diff --git a/IdentityServer.Api/Controllers/IdentityController.cs b/IdentityServer.Api/Controllers/IdentityController.cs
index d333781..2c425fe 100644
--- a/IdentityServer.Api/Controllers/IdentityController.cs
+++ b/IdentityServer.Api/Controllers/IdentityController.cs
@@ -16,8 +16,8 @@ namespace IdentityServer.Api.Controllers
             _mediator = mediator;
         }
 
-        [HttpPost("authenticate/{userName}/{password}")]
-        public async Task<IActionResult> AuthenticateUser([FromRoute] AuthenticateUser authenticateUser)
+        [HttpPost("authenticate")]
+        public async Task<IActionResult> AuthenticateUser([FromQuery] AuthenticateUser authenticateUser)
         {
             var result = await _mediator.Send(authenticateUser);
 
@@ -27,8 +27,8 @@ namespace IdentityServer.Api.Controllers
                 return BadRequest();
         }
 
-        [HttpPost("authorize/{token}")]
-        public async Task<IActionResult> AuthorizeToken([FromRoute] AuthorizeToken authorizeToken)
+        [HttpPost("authorize")]
+        public async Task<IActionResult> AuthorizeToken([FromQuery] AuthorizeToken authorizeToken)
         {
             var result = await _mediator.Send(authorizeToken);
 
diff --git a/IdentityServer.Application/Commands/AuthenticateUser.cs b/IdentityServer.Application/Commands/AuthenticateUser.cs
index 07035f2..4c744a4 100644
--- a/IdentityServer.Application/Commands/AuthenticateUser.cs
+++ b/IdentityServer.Application/Commands/AuthenticateUser.cs
@@ -6,11 +6,5 @@ namespace IdentityServer.Application.Commands
     {
         public string UserName { get; set; }
         public string Password { get; set; }
-
-        public AuthenticateUser(string userName, string password)
-        {
-            UserName = userName;
-            Password = password;
-        }
     }
 }
diff --git a/IdentityServer.Application/Stores/SecurityStore.cs b/IdentityServer.Application/Stores/SecurityStore.cs
index 1bf4d1c..6cd8901 100644
--- a/IdentityServer.Application/Stores/SecurityStore.cs
+++ b/IdentityServer.Application/Stores/SecurityStore.cs
@@ -27,8 +27,12 @@ namespace IdentityServer.Application.Stores
 
         public TokenValidation ValidateToken(string token)
         {
-            var lastIndexOfSeparator = token.LastIndexOf('-') + 1;
-            var userIdString = token.Substring(lastIndexOfSeparator, token.Length - lastIndexOfSeparator);
+            var lastIndexOfSeparator = token.LastIndexOf('-');
+            if (lastIndexOfSeparator == -1)
+                return InvalidToken;
+
+            var indexOfNextCharacterAfterSeparator = lastIndexOfSeparator + 1;
+            var userIdString = token.Substring(indexOfNextCharacterAfterSeparator, token.Length - indexOfNextCharacterAfterSeparator);
 
             if (!int.TryParse(userIdString, out int userId))
                 return InvalidToken;