diff --git a/modules/auth/handlers/handlers.go b/modules/auth/handlers/handlers.go
index 2c4ee6c..9138fa7 100644
--- a/modules/auth/handlers/handlers.go
+++ b/modules/auth/handlers/handlers.go
@@ -56,7 +56,7 @@ func (s Server) generateImpersonationToken(userID string, impersonated_by string
 
 	at := jwt.NewWithClaims(jwt.SigningMethodHS256, accessClaims)
 
-	accessToken, err = at.SignedString(s.JwtPrivateKey)
+	accessToken, err = at.SignedString([]byte(s.JwtPrivateKey))
 	if err != nil {
 		return "", err
 	}
@@ -159,7 +159,7 @@ func (s Server) PostSignIn(ctx context.Context, req auth.PostSignInRequestObject
 	return result, nil
 }
 
-func (s Server) GetImpersonationToken(ctx context.Context, request auth.GetImpersonationTokenRequestObject) (auth.GetImpersonationTokenResponseObject, error) {
+func (s Server) GetImpersonationToken(ctx context.Context, req auth.GetImpersonationTokenRequestObject) (auth.GetImpersonationTokenResponseObject, error) {
 	ginCtx, ok := ctx.Value(gin.ContextKey).(*gin.Context)
 	if !ok {
 		log.Print("failed to get gin context")
@@ -167,11 +167,30 @@ func (s Server) GetImpersonationToken(ctx context.Context, request auth.GetImper
 		return auth.GetImpersonationToken200JSONResponse{}, fmt.Errorf("failed to get gin.Context from context.Context")
 	}
 
-	token := ginCtx.Request.Header.Get("Authorization")
+	token, err := ExtractBearerToken(ginCtx.Request.Header.Get("Authorization"))
+	if err != nil {
+		// TODO: return 500
+		log.Errorf("failed to extract bearer token: %v", err)
+		return auth.GetImpersonationToken401Response{}, err
+	}
 	log.Printf("got auth token: %s", token)
-	//s.db.GetExternalServiceByToken()
 
-	return auth.PostSignIn401Response{}, nil
+	ext_service, err := s.db.GetExternalServiceByToken(context.Background(), &token)
+	if err != nil {
+		log.Errorf("failed to get external service by token: %v", err)
+		return auth.GetImpersonationToken401Response{}, err
+		// TODO: check err and retyrn 400/500
+	}
+
+	// TODO: handle tgid
+	accessToken, err := s.generateImpersonationToken(fmt.Sprintf("%d", *req.Body.UserId), fmt.Sprintf("%d", ext_service.ID))
+	if err != nil {
+		log.Errorf("failed to generate impersonation token: %v", err)
+		return auth.GetImpersonationToken401Response{}, err
+		// TODO: check err and retyrn 400/500
+	}
+
+	return auth.GetImpersonationToken200JSONResponse{AccessToken: accessToken}, nil
 }
 
 // func (s Server) PostAuthVerifyToken(ctx context.Context, req auth.PostAuthVerifyTokenRequestObject) (auth.PostAuthVerifyTokenResponseObject, error) {
@@ -266,3 +285,11 @@ func (s Server) GetImpersonationToken(ctx context.Context, request auth.GetImper
 // 		Error:  errStr,
 // 	}, nil
 // }
+
+func ExtractBearerToken(header string) (string, error) {
+	const prefix = "Bearer "
+	if len(header) <= len(prefix) || header[:len(prefix)] != prefix {
+		return "", fmt.Errorf("invalid bearer token format")
+	}
+	return header[len(prefix):], nil
+}