diff --git a/json-api/src/auth.rs b/json-api/src/auth.rs
index 158eea0..6402914 100644
--- a/json-api/src/auth.rs
+++ b/json-api/src/auth.rs
@@ -3,6 +3,8 @@ use bcrypt::{self, BcryptResult};
 use mysql_async::Pool;
 use chrono::{Utc, Duration};
 
+use std::collections::HashMap;
+
 use crate::routes;
 
 use db::{member::Member, common::FromDB};
@@ -101,11 +103,6 @@ pub fn encrypt_secret(raw: &str) -> BcryptResult<String> {
     return bcrypt::hash(raw, BCRYPT_COST);
 }
 
-fn jwt_from_serde(params: &serde_json::Value) -> Option<&str> {
-    // gets the `token` from the parameters
-    // option<value> -> some(value) -> string
-    return params.get("jwt")?.as_str();
-}
 
 async fn valid_jwt(p: &Pool, token: &str)  -> AuthReason {
     use jsonwebtoken::{
@@ -131,16 +128,21 @@ async fn valid_jwt(p: &Pool, token: &str)  -> AuthReason {
     }
 }
 
-fn login_params_from_serde(params: &serde_json::Value) -> Option<(db::UBigInt, &str)> {
-    let id_v = params.get("id");
-    let secret_v = params.get("secret");
-    return match (id_v, secret_v) {
-        (Some(id_v), Some(secret_v)) => {
-            match (id_v.as_u64(), secret_v.as_str()) {
-                (Some(id), Some(secret)) => Some((id, secret)),
+fn login_params_from_qs<'value>(params: &HashMap<&str, &'value str>) 
+        -> Option<(db::UBigInt, &'value str)> {
+
+    return match (params.get("id"), params.get("secret")) {
+        // partially accpept if both keys are present
+        (Some(id), Some(secret)) => {
+            let id_s: String = String::from(*id);
+
+            match id_s.parse::<db::UBigInt>() {
+                // full accpet if id can parse + secret is present
+                Ok(id) => Some((id, secret)),
                 _ => None
             }
         },
+
         _ => None
     }
 }
@@ -149,12 +151,12 @@ fn login_params_from_serde(params: &serde_json::Value) -> Option<(db::UBigInt, &
 pub async fn wall_entry<'path, 'pool, 'params>(
         path: &'path str, 
         pool: &'pool Pool, 
-        params: &'params serde_json::Value) 
+        params: &'params HashMap<&str, &str>) 
             -> AuthReason {
 
     // Dont need to auth if it's not required
     let open_path = routes::is_open(path);
-    let jwt = jwt_from_serde(params);
+    let jwt = params.get("jwt");
 
     if open_path { // ignore the parameters since they're irelevant
         return AuthReason::OpenAuth;
@@ -164,7 +166,7 @@ pub async fn wall_entry<'path, 'pool, 'params>(
         // get the headers here
         return valid_jwt(pool, jwt).await;
     }
-    if let Some((id, secret)) = login_params_from_serde(params) {
+    if let Some((id, secret)) = login_params_from_qs(params) {
         // Last chance we might be hitting the /login route so we have to do the  heavy auth flow
 
         if path != routes::AUTH_LOGIN {