diff --git a/packages/plugins/users-permissions/server/controllers/auth.js b/packages/plugins/users-permissions/server/controllers/auth.js
index 507bfa96df..5028ea21cf 100644
--- a/packages/plugins/users-permissions/server/controllers/auth.js
+++ b/packages/plugins/users-permissions/server/controllers/auth.js
@@ -17,6 +17,7 @@ const {
   validateSendEmailConfirmationBody,
   validateForgotPasswordBody,
   validateResetPasswordBody,
+  validateEmailConfirmationBody,
 } = require('./validation/auth');
 
 const { getAbsoluteAdminUrl, getAbsoluteServerUrl, sanitize } = utils;
@@ -328,19 +329,17 @@ module.exports = {
   },
 
   async emailConfirmation(ctx, next, returnUser) {
-    const { confirmation: confirmationToken } = ctx.query;
+    const { confirmation: confirmationToken } = await validateEmailConfirmationBody(ctx.query);
+
+    console.log(confirmationToken);
 
     const userService = getService('user');
     const jwtService = getService('jwt');
 
-    if (_.isEmpty(confirmationToken)) {
-      throw new ValidationError('token.invalid');
-    }
-
     const [user] = await userService.fetchAll({ filters: { confirmationToken } });
 
     if (!user) {
-      throw new ValidationError('token.invalid');
+      throw new ValidationError('Invalid token');
     }
 
     await userService.edit(user.id, { confirmed: true, confirmationToken: null });
diff --git a/packages/plugins/users-permissions/server/controllers/validation/auth.js b/packages/plugins/users-permissions/server/controllers/validation/auth.js
index 81da3ae977..65ef66c318 100644
--- a/packages/plugins/users-permissions/server/controllers/validation/auth.js
+++ b/packages/plugins/users-permissions/server/controllers/validation/auth.js
@@ -23,6 +23,10 @@ const sendEmailConfirmationSchema = yup.object({
     .required(),
 });
 
+const validateEmailConfirmationSchema = yup.object({
+  confirmation: yup.string().required(),
+});
+
 const forgotPasswordSchema = yup
   .object({
     email: yup
@@ -44,6 +48,7 @@ module.exports = {
   validateCallbackBody: validateYupSchema(callbackSchema),
   validateRegisterBody: validateYupSchema(registerSchema),
   validateSendEmailConfirmationBody: validateYupSchema(sendEmailConfirmationSchema),
+  validateEmailConfirmationBody: validateYupSchema(validateEmailConfirmationSchema),
   validateForgotPasswordBody: validateYupSchema(forgotPasswordSchema),
   validateResetPasswordBody: validateYupSchema(resetPasswordSchema),
 };