diff --git a/libloki/crypto.js b/libloki/crypto.js
index 062b669da..c62468bd4 100644
--- a/libloki/crypto.js
+++ b/libloki/crypto.js
@@ -175,16 +175,13 @@
     return signature;
   }
 
-  async function validateAuthorisation(authorisation) {
+  async function verifyAuthorisation(authorisation) {
     const {
       primaryDevicePubKey,
       secondaryDevicePubKey,
       requestSignature,
       grantSignature,
     } = authorisation;
-    const alreadySecondaryDevice = !!window.storage.get('isSecondaryDevice');
-    const ourPubKey = textsecure.storage.user.getNumber();
-    const isRequest = !grantSignature;
     const isGrant = !!grantSignature;
     if (!primaryDevicePubKey || !secondaryDevicePubKey) {
       window.log.warn(
@@ -196,19 +193,6 @@
         'Received a pairing request with missing request signature. Ignored.'
       );
       return false;
-    } else if (isRequest && alreadySecondaryDevice) {
-      window.log.warn(
-        'Received a pairing request while being a secondary device. Ignored.'
-      );
-      return false;
-    } else if (isRequest && authorisation.primaryDevicePubKey !== ourPubKey) {
-      window.log.warn(
-        'Received a pairing request addressed to another pubkey. Ignored.'
-      );
-      return false;
-    } else if (isRequest && authorisation.secondaryDevicePubKey === ourPubKey) {
-      window.log.warn('Received a pairing request from ourselves. Ignored.');
-      return false;
     }
     const verify = async (signature, signatureType) => {
       const encoding = typeof signature === 'string' ? 'base64' : undefined;
@@ -228,6 +212,7 @@
       window.log.error(e);
       return false;
     }
+    // can't have grant without requestSignature?
     if (isGrant) {
       try {
         await verify(grantSignature, PairingType.GRANT);
@@ -242,6 +227,33 @@
     return true;
   }
 
+  // FIXME: rename to include the fact it's relative to YOUR device
+  async function validateAuthorisation(authorisation) {
+    const {
+      primaryDevicePubKey,
+      secondaryDevicePubKey,
+      grantSignature,
+    } = authorisation;
+    const alreadySecondaryDevice = !!window.storage.get('isSecondaryDevice');
+    const ourPubKey = textsecure.storage.user.getNumber();
+    const isRequest = !grantSignature;
+    if (isRequest && alreadySecondaryDevice) {
+      window.log.warn(
+        'Received a pairing request while being a secondary device. Ignored.'
+      );
+      return false;
+    } else if (isRequest && primaryDevicePubKey !== ourPubKey) {
+      window.log.warn(
+        'Received a pairing request addressed to another pubkey. Ignored.'
+      );
+      return false;
+    } else if (isRequest && secondaryDevicePubKey === ourPubKey) {
+      window.log.warn('Received a pairing request from ourselves. Ignored.');
+      return false;
+    }
+    return this.verifyAuthorisation(authorisation);
+  }
+
   async function verifyPairingSignature(
     primaryDevicePubKey,
     secondaryPubKey,
@@ -307,6 +319,7 @@
     decryptToken,
     generateSignatureForPairing,
     verifyPairingSignature,
+    verifyAuthorisation,
     validateAuthorisation,
     PairingType,
     // for testing