diff --git a/lib/auth.js b/lib/auth.js
index a55f667a..79275843 100644
--- a/lib/auth.js
+++ b/lib/auth.js
@@ -12,7 +12,7 @@ function errorExit(message) {
   process.exit(1);
 }
 
-function check(username, token) {
+function check(username, token, format = /^[A-Za-z0-9_]+$/) {
   if (typeof username !== 'string') {
     errorExit(`username must be a string, received ${typeof username}`);
   }
@@ -25,7 +25,7 @@ function check(username, token) {
   if (typeof token !== 'string') {
     errorExit(`token must be a string, received ${typeof token}`);
   }
-  if (!/^[A-Za-z0-9_]+$/.test(token)) {
+  if (!format.test(token)) {
     errorExit(`token is misformatted: ${token}`);
   }
 }
@@ -107,7 +107,7 @@ async function auth(
 
     get h1() {
       const { h1_username, h1_token } = getMergedConfig();
-      check(h1_username, h1_token);
+      check(h1_username, h1_token, /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/);
       const h1 = encode(h1_username, h1_token);
       setOwnProperty(result, 'h1', h1);
       return h1;
diff --git a/test/fixtures/run-auth-h1.js b/test/fixtures/run-auth-h1.js
new file mode 100644
index 00000000..e153043c
--- /dev/null
+++ b/test/fixtures/run-auth-h1.js
@@ -0,0 +1,13 @@
+(async function() {
+  const { default: auth } = await import('../../lib/auth.js');
+  const authParams = await auth({ github: false });
+  if (typeof authParams === 'object' && authParams != null) {
+    for (const key of Object.getOwnPropertyNames(authParams)) {
+      if (key !== 'h1') delete authParams[key];
+    }
+  }
+  process.stdout.write(`${JSON.stringify(authParams)}\n`);
+})().catch(err => {
+  console.error(err);
+  process.exit(1);
+});
diff --git a/test/unit/auth.test.js b/test/unit/auth.test.js
index e753cb87..db5119ef 100644
--- a/test/unit/auth.test.js
+++ b/test/unit/auth.test.js
@@ -99,6 +99,17 @@ describe('auth', async function() {
     );
   });
 
+  it('accepts a valid H1 token format', async function() {
+    await runAuthScript(
+      {
+        HOME: { h1_username: 'nyancat', h1_token: 'wWIDaa7wz7uGIryWLuqbJRhqUkLI6qlemK1KaMChhpC=' }
+      },
+      ['{"h1":"bnlhbmNhdDp3V0lEYWE3d3o3dUdJcnlXTHVxYkpSaHFVa0xJNnFsZW1LMUthTUNoaHBDPQ=="}'],
+      '',
+      'run-auth-h1'
+    );
+  });
+
   it('permits capital letters in token format', async function() {
     await runAuthScript(
       { HOME: { username: 'nyancat', token: '0123456789ABCDEF' } },