diff --git a/Oqtane.Server/Security/JwtManager.cs b/Oqtane.Server/Security/JwtManager.cs
index 235ce40a..026071a1 100644
--- a/Oqtane.Server/Security/JwtManager.cs
+++ b/Oqtane.Server/Security/JwtManager.cs
@@ -17,11 +17,8 @@ namespace Oqtane.Security
     {
         public string GenerateToken(Alias alias, ClaimsIdentity identity, string secret, string issuer, string audience, int lifetime)
         {
-            // ensure secret is 256 bits
-            if (secret.Length < 32) secret = (secret + "????????????????????????????????").Substring(0, 32);
-
             var tokenHandler = new JwtSecurityTokenHandler();
-            var key = Encoding.ASCII.GetBytes(secret);
+            var key = Encoding.ASCII.GetBytes(PadSecret(secret));
             var tokenDescriptor = new SecurityTokenDescriptor
             {
                 Subject = new ClaimsIdentity(identity),
@@ -38,11 +35,8 @@ namespace Oqtane.Security
         {
             if (!string.IsNullOrEmpty(token))
             {
-                // ensure secret is 256 bits
-                if (secret.Length < 32) secret = (secret + "????????????????????????????????").Substring(0, 32);
-
                 var tokenHandler = new JwtSecurityTokenHandler();
-                var key = Encoding.ASCII.GetBytes(secret);
+                var key = Encoding.ASCII.GetBytes(PadSecret(secret));
                 try
                 {
                     tokenHandler.ValidateToken(token, new TokenValidationParameters
@@ -72,5 +66,11 @@ namespace Oqtane.Security
             }
             return null;
         }
+
+        private string PadSecret(string secret)
+        {
+            // ensure secret is 256 bits
+            return (secret.Length < 32) ? (secret + "????????????????????????????????").Substring(0, 32) : secret;
+        }
     }
 }