diff --git a/api/components/OAuth2/CryptTrait.php b/api/components/OAuth2/CryptTrait.php
index c3728a3..830c726 100644
--- a/api/components/OAuth2/CryptTrait.php
+++ b/api/components/OAuth2/CryptTrait.php
@@ -3,6 +3,9 @@ declare(strict_types=1);
 
 namespace api\components\OAuth2;
 
+use LogicException;
+use RangeException;
+use SodiumException;
 use Yii;
 
 /**
@@ -20,7 +23,11 @@ trait CryptTrait {
     }
 
     protected function decrypt($encryptedData): string {
-        return Yii::$app->tokens->decryptValue($encryptedData);
+        try {
+            return Yii::$app->tokens->decryptValue($encryptedData);
+        } catch (SodiumException | RangeException $e) {
+            throw new LogicException($e->getMessage(), 0, $e);
+        }
     }
 
 }
diff --git a/api/components/Tokens/Component.php b/api/components/Tokens/Component.php
index 4342c89..a1460e4 100644
--- a/api/components/Tokens/Component.php
+++ b/api/components/Tokens/Component.php
@@ -107,6 +107,13 @@ class Component extends BaseComponent {
         return $cipher;
     }
 
+    /**
+     * @param string $encryptedValue
+     *
+     * @return string
+     * @throws \SodiumException
+     * @throws \RangeException
+     */
     public function decryptValue(string $encryptedValue): string {
         $decoded = Base64UrlSafe::decode($encryptedValue);
         Assert::true(mb_strlen($decoded, '8bit') >= (SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_MACBYTES));
diff --git a/api/components/Tokens/TokenReader.php b/api/components/Tokens/TokenReader.php
index 4075c84..7e68e51 100644
--- a/api/components/Tokens/TokenReader.php
+++ b/api/components/Tokens/TokenReader.php
@@ -6,12 +6,9 @@ namespace api\components\Tokens;
 use Lcobucci\JWT\Token;
 use Yii;
 
-class TokenReader {
+final class TokenReader {
 
-    /**
-     * @var Token
-     */
-    private $token;
+    private Token $token;
 
     public function __construct(Token $token) {
         $this->token = $token;
@@ -55,6 +52,10 @@ class TokenReader {
             return null;
         }
 
+        /**
+         * It really might throw an exception but we have not seen any case of such exception yet
+         * @noinspection PhpUnhandledExceptionInspection
+         */
         return Yii::$app->tokens->decryptValue($encodedClientToken);
     }