diff --git a/controller/controller.go b/controller/controller.go
index dcd8e0676ff6c5d085ad78829ba4bb2b0ffe73c8..c88134520755a143e22e1e61c27e316e8719c8aa 100644
--- a/controller/controller.go
+++ b/controller/controller.go
@@ -448,7 +448,7 @@ func ensureDefaultUserExists() error {
 
 func deletAllExpiredUserTokens() error {
 	var usersToUpdate []rbac.User
-	// Temporarly create JWT manager just to evaluate tokens here
+	// Temporary create JWT manager just to evaluate tokens here
 	jwtManager := rbacImpl.NewJWTManager(config.JWTSecret, config.JWTDuration)
 
 	users, err := c.userService.GetAll()
@@ -480,7 +480,6 @@ func deletAllExpiredUserTokens() error {
 		}
 	}
 	return nil
-
 }
 
 // Run calls initialize to start the controller.
diff --git a/controller/northbound/server/auth.go b/controller/northbound/server/auth.go
index 77477e3fba6a050ea64cef5954c4d7920941690f..0528efb1949c77b5f59e7607183191e495b34609 100644
--- a/controller/northbound/server/auth.go
+++ b/controller/northbound/server/auth.go
@@ -95,7 +95,10 @@ func (s AuthServer) Login(ctx context.Context, request *apb.LoginRequest) (*apb.
 
 	userToUpdate.AddToken(token)
 	for len(userToUpdate.GetTokens()) > config.MaxTokensPerUser {
-		userToUpdate.RemoveToken(userToUpdate.GetTokens()[0])
+		err = userToUpdate.RemoveToken(userToUpdate.GetTokens()[0])
+		if err != nil {
+			return nil, err
+		}
 	}
 	err = s.userService.Update(userToUpdate)
 	if err != nil {