diff --git a/routes/auth.js b/routes/auth.js
index 839030f..db6733f 100644
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -59,7 +59,7 @@ Router.route('/secure/:auth/:expires?')
     if (req.params.auth === 'gutenberg') {
       let TokenEvents = new EventEmitter();
       let expires = req.params.expires || '15m';
-      let token = { authorized: true, can: ['add','edit','delete','manage','super','update','view'] };
+      let token = { username: 'apiuser', can: ['add','edit','delete','manage','super','update','view'] };
     
       TokenEvents.once('token:create', (err, token) => {
         if (err) {
@@ -77,7 +77,7 @@ Router.route('/secure/:auth/:expires?')
         }
       });
       
-      Token.create(TokenEvents, login.user, expires);
+      Token.create(TokenEvents, token, expires);
     } else {
       res.status(403).json({ authorized: false, message: 'operation not authorized' });
     }