diff --git a/routes/auth.js b/routes/auth.js
index e44a21508..1d5147042 100644
--- a/routes/auth.js
+++ b/routes/auth.js
@@ -13,12 +13,14 @@ function getTokenFromHeader(req){
 var auth = {
   required: jwt({
     secret: secret,
+    algorithms: ['HS256'],
     userProperty: 'payload',
     getToken: getTokenFromHeader
   }),
   optional: jwt({
     secret: secret,
     userProperty: 'payload',
+    algorithms: ['HS256'],
     credentialsRequired: false,
     getToken: getTokenFromHeader
   })