diff --git a/src/proto.rs b/src/proto.rs
index 4b3b8bd..ab5ab62 100644
--- a/src/proto.rs
+++ b/src/proto.rs
@@ -1,8 +1,11 @@
 #![allow(non_snake_case)]
 
+use axum::{Json, http::StatusCode};
 use uuid::Uuid;
 use serde::{Serialize, Deserialize};
 
+pub type Response<T> = Result<Json<T>, (StatusCode, Json<Error>)>;
+
 #[derive(Serialize, Deserialize)]
 pub struct Error {
 	pub error: String,
@@ -10,6 +13,20 @@ pub struct Error {
 	pub cause: String,
 }
 
+impl Error {
+	pub fn simple(msg: impl ToString) -> Error {
+		Error {
+			error: msg.to_string(),
+			errorMessage: msg.to_string(),
+			cause: msg.to_string(),
+		}
+	}
+
+	pub fn json(self) -> Json<Self> {
+		Json(self)
+	}
+}
+
 #[derive(Serialize, Deserialize, Debug)]
 pub struct Agent {
 	pub name: String,
diff --git a/src/routes/auth.rs b/src/routes/auth.rs
index da49d18..a6077aa 100644
--- a/src/routes/auth.rs
+++ b/src/routes/auth.rs
@@ -21,7 +21,7 @@ pub async fn validate(State(state): State<AppState>, Json(payload): Json<proto::
 	}
 }
 
-pub async fn refresh(State(state): State<AppState>, Json(payload): Json<proto::RefreshRequest>) -> Result<Json<proto::RefreshResponse>, StatusCode> {
+pub async fn refresh(State(state): State<AppState>, Json(payload): Json<proto::RefreshRequest>) -> proto::Response<proto::RefreshResponse> {
 	info!(target: "AUTH", "[REFRESH] called with {:?}", payload);
 	let token = entities::token::Entity::find().filter(
 		entities::token::Column::AccessToken.eq(payload.accessToken.clone())
@@ -49,7 +49,7 @@ pub async fn refresh(State(state): State<AppState>, Json(payload): Json<proto::R
 		info!(target: "AUTH", "[REFRESH] answering with {:?}", response);
 		Ok(Json(response))
 	} else {
-		Err(StatusCode::UNAUTHORIZED)
+		Err((StatusCode::UNAUTHORIZED, Json(proto::Error::simple("invalid token"))))
 	}
 }