diff --git a/resolvers/auth.py b/resolvers/auth.py
index 0454ba2e..80093a29 100644
--- a/resolvers/auth.py
+++ b/resolvers/auth.py
@@ -7,6 +7,7 @@ from graphql.type import GraphQLResolveInfo
 from transliterate import translit
 from starlette.responses import RedirectResponse
 
+from auth.jwtcodec import JWTCodec
 from auth.tokenstorage import TokenStorage
 from auth.authenticate import login_required
 from auth.email import send_auth_email
@@ -41,10 +42,12 @@ async def get_current_user(_, info):
 
 
 @mutation.field("confirmEmail")
-async def confirm_email(_, _info, confirm_token):
+async def confirm_email(_, _info, code):
     """confirm owning email address"""
     try:
-        user_id = await TokenStorage.get(confirm_token)
+        payload = JWTCodec.decode(code)
+        user_id = payload.user_id
+        await TokenStorage.get(f"{user_id}-{code}")
         with local_session() as session:
             user = session.query(User).where(User.id == user_id).first()
             session_token = await TokenStorage.create_session(user)
diff --git a/resolvers/profile.py b/resolvers/profile.py
index 10fc03f9..2ad57734 100644
--- a/resolvers/profile.py
+++ b/resolvers/profile.py
@@ -21,9 +21,9 @@ from services.zine.shoutauthor import ShoutAuthorStorage
 async def get_user_subscriptions(slug):
     return {
         "unread": await get_unread_counter(slug),       # unread inbox messages counter
-        "topics": [t.slug for t in get_followed_topics(0, slug)],  # followed topics slugs
-        "authors": [a.slug for a in get_followed_authors(0, slug)],  # followed authors slugs
-        "reactions": [r.shout for r in get_reactions_for_shouts(0, [slug, ])],  # followed reacted shout
+        "topics": [t.slug for t in await get_followed_topics(0, slug)],  # followed topics slugs
+        "authors": [a.slug for a in await get_followed_authors(0, slug)],  # followed authors slugs
+        "reactions": [r.shout for r in await get_reactions_for_shouts(0, [slug, ])],  # followed reacted shout
         "communities": [c.slug for c in get_followed_communities(0, slug)],  # followed communities slugs
     }
 
diff --git a/server.py b/server.py
index f2ae2b44..7cf3eac1 100644
--- a/server.py
+++ b/server.py
@@ -13,7 +13,7 @@ if __name__ == "__main__":
             ("Access-Control-Allow-Origin", "http://localhost:3000"),
             (
                 "Access-Control-Allow-Headers",
-                "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range",
+                "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,auth",
             ),
             ("Access-Control-Expose-Headers", "Content-Length,Content-Range"),
             ("Access-Control-Allow-Credentials", "true"),