiry = Math.floor(Date.now() / 1000) + 10 * 36000
                 newAuth.refresh_token = jsonwebtoken.sign({
                     refreshtokencount: 5,
-                    userdetails: {},
+                    userid: found_user.id,
                     exp: timestamp_refresh_expiry
                 }, "securekey")
-                newAuth.access_token_expires_at = timestamp_accesstoken_expiry
                 newAuth.refresh_token_expires_at = timestamp_refresh_expiry
             } else {
                 throw new InvalidCredentialsError()