diff --git a/backend/package-lock.json b/backend/package-lock.json
index ebc41815..0a1d9c9a 100644
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -25,7 +25,7 @@
         "express": "^4.18.2",
         "express-prometheus-middleware": "^0.8.5",
         "express-session": "^1.17.1",
-        "express-validator": "^6.9.2",
+        "express-validator": "^7.1.0",
         "fast-safe-stringify": "^2.0.7",
         "form-data": "^4.0.0",
         "has-ansi": "^4.0.0",
@@ -5809,12 +5809,13 @@
       "integrity": "sha512-fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg=="
     },
     "node_modules/express-validator": {
-      "version": "6.9.2",
-      "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-6.9.2.tgz",
-      "integrity": "sha512-Yqlsw2/uBobtBVkP+gnds8OMmVAEb3uTI4uXC93l0Ym5JGHgr8Vd4ws7oSo7GGYpWn5YCq4UePMEppKchURXrw==",
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-7.1.0.tgz",
+      "integrity": "sha512-ePn6NXjHRZiZkwTiU1Rl2hy6aUqmi6Cb4/s8sfUsKH7j2yYl9azSpl8xEHcOj1grzzQ+UBEoLWtE1s6FDxW++g==",
+      "license": "MIT",
       "dependencies": {
-        "lodash": "^4.17.20",
-        "validator": "^13.5.2"
+        "lodash": "^4.17.21",
+        "validator": "~13.12.0"
       },
       "engines": {
         "node": ">= 8.0.0"
@@ -13584,9 +13585,10 @@
       }
     },
     "node_modules/validator": {
-      "version": "13.7.0",
-      "resolved": "https://registry.npmjs.org/validator/-/validator-13.7.0.tgz",
-      "integrity": "sha512-nYXQLCBkpJ8X6ltALua9dRrZDHVYxjJ1wgskNt1lH9fzGjs3tgojGSCBjmEPwkWS1y29+DrizMTW19Pr9uB2nw==",
+      "version": "13.12.0",
+      "resolved": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz",
+      "integrity": "sha512-c1Q0mCiPlgdTVVVIJIrBuxNicYE+t/7oKeI9MWLj3fh/uq2Pxh/3eeWbVZ4OcGW1TUf53At0njHw5SMdA3tmMg==",
+      "license": "MIT",
       "engines": {
         "node": ">= 0.10"
       }
@@ -18421,12 +18423,12 @@
       }
     },
     "express-validator": {
-      "version": "6.9.2",
-      "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-6.9.2.tgz",
-      "integrity": "sha512-Yqlsw2/uBobtBVkP+gnds8OMmVAEb3uTI4uXC93l0Ym5JGHgr8Vd4ws7oSo7GGYpWn5YCq4UePMEppKchURXrw==",
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-7.1.0.tgz",
+      "integrity": "sha512-ePn6NXjHRZiZkwTiU1Rl2hy6aUqmi6Cb4/s8sfUsKH7j2yYl9azSpl8xEHcOj1grzzQ+UBEoLWtE1s6FDxW++g==",
       "requires": {
-        "lodash": "^4.17.20",
-        "validator": "^13.5.2"
+        "lodash": "^4.17.21",
+        "validator": "~13.12.0"
       }
     },
     "extend": {
@@ -24281,9 +24283,9 @@
       }
     },
     "validator": {
-      "version": "13.7.0",
-      "resolved": "https://registry.npmjs.org/validator/-/validator-13.7.0.tgz",
-      "integrity": "sha512-nYXQLCBkpJ8X6ltALua9dRrZDHVYxjJ1wgskNt1lH9fzGjs3tgojGSCBjmEPwkWS1y29+DrizMTW19Pr9uB2nw=="
+      "version": "13.12.0",
+      "resolved": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz",
+      "integrity": "sha512-c1Q0mCiPlgdTVVVIJIrBuxNicYE+t/7oKeI9MWLj3fh/uq2Pxh/3eeWbVZ4OcGW1TUf53At0njHw5SMdA3tmMg=="
     },
     "vary": {
       "version": "1.1.2",
diff --git a/backend/package.json b/backend/package.json
index 6a7fa85c..a49f63b7 100644
--- a/backend/package.json
+++ b/backend/package.json
@@ -40,7 +40,7 @@
     "express": "^4.18.2",
     "express-prometheus-middleware": "^0.8.5",
     "express-session": "^1.17.1",
-    "express-validator": "^6.9.2",
+    "express-validator": "^7.1.0",
     "fast-safe-stringify": "^2.0.7",
     "form-data": "^4.0.0",
     "has-ansi": "^4.0.0",
diff --git a/backend/src/routes/auth.js b/backend/src/routes/auth.js
index 9918aa97..7c1a1729 100644
--- a/backend/src/routes/auth.js
+++ b/backend/src/routes/auth.js
@@ -6,11 +6,18 @@ const express = require('express')
 const auth = require('../components/auth')
 const log = require('../components/logger')
 const { v4: uuidv4 } = require('uuid')
-const { getUserGuid, isIdirUser } = require('../components/utils')
+const { getUserGuid } = require('../components/utils')
 
-const { body, validationResult } = require('express-validator')
+const { checkExact, checkSchema, validationResult } = require('express-validator')
 const router = express.Router()
 
+const refreshSchema = {
+  refreshToken: {
+    in: ['body'],
+    exists: { errorMessage: '[refreshToken] is required' },
+  },
+}
+
 router.get('/', (_req, res) => {
   res.status(200).json({
     endpoints: ['/callback', '/callback_idir', '/login', '/logout', '/refresh', '/token'],
@@ -80,7 +87,7 @@ const UnauthorizedRsp = {
 }
 
 //refreshes jwt on refresh if refreshToken is valid
-router.post('/refresh', [body('refreshToken').exists()], async (req, res) => {
+router.post('/refresh', checkExact(checkSchema(refreshSchema)), async (req, res) => {
   const errors = validationResult(req)
 
   if (!errors.isEmpty()) {