diff --git a/src/middlewares/IsAuthenticated.ts b/src/middlewares/IsAuthenticated.ts
index c54527e6..f9d70e71 100644
--- a/src/middlewares/IsAuthenticated.ts
+++ b/src/middlewares/IsAuthenticated.ts
@@ -1,9 +1,12 @@
 import type { NextFunction, Request, Response } from 'express'
+import { verify } from 'jsonwebtoken'
 import { isUserEntity } from '../utils/index'
 import Context from '../context'
 import { UserEntity } from '../entity/UserEntity'
 import { APP_SOURCE, REDIS_CACHE } from '..'
+import { useEnv } from '../env'
 import { logger } from './loggerService'
+import { ApiError } from './ApiError'
 
 export default async function isAuthenticated(req: Request, res: Response, next: NextFunction) {
   try {
@@ -12,6 +15,12 @@ export default async function isAuthenticated(req: Request, res: Response, next:
     if (req.headers.authorization) {
       const token = req.headers.authorization.replace('Bearer ', '')
 
+      if (!token) {
+        throw new ApiError(401, 'action non autorisée')
+      }
+      const { JWT_SECRET } = useEnv()
+      verify(token, JWT_SECRET)
+
       if (token) {
         const user = await REDIS_CACHE.get<UserEntity>(
           `user-token-${token}`,