diff --git a/server/internal/config/config.go b/server/internal/config/config.go
index 840b89f..3537fa8 100644
--- a/server/internal/config/config.go
+++ b/server/internal/config/config.go
@@ -105,6 +105,15 @@ func Load(envFile string) (*Config, error) {
 		return nil, err
 	}
 
+	for i := range cfg.Clients {
+		c := &cfg.Clients[i]
+		t, err := c.ResolveToken()
+		if err != nil {
+			return nil, fmt.Errorf("config: reading token for client %q: %w", c.ID, err)
+		}
+		c.Token = t
+	}
+
 	return cfg, nil
 }
 
diff --git a/server/internal/server/server.go b/server/internal/server/server.go
index e9e1493..9c0ee57 100644
--- a/server/internal/server/server.go
+++ b/server/internal/server/server.go
@@ -49,12 +49,7 @@ func (s *Server) authenticate(r *http.Request) *config.Client {
 		return nil
 	}
 	for i := range s.cfg.Clients {
-		t, err := s.cfg.Clients[i].ResolveToken()
-		if err != nil {
-			slog.Warn("cannot read token for client", "client", s.cfg.Clients[i].ID, "error", err)
-			continue
-		}
-		if subtle.ConstantTimeCompare([]byte(t), []byte(token)) == 1 {
+		if subtle.ConstantTimeCompare([]byte(s.cfg.Clients[i].Token), []byte(token)) == 1 {
 			return &s.cfg.Clients[i]
 		}
 	}