diff --git a/litecord/auth.py b/litecord/auth.py
index 3c3c0ae..7f4a76b 100644
--- a/litecord/auth.py
+++ b/litecord/auth.py
@@ -19,6 +19,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import base64
 import binascii
+from hmac import compare_digest
 
 import bcrypt
 from itsdangerous import TimestampSigner, BadSignature
@@ -47,7 +48,9 @@ async def raw_token_check(token: str, db=None) -> int:
     Forbidden
         If token validation fails.
     """
-    if app.config["ADMIN_TOKEN"] is not None:
+    if app.config["ADMIN_TOKEN"] is not None and compare_digest(
+        token, app.config["ADMIN_TOKEN"]
+    ):
         return app.config["ADMIN_ID"]
 
     db = db or app.db