diff --git a/server/routes/user.js b/server/routes/user.js
index b50819856..0e01f481c 100644
--- a/server/routes/user.js
+++ b/server/routes/user.js
@@ -468,7 +468,7 @@ router.post('/user/validate', handleErrorAsync(async (req, res) => {
         return res.json({ error: 'user.code.invalid' });
     }
 
-    await invalidateAuthenticator(req.db, authenticator);
+    await invalidateAuthenticator(req.db, authenticator.id);
 
     await auditLog(req, 'auth/validate_code_valid');
 
@@ -549,7 +549,7 @@ router.post('/user/change-email', handleErrorAsync(async (req, res) => {
         return res.json({ error: 'user.code.invalid' });
     }
 
-    await invalidateAuthenticator(req.db, authenticator);
+    await invalidateAuthenticator(req.db, authenticator.id);
 
     await req.db.get(SQL`UPDATE users SET email = ${authenticator.payload.to} WHERE id = ${req.user.id}`);
     req.user.email = authenticator.payload.to;