diff --git a/src/server.rs b/src/server.rs
index 9d3fe9f..316bf8c 100644
--- a/src/server.rs
+++ b/src/server.rs
@@ -5,11 +5,12 @@ use axum::{
     routing::{get, post},
     Form, Json, Router,
 };
+use secrecy::ExposeSecret;
 use serde::{Deserialize, Serialize};
 use tracing::{event, instrument, Level};
 
 use crate::auth::AuthenticationError;
-use crate::secrets::Password;
+use crate::secrets::{Password, UserToken};
 
 #[instrument]
 pub async fn run() -> color_eyre::Result<()> {
@@ -71,9 +72,10 @@ async fn api_login(
     Form(LoginRequest { username, password }): Form<LoginRequest>,
 ) -> ApiResult<Json<LoginResponse>> {
     event!(Level::WARN, "Creating dummy token");
+    let user_token = UserToken("invalid".to_owned().into());
 
     Ok(Json(LoginResponse {
         username,
-        token: "invalid".to_string(),
+        token: user_token.0.expose_secret().to_owned(),
     }))
 }