diff --git a/src/api/oauth.ts b/src/api/oauth.ts
index e6db5b8..5debbda 100644
--- a/src/api/oauth.ts
+++ b/src/api/oauth.ts
@@ -3,18 +3,15 @@ import converter from 'npm:bech32-converting';
 import { validator, z } from '@/deps.ts';
 
 const createTokenSchema = z.object({
-  password: z.string(),
+  password: z.string().transform((v) => v.startsWith('nsec1') ? converter('nsec').toHex(v).slice(2) : v),
 });
 
 const createTokenController = validator('json', (value, c) => {
   const result = createTokenSchema.safeParse(value);
 
   if (result.success) {
-    const password = result.data.password;
-    const token = password.startsWith('nsec1') ? converter('nsec').toHex(password).slice(2) : password;
-
     return c.json({
-      access_token: token,
+      access_token: result.data.password,
       token_type: 'Bearer',
       scope: 'read write follow push',
       created_at: Math.floor(new Date().getTime() / 1000),