diff --git a/src/web/security.py b/src/web/security.py
index 97ba07b..b310782 100644
--- a/src/web/security.py
+++ b/src/web/security.py
@@ -62,7 +62,7 @@ def authenticate_user(access_token):
     if r.status_code != 200: return False, "invalid token"
     try:
         j = r.json()
-        if j.get("azp") not in settings.CHROME_APP_IDS and j.get("aud") not in seuser_grouttings.CHROME_APP_IDS:
+        if j.get("azp") not in settings.CHROME_APP_IDS and j.get("aud") not in settings.CHROME_APP_IDS:
             return False, f"token does not belong to valid APP_ID"
         if j.get("email") in settings.BLOCKED_EMAILS:
             return False, f"email '{j.get('email')}' not allowed"