diff --git a/internal/handlers/v1/jwt.go b/internal/handlers/v1/jwt.go
index 0af8311..d1cd668 100644
--- a/internal/handlers/v1/jwt.go
+++ b/internal/handlers/v1/jwt.go
@@ -57,40 +57,28 @@ func (j JwtToken) hasScope(scope string) error {
 }
 
 func (h *Handler) generateJwt(username, issuer string) (string, error) {
+	return h.generateJwtWithExp(username, issuer, time.Now().Add(10 * time.Minute))
+}
+
+func (h *Handler) generateJwtWithExp(username, issuer string, expiresAt time.Time) (string, error) {
 	secret := []byte(h.Config.JwtSecret)
 
 	// Anyone who wants to decrypt the key needs to use the same method
 	token := jwt.New(jwt.SigningMethodHS256)
 	claims := token.Claims.(jwt.MapClaims)
-	claims["exp"] = time.Now().Add(10 * time.Minute)
+	claims["exp"] = expiresAt
 	claims["authorized"] = true
 	claims["username"] = username
 	claims["iss"] = issuer
 
 	var scopes []string
-	scopes = append(scopes, domain.ScopeRecipeRead)
-	claims["scopes"] = scopes
-
-	tokenString, err := token.SignedString(secret)
-	if err != nil {
-		return "", err
-	}
-
-	return tokenString, nil
-}
-
-func (h *Handler) generateAdminJwt(username string) (string, error) {
-	secret := []byte(h.Config.JwtSecret)
-
-	token := jwt.New(jwt.SigningMethodHS256)
-	claims := token.Claims.(jwt.MapClaims)
-	claims["exp"] = time.Now().Add(10 * time.Minute)
-	claims["authorized"] = true
-	claims["username"] = username
-
-	var scopes []string
-	scopes = append(scopes, domain.ScopeAll)
-	claims["scopes"] = scopes
+	if (username == "admin") {
+		scopes = append(scopes, domain.ScopeAll)
+		claims["scopes"] = scopes
+	} else {
+		scopes = append(scopes, domain.ScopeRecipeRead)
+		claims["scopes"] = scopes
+	}
 
 	tokenString, err := token.SignedString(secret)
 	if err != nil {