diff --git a/internal/server/turn.go b/internal/server/turn.go
index b3e972bc..5367b82d 100644
--- a/internal/server/turn.go
+++ b/internal/server/turn.go
@@ -115,6 +115,12 @@ func handleAllocateRequest(r Request, m *stun.Message) error {
 		}
 	}
 
+	// Parse realm and username (already checked in authenticateRequest)
+	realmAttr := &stun.Realm{}
+	_ = realmAttr.GetFrom(m)
+	usernameAttr := &stun.Username{}
+	_ = usernameAttr.GetFrom(m)
+
 	// 7. At any point, the server MAY choose to reject the request with a
 	//    486 (Allocation Quota Reached) error if it feels the client is
 	//    trying to exceed some locally defined allocation quota.  The
@@ -127,11 +133,6 @@ func handleAllocateRequest(r Request, m *stun.Message) error {
 	//    client to a different server.  The use of this error code and
 	//    attribute follow the specification in [RFC5389].
 	lifetimeDuration := allocationLifeTime(m)
-	// Already checked realm/username in authenticateRequest
-	realmAttr := &stun.Realm{}
-	_ = realmAttr.GetFrom(m)
-	usernameAttr := &stun.Username{}
-	_ = usernameAttr.GetFrom(m)
 	a, err := r.AllocationManager.CreateAllocation(
 		fiveTuple,
 		r.Conn,