diff --git a/lib/IdPAccountManager/WebRequest.pm b/lib/IdPAccountManager/WebRequest.pm
index 0fcb99cd8a9dbaf31a5ef4a735174dbab0583214..2d6ad9d232b7ce53f24e95d13206b29db0030ee1 100755
--- a/lib/IdPAccountManager/WebRequest.pm
+++ b/lib/IdPAccountManager/WebRequest.pm
@@ -445,11 +445,12 @@ sub req_validate_token {
         return undef;
     }
 
-    my $authentication_token = IdPAccountManager::Data::AuthenticationToken->new(
+    my $token = IdPAccountManager::Data::AuthenticationToken->new(
         db    => $self->{db},
-        token => $self->{in}->{authentication_token});
+        token => $self->{in}->{authentication_token}
+    );
 
-    unless ($authentication_token->load()) {
+    if (! $token->load(speculative => 1)) {
         push @{ $self->{out}->{errors} }, "wrong_token";
         $self->{logger}->errorf(
             "Failed to validate authentication token %s for sp_entityid %s",
@@ -459,9 +460,7 @@ sub req_validate_token {
         return undef;
     }
 
-    unless ($authentication_token->get('sp_entityid') eq
-        $self->{in}->{sp_entityid})
-    {
+    if (! $token->get('sp_entityid') eq $self->{in}->{sp_entityid}) {
         push @{ $self->{out}->{errors} }, "wrong_token_for_sp";
         $self->{logger}->errorf(
             "Authentication token %s cannot be used for SP with entityid %s",
@@ -472,7 +471,7 @@ sub req_validate_token {
     }
 
     ## delete the token
-    unless ($authentication_token->delete()) {
+    unless ($token->delete()) {
         $self->{logger}->errorf(
             "Failed to delete authentication token %s",
             $self->{in}->{authentication_token}