diff --git a/Composite/C1Console/Actions/FlowHandle.cs b/Composite/C1Console/Actions/FlowHandle.cs
index 5cb7d76d3c..dd121ca26c 100644
--- a/Composite/C1Console/Actions/FlowHandle.cs
+++ b/Composite/C1Console/Actions/FlowHandle.cs
@@ -50,7 +50,7 @@ public static FlowHandle Deserialize(string serializedFlowHandle)
             Type flowTokenType = TypeManager.GetType(flowTokenTypeString);
 
             MethodInfo methodInfo = flowTokenType.GetMethod("Deserialize", BindingFlags.Public | BindingFlags.Static);
-            if (methodInfo == null)
+            if (methodInfo == null || !(typeof(FlowToken).IsAssignableFrom(methodInfo.ReturnType)))
             {
                 throw new InvalidOperationException(string.Format("The flow token '{0}' is missing a public static Deserialize method taking a string as parameter and returning an '{1}'", flowTokenType, typeof(FlowToken)));
             }
diff --git a/Composite/C1Console/Actions/FlowTokenSerializer.cs b/Composite/C1Console/Actions/FlowTokenSerializer.cs
index 13b35d6705..5903281fee 100644
--- a/Composite/C1Console/Actions/FlowTokenSerializer.cs
+++ b/Composite/C1Console/Actions/FlowTokenSerializer.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Reflection;
 using System.Security;
@@ -76,7 +76,7 @@ public static FlowToken Deserialize(string serialziedFlowToken, bool includeHash
             Type flowType = TypeManager.GetType(flowTokenTypeString);
 
             MethodInfo methodInfo = flowType.GetMethod("Deserialize", BindingFlags.Public | BindingFlags.Static);
-            if (methodInfo == null)
+            if (methodInfo == null || !(typeof(FlowToken).IsAssignableFrom(methodInfo.ReturnType)))
             {
                 throw new InvalidOperationException(string.Format("The flow token {0} is missing a public static Deserialize method taking a string as parameter and returning an {1}", flowType, typeof(FlowToken)));
             }
diff --git a/Composite/C1Console/Security/ActionTokenSerializer.cs b/Composite/C1Console/Security/ActionTokenSerializer.cs
index 8fb04182eb..cd52bba4e2 100644
--- a/Composite/C1Console/Security/ActionTokenSerializer.cs
+++ b/Composite/C1Console/Security/ActionTokenSerializer.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Reflection;
 using System.Security;
@@ -83,7 +83,7 @@ public static ActionToken Deserialize(string serialziedActionToken, bool include
             Type actionType = TypeManager.GetType(actionTokenTypeString);
 
             MethodInfo methodInfo = actionType.GetMethod("Deserialize", BindingFlags.Public | BindingFlags.Static);
-            if (methodInfo == null)
+            if (methodInfo == null || !(typeof(ActionToken).IsAssignableFrom(methodInfo.ReturnType)))
             {
                 Log.LogWarning("ActionTokenSerializer", string.Format("The action token {0} is missing a public static Deserialize method taking a string as parameter and returning an {1}", actionType, typeof(ActionToken)));
                 throw new InvalidOperationException(string.Format("The action token {0} is missing a public static Deserialize method taking a string as parameter and returning an {1}", actionType, typeof(ActionToken)));
diff --git a/Composite/C1Console/Security/EntityTokenSerializer.cs b/Composite/C1Console/Security/EntityTokenSerializer.cs
index a9de2f7666..86be9498a2 100644
--- a/Composite/C1Console/Security/EntityTokenSerializer.cs
+++ b/Composite/C1Console/Security/EntityTokenSerializer.cs
@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Reflection;
 using System.Security;
 using Composite.Core.Serialization;
@@ -95,7 +95,7 @@ private static EntityToken DeserializeLegacy(string serializedEntityToken, bool
             Type entityType = TypeManager.GetType(entityTokenTypeString);
 
             MethodInfo methodInfo = entityType.GetMethod("Deserialize", BindingFlags.Public | BindingFlags.Static);
-            if (methodInfo == null)
+            if (methodInfo == null || !(typeof(EntityToken).IsAssignableFrom(methodInfo.ReturnType)))
             {
                 throw new InvalidOperationException($"The entity token {entityType} is missing a public static Deserialize method taking a string as parameter and returning an {typeof(EntityToken)}");
             }
diff --git a/Composite/Core/Serialization/CompositeJsonSerializer.cs b/Composite/Core/Serialization/CompositeJsonSerializer.cs
index cd37ee0abc..3a224715e8 100644
--- a/Composite/Core/Serialization/CompositeJsonSerializer.cs
+++ b/Composite/Core/Serialization/CompositeJsonSerializer.cs
@@ -228,6 +228,14 @@ public static T Deserialize<T>(string str, bool isSigned)
             {
                 return Deserialize<T>(obj);
             }
+
+            if (!(typeof(T).IsAssignableFrom(methodInfo.ReturnType)))
+            {
+                string typeName = str.GetValue(TypeKeyString);
+                Log.LogWarning("CompositeJsonSerializer", string.Format("The action {0} is missing a public static Deserialize method taking a string as parameter and returning an {1}", typeName, typeof(T)));
+                throw new InvalidOperationException(string.Format("The token {0} is missing a public static Deserialize method taking a string as parameter and returning an {1}", typeName, typeof(T)));
+            }
+
             return (T)methodInfo.Invoke(null, new object[] { obj });
         }