diff --git a/Marco.Pms.Services/Controllers/AuthController.cs b/Marco.Pms.Services/Controllers/AuthController.cs
index 2259142..6b8a2bb 100644
--- a/Marco.Pms.Services/Controllers/AuthController.cs
+++ b/Marco.Pms.Services/Controllers/AuthController.cs
@@ -162,12 +162,28 @@ namespace MarcoBMS.Services.Controllers
                     UserManager<ApplicationUser>.ResetPasswordTokenPurpose,
                    WebUtility.UrlDecode( model.Token)
                 );
-
+            string token = "";
 
             if (!isTokenValid)
-                return BadRequest("Invalid or expired token.");
+            {
+                var isDecodedTokenValid = await _userManager.VerifyUserTokenAsync(
+                    user,
+                    TokenOptions.DefaultProvider, // This is the token provider
+                    UserManager<ApplicationUser>.ResetPasswordTokenPurpose,
+                   model.Token
+                );
+                if(!isDecodedTokenValid)
+                    return BadRequest("Invalid or expired token.");
 
-            var result = await _userManager.ResetPasswordAsync(user, WebUtility.UrlDecode(model.Token), model.NewPassword);
+                token = model.Token;
+            }
+            else
+            {
+                token = WebUtility.UrlDecode(model.Token);
+            }
+
+
+                var result = await _userManager.ResetPasswordAsync(user, token, model.NewPassword);
             if (!result.Succeeded)
                 return BadRequest(result.Errors);