diff --git a/src/api/client/session/mod.rs b/src/api/client/session/mod.rs
index c3609dcc..281ac618 100644
--- a/src/api/client/session/mod.rs
+++ b/src/api/client/session/mod.rs
@@ -105,10 +105,6 @@ pub(crate) async fn login_route(
 		},
 	};
 
-	if !services.users.is_active_local(&user_id).await {
-		return Err!(Request(UserDeactivated("This user has been deactivated.")));
-	}
-
 	// Generate a new token for the device
 	let (access_token, expires_in) = services
 		.users
diff --git a/src/api/client/session/token.rs b/src/api/client/session/token.rs
index 2cfdba83..8f00b7c6 100644
--- a/src/api/client/session/token.rs
+++ b/src/api/client/session/token.rs
@@ -46,6 +46,10 @@ pub(crate) async fn login_token_route(
 	}
 
 	let sender_user = auth_uiaa(&services, &body).await?;
+	if !services.users.is_active_local(&sender_user).await {
+		return Err!(Request(UserDeactivated("This user has been deactivated.")));
+	}
+
 	let login_token = random_string(TOKEN_LENGTH);
 	let expires_in = services
 		.users