diff --git a/internal/api/client/accounts/accountalias.go b/internal/api/client/accounts/accountalias.go
index 3f869c0d6..5d63f42d5 100644
--- a/internal/api/client/accounts/accountalias.go
+++ b/internal/api/client/accounts/accountalias.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountAliasPOSTHandler swagger:operation POST /api/v1/accounts/alias accountAlias
@@ -77,7 +76,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountAliasPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/accountcreate.go b/internal/api/client/accounts/accountcreate.go
index 33d743791..642963dc5 100644
--- a/internal/api/client/accounts/accountcreate.go
+++ b/internal/api/client/accounts/accountcreate.go
@@ -26,7 +26,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/validate"
 )
 
@@ -74,7 +73,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountCreatePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, false, false)
+	authed, err := apiutil.TokenAuth(c, true, true, false, false)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/accountdelete.go b/internal/api/client/accounts/accountdelete.go
index 9a1ef7931..5a2fb8daf 100644
--- a/internal/api/client/accounts/accountdelete.go
+++ b/internal/api/client/accounts/accountdelete.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"golang.org/x/crypto/bcrypt"
 )
 
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountDeletePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/accountget.go b/internal/api/client/accounts/accountget.go
index 4c1b66a20..c3e6c841e 100644
--- a/internal/api/client/accounts/accountget.go
+++ b/internal/api/client/accounts/accountget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountGETHandler swagger:operation GET /api/v1/accounts/{id} accountGet
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/accountmove.go b/internal/api/client/accounts/accountmove.go
index 3698c06a3..e2026f28d 100644
--- a/internal/api/client/accounts/accountmove.go
+++ b/internal/api/client/accounts/accountmove.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountMovePOSTHandler swagger:operation POST /api/v1/accounts/move accountMove
@@ -74,7 +73,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountMovePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/accountupdate.go b/internal/api/client/accounts/accountupdate.go
index 5d3a3da5f..d8a6f3ae4 100644
--- a/internal/api/client/accounts/accountupdate.go
+++ b/internal/api/client/accounts/accountupdate.go
@@ -30,7 +30,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountUpdateCredentialsPATCHHandler swagger:operation PATCH /api/v1/accounts/update_credentials accountUpdate
@@ -236,7 +235,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountUpdateCredentialsPATCHHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/accountverify.go b/internal/api/client/accounts/accountverify.go
index 1799089ab..f8b06b09a 100644
--- a/internal/api/client/accounts/accountverify.go
+++ b/internal/api/client/accounts/accountverify.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountVerifyGETHandler swagger:operation GET /api/v1/accounts/verify_credentials accountVerify
@@ -56,7 +55,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountVerifyGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/block.go b/internal/api/client/accounts/block.go
index 24ff099a7..4159799a4 100644
--- a/internal/api/client/accounts/block.go
+++ b/internal/api/client/accounts/block.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountBlockPOSTHandler swagger:operation POST /api/v1/accounts/{id}/block accountBlock
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountBlockPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/featuredtags.go b/internal/api/client/accounts/featuredtags.go
index 312a92bcc..ee3a46556 100644
--- a/internal/api/client/accounts/featuredtags.go
+++ b/internal/api/client/accounts/featuredtags.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountFeaturedTagsGETHandler swagger:operation GET /api/v1/accounts/{id}/featured_tags accountsFeaturedTags
@@ -68,7 +67,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountFeaturedTagsGETHandler(c *gin.Context) {
-	_, err := oauth.Authed(c, true, true, true, true)
+	_, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/follow.go b/internal/api/client/accounts/follow.go
index 8a6e99744..0b807cdc4 100644
--- a/internal/api/client/accounts/follow.go
+++ b/internal/api/client/accounts/follow.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountFollowPOSTHandler swagger:operation POST /api/v1/accounts/{id}/follow accountFollow
@@ -91,7 +90,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountFollowPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/followers.go b/internal/api/client/accounts/followers.go
index 332788c3a..f352ea1da 100644
--- a/internal/api/client/accounts/followers.go
+++ b/internal/api/client/accounts/followers.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -119,7 +118,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountFollowersGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/following.go b/internal/api/client/accounts/following.go
index bdd9ff3de..dc437a4a9 100644
--- a/internal/api/client/accounts/following.go
+++ b/internal/api/client/accounts/following.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -119,7 +118,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountFollowingGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/lists.go b/internal/api/client/accounts/lists.go
index 7bd1227a8..392406a8c 100644
--- a/internal/api/client/accounts/lists.go
+++ b/internal/api/client/accounts/lists.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountListsGETHandler swagger:operation GET /api/v1/accounts/{id}/lists accountLists
@@ -69,7 +68,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountListsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/lookup.go b/internal/api/client/accounts/lookup.go
index d2a8e76be..09db4d1c0 100644
--- a/internal/api/client/accounts/lookup.go
+++ b/internal/api/client/accounts/lookup.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountLookupGETHandler swagger:operation GET /api/v1/accounts/lookup accountLookupGet
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountLookupGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/mute.go b/internal/api/client/accounts/mute.go
index c9a57a348..71e17903a 100644
--- a/internal/api/client/accounts/mute.go
+++ b/internal/api/client/accounts/mute.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
@@ -86,7 +85,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountMutePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/note.go b/internal/api/client/accounts/note.go
index bcfd232ae..e3e90e3b5 100644
--- a/internal/api/client/accounts/note.go
+++ b/internal/api/client/accounts/note.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountNotePOSTHandler swagger:operation POST /api/v1/accounts/{id}/note accountNote
@@ -75,7 +74,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountNotePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/profile.go b/internal/api/client/accounts/profile.go
index 8ff59a23b..5a5cc33c0 100644
--- a/internal/api/client/accounts/profile.go
+++ b/internal/api/client/accounts/profile.go
@@ -26,7 +26,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountAvatarDELETEHandler swagger:operation DELETE /api/v1/profile/avatar accountAvatarDelete
@@ -102,7 +101,7 @@ func (m *Module) AccountHeaderDELETEHandler(c *gin.Context) {
 // accountDeleteProfileAttachment checks that an authenticated account is present and allowed to alter itself,
 // runs an attachment deletion processor method, and returns the updated account.
 func (m *Module) accountDeleteProfileAttachment(c *gin.Context, processDelete func(context.Context, *gtsmodel.Account) (*apimodel.Account, gtserror.WithCode)) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/relationships.go b/internal/api/client/accounts/relationships.go
index 30d7dd666..f18026ab4 100644
--- a/internal/api/client/accounts/relationships.go
+++ b/internal/api/client/accounts/relationships.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountRelationshipsGETHandler swagger:operation GET /api/v1/accounts/relationships accountRelationships
@@ -73,7 +72,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountRelationshipsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/search.go b/internal/api/client/accounts/search.go
index 13c135601..e42a9a9a7 100644
--- a/internal/api/client/accounts/search.go
+++ b/internal/api/client/accounts/search.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountSearchGETHandler swagger:operation GET /api/v1/accounts/search accountSearchGet
@@ -107,7 +106,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountSearchGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/statuses.go b/internal/api/client/accounts/statuses.go
index a72a464ed..db0b22d29 100644
--- a/internal/api/client/accounts/statuses.go
+++ b/internal/api/client/accounts/statuses.go
@@ -26,7 +26,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountStatusesGETHandler swagger:operation GET /api/v1/accounts/{id}/statuses accountStatuses
@@ -134,7 +133,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountStatusesGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/themesget.go b/internal/api/client/accounts/themesget.go
index 5a0cb6d94..8dba73b4d 100644
--- a/internal/api/client/accounts/themesget.go
+++ b/internal/api/client/accounts/themesget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountThemesGETHandler swagger:operation GET /api/v1/accounts/themes accountThemes
@@ -60,7 +59,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountThemesGETHandler(c *gin.Context) {
-	_, err := oauth.Authed(c, true, true, true, true)
+	_, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/unblock.go b/internal/api/client/accounts/unblock.go
index e8144711e..0e4f4febf 100644
--- a/internal/api/client/accounts/unblock.go
+++ b/internal/api/client/accounts/unblock.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountUnblockPOSTHandler swagger:operation POST /api/v1/accounts/{id}/unblock accountUnblock
@@ -67,7 +66,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountUnblockPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/unfollow.go b/internal/api/client/accounts/unfollow.go
index 9eb66aed3..ee1f57d3d 100644
--- a/internal/api/client/accounts/unfollow.go
+++ b/internal/api/client/accounts/unfollow.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountUnfollowPOSTHandler swagger:operation POST /api/v1/accounts/{id}/unfollow accountUnfollow
@@ -67,7 +66,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountUnfollowPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/accounts/unmute.go b/internal/api/client/accounts/unmute.go
index 665c3908e..bf666d181 100644
--- a/internal/api/client/accounts/unmute.go
+++ b/internal/api/client/accounts/unmute.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountUnmutePOSTHandler swagger:operation POST /api/v1/accounts/{id}/unmute accountUnmute
@@ -69,7 +68,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountUnmutePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/accountaction.go b/internal/api/client/admin/accountaction.go
index 64e6c39ca..371357abe 100644
--- a/internal/api/client/admin/accountaction.go
+++ b/internal/api/client/admin/accountaction.go
@@ -26,7 +26,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountActionPOSTHandler swagger:operation POST /api/v1/admin/accounts/{id}/action adminAccountAction
@@ -87,7 +86,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountActionPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/accountapprove.go b/internal/api/client/admin/accountapprove.go
index 7aaa48509..fdc5d3866 100644
--- a/internal/api/client/admin/accountapprove.go
+++ b/internal/api/client/admin/accountapprove.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountApprovePOSTHandler swagger:operation POST /api/v1/admin/accounts/{id}/approve adminAccountApprove
@@ -68,7 +67,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountApprovePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/accountget.go b/internal/api/client/admin/accountget.go
index 3a656fecc..848e60e1f 100644
--- a/internal/api/client/admin/accountget.go
+++ b/internal/api/client/admin/accountget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountGETHandler swagger:operation GET /api/v1/admin/accounts/{id} adminAccountGet
@@ -68,7 +67,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/accountreject.go b/internal/api/client/admin/accountreject.go
index a4653985d..9a160e89b 100644
--- a/internal/api/client/admin/accountreject.go
+++ b/internal/api/client/admin/accountreject.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AccountRejectPOSTHandler swagger:operation POST /api/v1/admin/accounts/{id}/reject adminAccountReject
@@ -90,7 +89,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AccountRejectPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/accountsgetv1.go b/internal/api/client/admin/accountsgetv1.go
index f333492de..f932cda1e 100644
--- a/internal/api/client/admin/accountsgetv1.go
+++ b/internal/api/client/admin/accountsgetv1.go
@@ -182,12 +182,11 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
 func (m *Module) AccountsGETV1Handler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/accountsgetv2.go b/internal/api/client/admin/accountsgetv2.go
index 27024e7a2..2e9787116 100644
--- a/internal/api/client/admin/accountsgetv2.go
+++ b/internal/api/client/admin/accountsgetv2.go
@@ -155,12 +155,11 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
 func (m *Module) AccountsGETV2Handler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/debug_on.go b/internal/api/client/admin/debug_on.go
index ea42206f8..5fb8fdd1d 100644
--- a/internal/api/client/admin/debug_on.go
+++ b/internal/api/client/admin/debug_on.go
@@ -27,11 +27,10 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 func (m *Module) DebugAPUrlHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.Authed(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
@@ -58,7 +57,7 @@ func (m *Module) DebugAPUrlHandler(c *gin.Context) {
 }
 
 func (m *Module) DebugClearCachesHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.Authed(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainkeysexpire.go b/internal/api/client/admin/domainkeysexpire.go
index 0926519f5..6bf891b2c 100644
--- a/internal/api/client/admin/domainkeysexpire.go
+++ b/internal/api/client/admin/domainkeysexpire.go
@@ -28,7 +28,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // DomainKeysExpirePOSTHandler swagger:operation POST /api/v1/admin/domain_keys_expire domainKeysExpire
@@ -95,7 +94,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainKeysExpirePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermission.go b/internal/api/client/admin/domainpermission.go
index 5138be898..ad353b28c 100644
--- a/internal/api/client/admin/domainpermission.go
+++ b/internal/api/client/admin/domainpermission.go
@@ -29,7 +29,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 type singleDomainPermCreate func(
@@ -63,7 +62,7 @@ func (m *Module) createDomainPermissions(
 	single singleDomainPermCreate,
 	multi multiDomainPermCreate,
 ) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
@@ -171,7 +170,7 @@ func (m *Module) deleteDomainPermission(
 	c *gin.Context,
 	permType gtsmodel.DomainPermissionType, // block/allow
 ) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
@@ -218,7 +217,7 @@ func (m *Module) getDomainPermission(
 	c *gin.Context,
 	permType gtsmodel.DomainPermissionType,
 ) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
@@ -266,7 +265,7 @@ func (m *Module) getDomainPermissions(
 	c *gin.Context,
 	permType gtsmodel.DomainPermissionType,
 ) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissiondraftaccept.go b/internal/api/client/admin/domainpermissiondraftaccept.go
index 5e484cbf3..ef54b52cd 100644
--- a/internal/api/client/admin/domainpermissiondraftaccept.go
+++ b/internal/api/client/admin/domainpermissiondraftaccept.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // DomainPermissionDraftAcceptPOSTHandler swagger:operation POST /api/v1/admin/domain_permission_drafts/{id}/accept domainPermissionDraftAccept
@@ -81,7 +80,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionDraftAcceptPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissiondraftcreate.go b/internal/api/client/admin/domainpermissiondraftcreate.go
index ec94f947b..3a781a131 100644
--- a/internal/api/client/admin/domainpermissiondraftcreate.go
+++ b/internal/api/client/admin/domainpermissiondraftcreate.go
@@ -26,7 +26,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // DomainPermissionDraftsPOSTHandler swagger:operation POST /api/v1/admin/domain_permission_drafts domainPermissionDraftCreate
@@ -99,7 +98,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionDraftsPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissiondraftget.go b/internal/api/client/admin/domainpermissiondraftget.go
index aef3b094b..2bdc30d09 100644
--- a/internal/api/client/admin/domainpermissiondraftget.go
+++ b/internal/api/client/admin/domainpermissiondraftget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // DomainPermissionDraftGETHandler swagger:operation GET /api/v1/admin/domain_permission_drafts/{id} domainPermissionDraftGet
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionDraftGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissiondraftremove.go b/internal/api/client/admin/domainpermissiondraftremove.go
index 78169508c..ba7e14547 100644
--- a/internal/api/client/admin/domainpermissiondraftremove.go
+++ b/internal/api/client/admin/domainpermissiondraftremove.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // DomainPermissionDraftRemovePOSTHandler swagger:operation POST /api/v1/admin/domain_permission_drafts/{id}/remove domainPermissionDraftRemove
@@ -81,7 +80,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionDraftRemovePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissiondraftsget.go b/internal/api/client/admin/domainpermissiondraftsget.go
index 21ce5dc43..14efac098 100644
--- a/internal/api/client/admin/domainpermissiondraftsget.go
+++ b/internal/api/client/admin/domainpermissiondraftsget.go
@@ -26,7 +26,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -125,7 +124,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionDraftsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissionexcludecreate.go b/internal/api/client/admin/domainpermissionexcludecreate.go
index dd0b3b493..a9e409efc 100644
--- a/internal/api/client/admin/domainpermissionexcludecreate.go
+++ b/internal/api/client/admin/domainpermissionexcludecreate.go
@@ -25,7 +25,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // DomainPermissionExcludesPOSTHandler swagger:operation POST /api/v1/admin/domain_permission_excludes domainPermissionExcludeCreate
@@ -82,7 +81,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionExcludesPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissionexcludeget.go b/internal/api/client/admin/domainpermissionexcludeget.go
index ca110abd5..fc9b04168 100644
--- a/internal/api/client/admin/domainpermissionexcludeget.go
+++ b/internal/api/client/admin/domainpermissionexcludeget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // DomainPermissionExcludeGETHandler swagger:operation GET /api/v1/admin/domain_permission_excludes/{id} domainPermissionExcludeGet
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionExcludeGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissionexcluderemove.go b/internal/api/client/admin/domainpermissionexcluderemove.go
index a167ae5a5..6d0d8567a 100644
--- a/internal/api/client/admin/domainpermissionexcluderemove.go
+++ b/internal/api/client/admin/domainpermissionexcluderemove.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // DomainPermissionExcludeDELETEHandler swagger:operation DELETE /api/v1/admin/domain_permission_excludes/{id} domainPermissionExcludeDelete
@@ -68,7 +67,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionExcludeDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissionexcludesget.go b/internal/api/client/admin/domainpermissionexcludesget.go
index 71eedec52..4f3a6eedb 100644
--- a/internal/api/client/admin/domainpermissionexcludesget.go
+++ b/internal/api/client/admin/domainpermissionexcludesget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -113,7 +112,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionExcludesGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissionsubscriptioncreate.go b/internal/api/client/admin/domainpermissionsubscriptioncreate.go
index dd0b43aca..7645c10fd 100644
--- a/internal/api/client/admin/domainpermissionsubscriptioncreate.go
+++ b/internal/api/client/admin/domainpermissionsubscriptioncreate.go
@@ -27,7 +27,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
@@ -145,7 +144,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionSubscriptionPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissionsubscriptionget.go b/internal/api/client/admin/domainpermissionsubscriptionget.go
index 841e37f24..6d83ebcc7 100644
--- a/internal/api/client/admin/domainpermissionsubscriptionget.go
+++ b/internal/api/client/admin/domainpermissionsubscriptionget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // DomainPermissionSubscriptionGETHandler swagger:operation GET /api/v1/admin/domain_permission_subscriptions/{id} domainPermissionSubscriptionGet
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionSubscriptionGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissionsubscriptionremove.go b/internal/api/client/admin/domainpermissionsubscriptionremove.go
index 97f226a31..113de70ff 100644
--- a/internal/api/client/admin/domainpermissionsubscriptionremove.go
+++ b/internal/api/client/admin/domainpermissionsubscriptionremove.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
@@ -88,7 +87,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionSubscriptionRemovePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissionsubscriptionsget.go b/internal/api/client/admin/domainpermissionsubscriptionsget.go
index 477013ec9..b4b94c0a7 100644
--- a/internal/api/client/admin/domainpermissionsubscriptionsget.go
+++ b/internal/api/client/admin/domainpermissionsubscriptionsget.go
@@ -26,7 +26,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -115,7 +114,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionSubscriptionsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissionsubscriptionspreviewget.go b/internal/api/client/admin/domainpermissionsubscriptionspreviewget.go
index dc46c159b..89c73dea2 100644
--- a/internal/api/client/admin/domainpermissionsubscriptionspreviewget.go
+++ b/internal/api/client/admin/domainpermissionsubscriptionspreviewget.go
@@ -26,7 +26,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // DomainPermissionSubscriptionsPreviewGETHandler swagger:operation GET /api/v1/admin/domain_permission_subscriptions/preview domainPermissionSubscriptionsPreviewGet
@@ -74,7 +73,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionSubscriptionsPreviewGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissionsubscriptiontest.go b/internal/api/client/admin/domainpermissionsubscriptiontest.go
index 395a1a69c..894510608 100644
--- a/internal/api/client/admin/domainpermissionsubscriptiontest.go
+++ b/internal/api/client/admin/domainpermissionsubscriptiontest.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // DomainPermissionSubscriptionTestPOSTHandler swagger:operation POST /api/v1/admin/domain_permission_subscriptions/{id}/test domainPermissionSubscriptionTest
@@ -76,7 +75,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionSubscriptionTestPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/domainpermissionsubscriptionupdate.go b/internal/api/client/admin/domainpermissionsubscriptionupdate.go
index de73c4d3e..6c2236a1a 100644
--- a/internal/api/client/admin/domainpermissionsubscriptionupdate.go
+++ b/internal/api/client/admin/domainpermissionsubscriptionupdate.go
@@ -28,7 +28,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
@@ -141,7 +140,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) DomainPermissionSubscriptionPATCHHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/emailtest.go b/internal/api/client/admin/emailtest.go
index 9b214a926..9ed4298a7 100644
--- a/internal/api/client/admin/emailtest.go
+++ b/internal/api/client/admin/emailtest.go
@@ -26,7 +26,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // EmailTestPostHandler swagger:operation POST /api/v1/admin/email/test testEmailSend
@@ -87,7 +86,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) EmailTestPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/emojicategoriesget.go b/internal/api/client/admin/emojicategoriesget.go
index 51eb8fee4..6a8496bf0 100644
--- a/internal/api/client/admin/emojicategoriesget.go
+++ b/internal/api/client/admin/emojicategoriesget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // EmojiCategoriesGETHandler swagger:operation GET /api/v1/admin/custom_emojis/categories emojiCategoriesGet
@@ -58,7 +57,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) EmojiCategoriesGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/emojicreate.go b/internal/api/client/admin/emojicreate.go
index 07fa4d4a8..c27d75dab 100644
--- a/internal/api/client/admin/emojicreate.go
+++ b/internal/api/client/admin/emojicreate.go
@@ -27,7 +27,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/validate"
 )
 
@@ -98,7 +97,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) EmojiCreatePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/emojidelete.go b/internal/api/client/admin/emojidelete.go
index 9f9f9d286..30fc3f420 100644
--- a/internal/api/client/admin/emojidelete.go
+++ b/internal/api/client/admin/emojidelete.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // EmojiDELETEHandler swagger:operation DELETE /api/v1/admin/custom_emojis/{id} emojiDelete
@@ -74,7 +73,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) EmojiDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/emojiget.go b/internal/api/client/admin/emojiget.go
index 7ecbcfa19..d1f2afff9 100644
--- a/internal/api/client/admin/emojiget.go
+++ b/internal/api/client/admin/emojiget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // EmojiGETHandler swagger:operation GET /api/v1/admin/custom_emojis/{id} emojiGet
@@ -64,7 +63,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) EmojiGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/emojisget.go b/internal/api/client/admin/emojisget.go
index d50b553ac..c4c3dfa73 100644
--- a/internal/api/client/admin/emojisget.go
+++ b/internal/api/client/admin/emojisget.go
@@ -27,7 +27,6 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // EmojisGETHandler swagger:operation GET /api/v1/admin/custom_emojis emojisGet
@@ -123,7 +122,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) EmojisGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/emojiupdate.go b/internal/api/client/admin/emojiupdate.go
index b8ac101c0..0918407cf 100644
--- a/internal/api/client/admin/emojiupdate.go
+++ b/internal/api/client/admin/emojiupdate.go
@@ -28,7 +28,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/validate"
 )
 
@@ -125,7 +124,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) EmojiPATCHHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/headerfilter.go b/internal/api/client/admin/headerfilter.go
index d3dad5917..e2c218b69 100644
--- a/internal/api/client/admin/headerfilter.go
+++ b/internal/api/client/admin/headerfilter.go
@@ -27,12 +27,11 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // getHeaderFilter is a gin handler function that returns details of an HTTP header filter with provided ID, using given get function.
 func (m *Module) getHeaderFilter(c *gin.Context, get func(context.Context, string) (*apimodel.HeaderFilter, gtserror.WithCode)) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
@@ -69,7 +68,7 @@ func (m *Module) getHeaderFilter(c *gin.Context, get func(context.Context, strin
 
 // getHeaderFilters is a gin handler function that returns details of all HTTP header filters using given get function.
 func (m *Module) getHeaderFilters(c *gin.Context, get func(context.Context) ([]*apimodel.HeaderFilter, gtserror.WithCode)) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
@@ -100,7 +99,7 @@ func (m *Module) getHeaderFilters(c *gin.Context, get func(context.Context) ([]*
 
 // createHeaderFilter is a gin handler function that creates a HTTP header filter entry using provided form data, passing to given create function.
 func (m *Module) createHeaderFilter(c *gin.Context, create func(context.Context, *gtsmodel.Account, *apimodel.HeaderFilterRequest) (*apimodel.HeaderFilter, gtserror.WithCode)) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
@@ -148,7 +147,7 @@ func (m *Module) createHeaderFilter(c *gin.Context, create func(context.Context,
 
 // deleteHeaderFilter is a gin handler function that deletes an HTTP header filter with provided ID, using given delete function.
 func (m *Module) deleteHeaderFilter(c *gin.Context, delete func(context.Context, string) gtserror.WithCode) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
diff --git a/internal/api/client/admin/mediacleanup.go b/internal/api/client/admin/mediacleanup.go
index 661a8ff15..2af86c289 100644
--- a/internal/api/client/admin/mediacleanup.go
+++ b/internal/api/client/admin/mediacleanup.go
@@ -26,7 +26,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // MediaCleanupPOSTHandler swagger:operation POST /api/v1/admin/media_cleanup mediaCleanup
@@ -69,7 +68,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) MediaCleanupPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/mediarefetch.go b/internal/api/client/admin/mediarefetch.go
index b2b0516ba..5913071af 100644
--- a/internal/api/client/admin/mediarefetch.go
+++ b/internal/api/client/admin/mediarefetch.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // MediaRefetchPOSTHandler swagger:operation POST /api/v1/admin/media_refetch mediaRefetch
@@ -71,7 +70,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) MediaRefetchPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/reportget.go b/internal/api/client/admin/reportget.go
index f2acd214c..536619604 100644
--- a/internal/api/client/admin/reportget.go
+++ b/internal/api/client/admin/reportget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ReportGETHandler swagger:operation GET /api/v1/admin/reports/{id} adminReportGet
@@ -67,7 +66,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ReportGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/reportresolve.go b/internal/api/client/admin/reportresolve.go
index f17ae24be..c4fd1aea4 100644
--- a/internal/api/client/admin/reportresolve.go
+++ b/internal/api/client/admin/reportresolve.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ReportResolvePOSTHandler swagger:operation POST /api/v1/admin/reports/{id}/resolve adminReportResolve
@@ -84,7 +83,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ReportResolvePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/reportsget.go b/internal/api/client/admin/reportsget.go
index 893960e2a..80fb54b67 100644
--- a/internal/api/client/admin/reportsget.go
+++ b/internal/api/client/admin/reportsget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -125,7 +124,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ReportsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/rulecreate.go b/internal/api/client/admin/rulecreate.go
index 8728940c5..725a654b5 100644
--- a/internal/api/client/admin/rulecreate.go
+++ b/internal/api/client/admin/rulecreate.go
@@ -26,7 +26,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // RulePOSTHandler swagger:operation POST /api/v1/admin/instance/rules ruleCreate
@@ -65,7 +64,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) RulePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/ruledelete.go b/internal/api/client/admin/ruledelete.go
index 7e8fc0037..248f4c544 100644
--- a/internal/api/client/admin/ruledelete.go
+++ b/internal/api/client/admin/ruledelete.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // RuleDELETEHandler swagger:operation DELETE /api/v1/admin/instance/rules/{id} ruleDelete
@@ -72,7 +71,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) RuleDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/ruleget.go b/internal/api/client/admin/ruleget.go
index da76232eb..36cf553b9 100644
--- a/internal/api/client/admin/ruleget.go
+++ b/internal/api/client/admin/ruleget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // RuleGETHandler swagger:operation GET /api/v1/admin/instance/rules/{id} adminRuleGet
@@ -67,7 +66,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) RuleGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/rulesget.go b/internal/api/client/admin/rulesget.go
index b22ab1a8a..d1b319542 100644
--- a/internal/api/client/admin/rulesget.go
+++ b/internal/api/client/admin/rulesget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // RulesGETHandler swagger:operation GET /api/v1/admin/instance/rules adminsRuleGet
@@ -64,7 +63,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) RulesGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/admin/ruleupdate.go b/internal/api/client/admin/ruleupdate.go
index d58c30d94..962c92e03 100644
--- a/internal/api/client/admin/ruleupdate.go
+++ b/internal/api/client/admin/ruleupdate.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // RulePATCHHandler swagger:operation PATCH /api/v1/admin/instance/rules/{id} ruleUpdate
@@ -64,7 +63,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) RulePATCHHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/announcements/announcementsget.go b/internal/api/client/announcements/announcementsget.go
index 04bd5f285..f8960479f 100644
--- a/internal/api/client/announcements/announcementsget.go
+++ b/internal/api/client/announcements/announcementsget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // AnnouncementsGETHandler swagger:operation GET /api/v1/announcements announcementsGet
@@ -59,7 +58,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) AnnouncementsGETHandler(c *gin.Context) {
-	_, err := oauth.Authed(c, true, true, true, true)
+	_, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/apps/appcreate.go b/internal/api/client/apps/appcreate.go
index 8aa87c3b3..7d1e7ff0b 100644
--- a/internal/api/client/apps/appcreate.go
+++ b/internal/api/client/apps/appcreate.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // these consts are used to ensure users can't spam huge entries into our database
@@ -74,7 +73,7 @@ const (
 //		'500':
 //			description: internal server error
 func (m *Module) AppsPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, false, false, false, false)
+	authed, err := apiutil.TokenAuth(c, false, false, false, false)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/blocks/blocksget.go b/internal/api/client/blocks/blocksget.go
index fe5104c61..8b24b4e5c 100644
--- a/internal/api/client/blocks/blocksget.go
+++ b/internal/api/client/blocks/blocksget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -107,7 +106,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) BlocksGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/bookmarks/bookmarksget.go b/internal/api/client/bookmarks/bookmarksget.go
index e6489c405..e797a464d 100644
--- a/internal/api/client/bookmarks/bookmarksget.go
+++ b/internal/api/client/bookmarks/bookmarksget.go
@@ -25,7 +25,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 const (
@@ -93,7 +92,7 @@ const (
 //		'500':
 //			description: internal server error
 func (m *Module) BookmarksGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/conversations/conversationdelete.go b/internal/api/client/conversations/conversationdelete.go
index 6f8f43a94..7784143b2 100644
--- a/internal/api/client/conversations/conversationdelete.go
+++ b/internal/api/client/conversations/conversationdelete.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ConversationDELETEHandler swagger:operation DELETE /api/v1/conversations/{id} conversationDelete
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ConversationDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/conversations/conversationread.go b/internal/api/client/conversations/conversationread.go
index 7f68a2a33..fdb56dd51 100644
--- a/internal/api/client/conversations/conversationread.go
+++ b/internal/api/client/conversations/conversationread.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ConversationReadPOSTHandler swagger:operation POST /api/v1/conversation/{id}/read conversationRead
@@ -68,7 +67,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ConversationReadPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/conversations/conversationsget.go b/internal/api/client/conversations/conversationsget.go
index 663b9a707..7e8eaac1d 100644
--- a/internal/api/client/conversations/conversationsget.go
+++ b/internal/api/client/conversations/conversationsget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -107,7 +106,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ConversationsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/customemojis/customemojisget.go b/internal/api/client/customemojis/customemojisget.go
index be595afd7..3ef7ab727 100644
--- a/internal/api/client/customemojis/customemojisget.go
+++ b/internal/api/client/customemojis/customemojisget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // CustomEmojisGETHandler swagger:operation GET /api/v1/custom_emojis customEmojisGet
@@ -55,7 +54,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) CustomEmojisGETHandler(c *gin.Context) {
-	if _, err := oauth.Authed(c, true, true, true, true); err != nil {
+	if _, err := apiutil.TokenAuth(c, true, true, true, true); err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
 	}
diff --git a/internal/api/client/exports/blocks.go b/internal/api/client/exports/blocks.go
index c31e2b0b4..e10311483 100644
--- a/internal/api/client/exports/blocks.go
+++ b/internal/api/client/exports/blocks.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportBlocksGETHandler swagger:operation GET /api/v1/exports/blocks.csv exportBlocks
@@ -52,7 +51,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportBlocksGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/exports/followers.go b/internal/api/client/exports/followers.go
index ceef94659..8931ac9ba 100644
--- a/internal/api/client/exports/followers.go
+++ b/internal/api/client/exports/followers.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportFollowersGETHandler swagger:operation GET /api/v1/exports/followers.csv exportFollowers
@@ -52,7 +51,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportFollowersGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/exports/following.go b/internal/api/client/exports/following.go
index e61cafc2a..44954bacb 100644
--- a/internal/api/client/exports/following.go
+++ b/internal/api/client/exports/following.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportFollowingGETHandler swagger:operation GET /api/v1/exports/following.csv exportFollowing
@@ -52,7 +51,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportFollowingGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/exports/lists.go b/internal/api/client/exports/lists.go
index 2debcc701..ecf9edd2d 100644
--- a/internal/api/client/exports/lists.go
+++ b/internal/api/client/exports/lists.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportListsGETHandler swagger:operation GET /api/v1/exports/lists.csv exportLists
@@ -52,7 +51,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportListsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/exports/mutes.go b/internal/api/client/exports/mutes.go
index ab49b7719..fe2d5dfe0 100644
--- a/internal/api/client/exports/mutes.go
+++ b/internal/api/client/exports/mutes.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportMutesGETHandler swagger:operation GET /api/v1/exports/mutes.csv exportMutes
@@ -52,7 +51,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportMutesGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/exports/stats.go b/internal/api/client/exports/stats.go
index 9e3f1b600..7cc132cd6 100644
--- a/internal/api/client/exports/stats.go
+++ b/internal/api/client/exports/stats.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ExportStatsGETHandler swagger:operation GET /api/v1/exports/stats exportStats
@@ -53,7 +52,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ExportStatsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/favourites/favouritesget.go b/internal/api/client/favourites/favouritesget.go
index 3ba2f9fcf..a631e3037 100644
--- a/internal/api/client/favourites/favouritesget.go
+++ b/internal/api/client/favourites/favouritesget.go
@@ -25,7 +25,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FavouritesGETHandler swagger:operation GET /api/v1/favourites favouritesGet
@@ -93,7 +92,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FavouritesGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/featuredtags/get.go b/internal/api/client/featuredtags/get.go
index de47f7ee2..62fa66882 100644
--- a/internal/api/client/featuredtags/get.go
+++ b/internal/api/client/featuredtags/get.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FeaturedTagsGETHandler swagger:operation GET /api/v1/featured_tags getFeaturedTags
@@ -60,7 +59,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FeaturedTagsGETHandler(c *gin.Context) {
-	_, err := oauth.Authed(c, true, true, true, true)
+	_, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v1/filterdelete.go b/internal/api/client/filters/v1/filterdelete.go
index 267dd16d0..1d6ac3565 100644
--- a/internal/api/client/filters/v1/filterdelete.go
+++ b/internal/api/client/filters/v1/filterdelete.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterDELETEHandler swagger:operation DELETE /api/v1/filters/{id} filterV1Delete
@@ -63,7 +62,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v1/filterget.go b/internal/api/client/filters/v1/filterget.go
index 35c44b60c..2ada39243 100644
--- a/internal/api/client/filters/v1/filterget.go
+++ b/internal/api/client/filters/v1/filterget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterGETHandler swagger:operation GET /api/v1/filters/{id} filterV1Get
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v1/filterpost.go b/internal/api/client/filters/v1/filterpost.go
index a58f2273d..98ae6d796 100644
--- a/internal/api/client/filters/v1/filterpost.go
+++ b/internal/api/client/filters/v1/filterpost.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterPOSTHandler swagger:operation POST /api/v1/filters filterV1Post
@@ -130,7 +129,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v1/filterput.go b/internal/api/client/filters/v1/filterput.go
index edaf8104d..c2e27664f 100644
--- a/internal/api/client/filters/v1/filterput.go
+++ b/internal/api/client/filters/v1/filterput.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterPUTHandler swagger:operation PUT /api/v1/filters/{id} filterV1Put
@@ -136,7 +135,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterPUTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v1/filtersget.go b/internal/api/client/filters/v1/filtersget.go
index f1e07a2da..53205aa7a 100644
--- a/internal/api/client/filters/v1/filtersget.go
+++ b/internal/api/client/filters/v1/filtersget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FiltersGETHandler swagger:operation GET /api/v1/filters filtersV1Get
@@ -60,7 +59,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FiltersGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterdelete.go b/internal/api/client/filters/v2/filterdelete.go
index 7292fd631..965a26cd5 100644
--- a/internal/api/client/filters/v2/filterdelete.go
+++ b/internal/api/client/filters/v2/filterdelete.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterDELETEHandler swagger:operation DELETE /api/v2/filters/{id} filterV2Delete
@@ -63,7 +62,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterget.go b/internal/api/client/filters/v2/filterget.go
index a3481e0e0..cfe1e87e9 100644
--- a/internal/api/client/filters/v2/filterget.go
+++ b/internal/api/client/filters/v2/filterget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterGETHandler swagger:operation GET /api/v2/filters/{id} filterV2Get
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterkeyworddelete.go b/internal/api/client/filters/v2/filterkeyworddelete.go
index e9ba2b4c5..137c60b21 100644
--- a/internal/api/client/filters/v2/filterkeyworddelete.go
+++ b/internal/api/client/filters/v2/filterkeyworddelete.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterKeywordDELETEHandler swagger:operation DELETE /api/v2/filters/keywords/{id} filterKeywordDelete
@@ -63,7 +62,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterKeywordDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterkeywordget.go b/internal/api/client/filters/v2/filterkeywordget.go
index 2df6fd10a..ff25afb72 100644
--- a/internal/api/client/filters/v2/filterkeywordget.go
+++ b/internal/api/client/filters/v2/filterkeywordget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterKeywordGETHandler swagger:operation GET /api/v2/filters/keywords/{id} filterKeywordGet
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterKeywordGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterkeywordpost.go b/internal/api/client/filters/v2/filterkeywordpost.go
index ba8f80135..4ae757de2 100644
--- a/internal/api/client/filters/v2/filterkeywordpost.go
+++ b/internal/api/client/filters/v2/filterkeywordpost.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 	"github.com/superseriousbusiness/gotosocial/internal/validate"
 )
@@ -100,7 +99,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterKeywordPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterkeywordput.go b/internal/api/client/filters/v2/filterkeywordput.go
index 44667660f..26b8f8a14 100644
--- a/internal/api/client/filters/v2/filterkeywordput.go
+++ b/internal/api/client/filters/v2/filterkeywordput.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterKeywordPUTHandler swagger:operation PUT /api/v2/filters/keywords{id} filterKeywordPut
@@ -97,7 +96,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterKeywordPUTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterkeywordsget.go b/internal/api/client/filters/v2/filterkeywordsget.go
index 3414c5d8c..af7cddee0 100644
--- a/internal/api/client/filters/v2/filterkeywordsget.go
+++ b/internal/api/client/filters/v2/filterkeywordsget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterKeywordsGETHandler swagger:operation GET /api/v2/filters/{id}/keywords filterKeywordsGet
@@ -68,7 +67,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterKeywordsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterpost.go b/internal/api/client/filters/v2/filterpost.go
index 5e87df617..295607c12 100644
--- a/internal/api/client/filters/v2/filterpost.go
+++ b/internal/api/client/filters/v2/filterpost.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 	"github.com/superseriousbusiness/gotosocial/internal/validate"
 )
@@ -150,7 +149,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterput.go b/internal/api/client/filters/v2/filterput.go
index 58d3f4a22..61de9bbfd 100644
--- a/internal/api/client/filters/v2/filterput.go
+++ b/internal/api/client/filters/v2/filterput.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 	"github.com/superseriousbusiness/gotosocial/internal/validate"
 )
@@ -158,7 +157,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterPUTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filtersget.go b/internal/api/client/filters/v2/filtersget.go
index 511a62d36..c0b360cab 100644
--- a/internal/api/client/filters/v2/filtersget.go
+++ b/internal/api/client/filters/v2/filtersget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FiltersGETHandler swagger:operation GET /api/v2/filters filtersV2Get
@@ -60,7 +59,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FiltersGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterstatusdelete.go b/internal/api/client/filters/v2/filterstatusdelete.go
index 5a03b9a7c..a62eaea81 100644
--- a/internal/api/client/filters/v2/filterstatusdelete.go
+++ b/internal/api/client/filters/v2/filterstatusdelete.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterStatusDELETEHandler swagger:operation DELETE /api/v2/filters/statuses/{id} filterStatusDelete
@@ -63,7 +62,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterStatusDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterstatusesget.go b/internal/api/client/filters/v2/filterstatusesget.go
index 3b05ca73d..2001ade62 100644
--- a/internal/api/client/filters/v2/filterstatusesget.go
+++ b/internal/api/client/filters/v2/filterstatusesget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterStatusesGETHandler swagger:operation GET /api/v2/filters/{id}/statuses filterStatusesGet
@@ -68,7 +67,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterStatusesGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterstatusget.go b/internal/api/client/filters/v2/filterstatusget.go
index 9e62e4466..681be0080 100644
--- a/internal/api/client/filters/v2/filterstatusget.go
+++ b/internal/api/client/filters/v2/filterstatusget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FilterStatusGETHandler swagger:operation GET /api/v2/filters/statuses/{id} filterStatusGet
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterStatusGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/filters/v2/filterstatuspost.go b/internal/api/client/filters/v2/filterstatuspost.go
index deef54a9c..2281bd996 100644
--- a/internal/api/client/filters/v2/filterstatuspost.go
+++ b/internal/api/client/filters/v2/filterstatuspost.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/validate"
 )
 
@@ -88,7 +87,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FilterStatusPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/followedtags/get.go b/internal/api/client/followedtags/get.go
index 68e4ffb5f..0496cd41b 100644
--- a/internal/api/client/followedtags/get.go
+++ b/internal/api/client/followedtags/get.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -100,7 +99,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FollowedTagsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/followrequests/authorize.go b/internal/api/client/followrequests/authorize.go
index 6a6f0dc81..2fd1322ce 100644
--- a/internal/api/client/followrequests/authorize.go
+++ b/internal/api/client/followrequests/authorize.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FollowRequestAuthorizePOSTHandler swagger:operation POST /api/v1/follow_requests/{account_id}/authorize authorizeFollowRequest
@@ -69,7 +68,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FollowRequestAuthorizePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/followrequests/get.go b/internal/api/client/followrequests/get.go
index 40cdceaea..7959e2366 100644
--- a/internal/api/client/followrequests/get.go
+++ b/internal/api/client/followrequests/get.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -108,7 +107,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FollowRequestGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/followrequests/reject.go b/internal/api/client/followrequests/reject.go
index a8189b78a..5127b87fe 100644
--- a/internal/api/client/followrequests/reject.go
+++ b/internal/api/client/followrequests/reject.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FollowRequestRejectPOSTHandler swagger:operation POST /api/v1/follow_requests/{account_id}/reject rejectFollowRequest
@@ -67,7 +66,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FollowRequestRejectPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/import/import.go b/internal/api/client/import/import.go
index 6d85a6b23..e0763815a 100644
--- a/internal/api/client/import/import.go
+++ b/internal/api/client/import/import.go
@@ -28,7 +28,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/processing"
 )
 
@@ -123,7 +122,7 @@ func (m *Module) Route(attachHandler func(method string, path string, f ...gin.H
 //		'500':
 //			description: internal server error
 func (m *Module) ImportPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/instance/instancepatch.go b/internal/api/client/instance/instancepatch.go
index 5085399eb..16b132287 100644
--- a/internal/api/client/instance/instancepatch.go
+++ b/internal/api/client/instance/instancepatch.go
@@ -27,7 +27,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // InstanceUpdatePATCHHandler swagger:operation PATCH /api/v1/instance instanceUpdate
@@ -127,7 +126,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) InstanceUpdatePATCHHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/instance/instancepeersget.go b/internal/api/client/instance/instancepeersget.go
index c278c0674..92e7120b2 100644
--- a/internal/api/client/instance/instancepeersget.go
+++ b/internal/api/client/instance/instancepeersget.go
@@ -25,7 +25,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 
 	"github.com/gin-gonic/gin"
 )
@@ -99,7 +98,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) InstancePeersGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, false, false, false, false)
+	authed, err := apiutil.TokenAuth(c, false, false, false, false)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/interactionpolicies/getdefaults.go b/internal/api/client/interactionpolicies/getdefaults.go
index 4ad0071f4..6ea40c647 100644
--- a/internal/api/client/interactionpolicies/getdefaults.go
+++ b/internal/api/client/interactionpolicies/getdefaults.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PoliciesDefaultsGETHandler swagger:operation GET /api/v1/interaction_policies/defaults policiesDefaultsGet
@@ -53,7 +52,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PoliciesDefaultsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/interactionpolicies/updatedefaults.go b/internal/api/client/interactionpolicies/updatedefaults.go
index 39e95784f..9b9651837 100644
--- a/internal/api/client/interactionpolicies/updatedefaults.go
+++ b/internal/api/client/interactionpolicies/updatedefaults.go
@@ -27,7 +27,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PoliciesDefaultsPATCHHandler swagger:operation PATCH /api/v1/interaction_policies/defaults policiesDefaultsUpdate
@@ -211,7 +210,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PoliciesDefaultsPATCHHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/interactionrequests/authorize.go b/internal/api/client/interactionrequests/authorize.go
index 1e5589f7e..b759ae3dd 100644
--- a/internal/api/client/interactionrequests/authorize.go
+++ b/internal/api/client/interactionrequests/authorize.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // InteractionRequestAuthorizePOSTHandler swagger:operation POST /api/v1/interaction_requests/{id}/authorize authorizeInteractionRequest
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) InteractionRequestAuthorizePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
diff --git a/internal/api/client/interactionrequests/get.go b/internal/api/client/interactionrequests/get.go
index a354a8623..a7330653e 100644
--- a/internal/api/client/interactionrequests/get.go
+++ b/internal/api/client/interactionrequests/get.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // InteractionRequestGETHandler swagger:operation GET /api/v1/interaction_requests/{id} getInteractionRequest
@@ -65,7 +64,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) InteractionRequestGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/interactionrequests/getpage.go b/internal/api/client/interactionrequests/getpage.go
index 1978a055c..ca42986ed 100644
--- a/internal/api/client/interactionrequests/getpage.go
+++ b/internal/api/client/interactionrequests/getpage.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -137,7 +136,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) InteractionRequestsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/interactionrequests/reject.go b/internal/api/client/interactionrequests/reject.go
index 33c426462..6984699a4 100644
--- a/internal/api/client/interactionrequests/reject.go
+++ b/internal/api/client/interactionrequests/reject.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // InteractionRequestRejectPOSTHandler swagger:operation POST /api/v1/interaction_requests/{id}/reject rejectInteractionRequest
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) InteractionRequestRejectPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
diff --git a/internal/api/client/lists/listaccounts.go b/internal/api/client/lists/listaccounts.go
index d609251f7..01c09a870 100644
--- a/internal/api/client/lists/listaccounts.go
+++ b/internal/api/client/lists/listaccounts.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -117,7 +116,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ListAccountsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/lists/listaccountsadd.go b/internal/api/client/lists/listaccountsadd.go
index 168c5e3fe..42042e1e7 100644
--- a/internal/api/client/lists/listaccountsadd.go
+++ b/internal/api/client/lists/listaccountsadd.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ListAccountsPOSTHandler swagger:operation POST /api/v1/lists/{id}/accounts addListAccounts
@@ -82,7 +81,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ListAccountsPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/lists/listaccountsremove.go b/internal/api/client/lists/listaccountsremove.go
index 96f8b809d..b49b3923a 100644
--- a/internal/api/client/lists/listaccountsremove.go
+++ b/internal/api/client/lists/listaccountsremove.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ListAccountsDELETEHandler swagger:operation DELETE /api/v1/lists/{id}/accounts removeListAccounts
@@ -82,7 +81,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ListAccountsDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/lists/listcreate.go b/internal/api/client/lists/listcreate.go
index c8f547ccc..c40a931be 100644
--- a/internal/api/client/lists/listcreate.go
+++ b/internal/api/client/lists/listcreate.go
@@ -26,7 +26,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/validate"
 )
 
@@ -97,7 +96,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ListCreatePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/lists/listdelete.go b/internal/api/client/lists/listdelete.go
index b03f21e5a..3ae9e2a48 100644
--- a/internal/api/client/lists/listdelete.go
+++ b/internal/api/client/lists/listdelete.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ListDELETEHandler swagger:operation DELETE /api/v1/lists/{id} listDelete
@@ -64,7 +63,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ListDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/lists/listget.go b/internal/api/client/lists/listget.go
index 34b21d28b..0a391dd35 100644
--- a/internal/api/client/lists/listget.go
+++ b/internal/api/client/lists/listget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ListGETHandler swagger:operation GET /api/v1/lists/{id} list
@@ -67,7 +66,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ListGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/lists/listsget.go b/internal/api/client/lists/listsget.go
index 6bfc3c883..3251f93b1 100644
--- a/internal/api/client/lists/listsget.go
+++ b/internal/api/client/lists/listsget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ListsGETHandler swagger:operation GET /api/v1/lists lists
@@ -60,7 +59,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ListsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/lists/listupdate.go b/internal/api/client/lists/listupdate.go
index 38caa9621..f7b902cc2 100644
--- a/internal/api/client/lists/listupdate.go
+++ b/internal/api/client/lists/listupdate.go
@@ -27,7 +27,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/validate"
 )
 
@@ -103,7 +102,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ListUpdatePUTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/markers/markersget.go b/internal/api/client/markers/markersget.go
index 9f4fc4270..1d168946c 100644
--- a/internal/api/client/markers/markersget.go
+++ b/internal/api/client/markers/markersget.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/validate"
 )
 
@@ -67,7 +66,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) MarkersGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/markers/markerspost.go b/internal/api/client/markers/markerspost.go
index 8fe40c798..3743beefd 100644
--- a/internal/api/client/markers/markerspost.go
+++ b/internal/api/client/markers/markerspost.go
@@ -25,7 +25,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // MarkersPOSTHandler swagger:operation POST /api/v1/markers markersPost
@@ -72,7 +71,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) MarkersPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/media/mediacreate.go b/internal/api/client/media/mediacreate.go
index efe567f13..e66682a7b 100644
--- a/internal/api/client/media/mediacreate.go
+++ b/internal/api/client/media/mediacreate.go
@@ -27,7 +27,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // MediaCreatePOSTHandler swagger:operation POST /api/{api_version}/media mediaCreate
@@ -102,7 +101,7 @@ func (m *Module) MediaCreatePOSTHandler(c *gin.Context) {
 		return
 	}
 
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/media/mediaget.go b/internal/api/client/media/mediaget.go
index 8456f85d8..78628cd3d 100644
--- a/internal/api/client/media/mediaget.go
+++ b/internal/api/client/media/mediaget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // MediaGETHandler swagger:operation GET /api/v1/media/{id} mediaGet
@@ -74,7 +73,7 @@ func (m *Module) MediaGETHandler(c *gin.Context) {
 		return
 	}
 
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/media/mediaupdate.go b/internal/api/client/media/mediaupdate.go
index 0a9ce4eb8..0afda5551 100644
--- a/internal/api/client/media/mediaupdate.go
+++ b/internal/api/client/media/mediaupdate.go
@@ -27,7 +27,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // MediaPUTHandler swagger:operation PUT /api/v1/media/{id} mediaUpdate
@@ -106,7 +105,7 @@ func (m *Module) MediaPUTHandler(c *gin.Context) {
 		return
 	}
 
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/mutes/mutesget.go b/internal/api/client/mutes/mutesget.go
index 7fcbc2b44..b17dcf5a2 100644
--- a/internal/api/client/mutes/mutesget.go
+++ b/internal/api/client/mutes/mutesget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -108,7 +107,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) MutesGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/notifications/notificationget.go b/internal/api/client/notifications/notificationget.go
index 66bdefb28..182a97c7f 100644
--- a/internal/api/client/notifications/notificationget.go
+++ b/internal/api/client/notifications/notificationget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // NotificationGETHandler swagger:operation GET /api/v1/notification/{id} notification
@@ -67,7 +66,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) NotificationGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/notifications/notificationsclear.go b/internal/api/client/notifications/notificationsclear.go
index 2d7da3c6b..89c40d4cd 100644
--- a/internal/api/client/notifications/notificationsclear.go
+++ b/internal/api/client/notifications/notificationsclear.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // NotificationsClearPOSTHandler swagger:operation POST /api/v1/notifications/clear clearNotifications
@@ -58,7 +57,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) NotificationsClearPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/notifications/notificationsget.go b/internal/api/client/notifications/notificationsget.go
index b530c515d..d2df905d2 100644
--- a/internal/api/client/notifications/notificationsget.go
+++ b/internal/api/client/notifications/notificationsget.go
@@ -26,7 +26,6 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -143,7 +142,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) NotificationsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/polls/polls_get.go b/internal/api/client/polls/polls_get.go
index fc89255e9..55b534ccf 100644
--- a/internal/api/client/polls/polls_get.go
+++ b/internal/api/client/polls/polls_get.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PollGETHandler swagger:operation GET /api/v1/polls/{id} poll
@@ -67,7 +66,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PollGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
diff --git a/internal/api/client/polls/polls_vote.go b/internal/api/client/polls/polls_vote.go
index 192ecbc0f..cf9181062 100644
--- a/internal/api/client/polls/polls_vote.go
+++ b/internal/api/client/polls/polls_vote.go
@@ -26,7 +26,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PollVotePOSTHandler swagger:operation POST /api/v1/polls/{id}/votes pollVote
@@ -80,7 +79,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PollVotePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
diff --git a/internal/api/client/preferences/preferencesget.go b/internal/api/client/preferences/preferencesget.go
index 4a6cb4b55..6b24bd006 100644
--- a/internal/api/client/preferences/preferencesget.go
+++ b/internal/api/client/preferences/preferencesget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PreferencesGETHandler swagger:operation GET /api/v1/preferences preferencesGet
@@ -71,7 +70,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PreferencesGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, false, false, false, true)
+	authed, err := apiutil.TokenAuth(c, false, false, false, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/push/pushsubscriptiondelete.go b/internal/api/client/push/pushsubscriptiondelete.go
index 2a5fd8e69..6880c0e04 100644
--- a/internal/api/client/push/pushsubscriptiondelete.go
+++ b/internal/api/client/push/pushsubscriptiondelete.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PushSubscriptionDELETEHandler swagger:operation DELETE /api/v1/push/subscription pushSubscriptionDelete
@@ -49,7 +48,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PushSubscriptionDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/push/pushsubscriptionget.go b/internal/api/client/push/pushsubscriptionget.go
index 10774b862..35117f817 100644
--- a/internal/api/client/push/pushsubscriptionget.go
+++ b/internal/api/client/push/pushsubscriptionget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PushSubscriptionGETHandler swagger:operation GET /api/v1/push/subscription pushSubscriptionGet
@@ -55,7 +54,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PushSubscriptionGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/push/pushsubscriptionpost.go b/internal/api/client/push/pushsubscriptionpost.go
index cc1be185f..4d739ce85 100644
--- a/internal/api/client/push/pushsubscriptionpost.go
+++ b/internal/api/client/push/pushsubscriptionpost.go
@@ -29,7 +29,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PushSubscriptionPOSTHandler swagger:operation POST /api/v1/push/subscription pushSubscriptionPost
@@ -181,7 +180,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PushSubscriptionPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/push/pushsubscriptionput.go b/internal/api/client/push/pushsubscriptionput.go
index 4d1c5765e..be0b020c0 100644
--- a/internal/api/client/push/pushsubscriptionput.go
+++ b/internal/api/client/push/pushsubscriptionput.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
@@ -157,7 +156,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) PushSubscriptionPUTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/reports/reportcreate.go b/internal/api/client/reports/reportcreate.go
index a303cf20a..ffd5505ed 100644
--- a/internal/api/client/reports/reportcreate.go
+++ b/internal/api/client/reports/reportcreate.go
@@ -26,7 +26,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/regexes"
 )
 
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ReportPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/reports/reportget.go b/internal/api/client/reports/reportget.go
index c9ca0054f..a48614830 100644
--- a/internal/api/client/reports/reportget.go
+++ b/internal/api/client/reports/reportget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ReportGETHandler swagger:operation GET /api/v1/reports/{id} reportGet
@@ -65,7 +64,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ReportGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/reports/reportsget.go b/internal/api/client/reports/reportsget.go
index 4c3d4e33a..b9315fa40 100644
--- a/internal/api/client/reports/reportsget.go
+++ b/internal/api/client/reports/reportsget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 )
 
@@ -119,7 +118,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) ReportsGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/search/searchget.go b/internal/api/client/search/searchget.go
index 0f9595efc..09e80e2a6 100644
--- a/internal/api/client/search/searchget.go
+++ b/internal/api/client/search/searchget.go
@@ -24,7 +24,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // SearchGETHandler swagger:operation GET /api/{api_version}/search searchGet
@@ -178,7 +177,7 @@ func (m *Module) SearchGETHandler(c *gin.Context) {
 		return
 	}
 
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusbookmark.go b/internal/api/client/statuses/statusbookmark.go
index 9dbc0f56e..aafa82465 100644
--- a/internal/api/client/statuses/statusbookmark.go
+++ b/internal/api/client/statuses/statusbookmark.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusBookmarkPOSTHandler swagger:operation POST /api/v1/statuses/{id}/bookmark statusBookmark
@@ -69,7 +68,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusBookmarkPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusboost.go b/internal/api/client/statuses/statusboost.go
index 035ee8747..ae0183695 100644
--- a/internal/api/client/statuses/statusboost.go
+++ b/internal/api/client/statuses/statusboost.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusBoostPOSTHandler swagger:operation POST /api/v1/statuses/{id}/reblog statusReblog
@@ -72,7 +71,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusBoostPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusboostedby.go b/internal/api/client/statuses/statusboostedby.go
index 15e0e26a0..c10ab28ef 100644
--- a/internal/api/client/statuses/statusboostedby.go
+++ b/internal/api/client/statuses/statusboostedby.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusBoostedByGETHandler swagger:operation GET /api/v1/statuses/{id}/reblogged_by statusBoostedBy
@@ -65,7 +64,7 @@ import (
 //		'404':
 //			description: not found
 func (m *Module) StatusBoostedByGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statuscontext.go b/internal/api/client/statuses/statuscontext.go
index 0eea50819..95d23fe93 100644
--- a/internal/api/client/statuses/statuscontext.go
+++ b/internal/api/client/statuses/statuscontext.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusContextGETHandler swagger:operation GET /api/v1/statuses/{id}/context threadContext
@@ -71,7 +70,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusContextGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statuscreate.go b/internal/api/client/statuses/statuscreate.go
index bfb1c486d..7f9f90b1d 100644
--- a/internal/api/client/statuses/statuscreate.go
+++ b/internal/api/client/statuses/statuscreate.go
@@ -28,7 +28,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
@@ -262,7 +261,7 @@ import (
 //		'501':
 //			description: scheduled_at was set, but this feature is not yet implemented
 func (m *Module) StatusCreatePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusdelete.go b/internal/api/client/statuses/statusdelete.go
index fa62d6893..114b501c8 100644
--- a/internal/api/client/statuses/statusdelete.go
+++ b/internal/api/client/statuses/statusdelete.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusDELETEHandler swagger:operation DELETE /api/v1/statuses/{id} statusDelete
@@ -71,7 +70,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusDELETEHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusedit.go b/internal/api/client/statuses/statusedit.go
index dfd7d651e..f3d70b47e 100644
--- a/internal/api/client/statuses/statusedit.go
+++ b/internal/api/client/statuses/statusedit.go
@@ -27,7 +27,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
@@ -156,7 +155,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusEditPUTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusfave.go b/internal/api/client/statuses/statusfave.go
index 41d45c6b8..0d32f106f 100644
--- a/internal/api/client/statuses/statusfave.go
+++ b/internal/api/client/statuses/statusfave.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusFavePOSTHandler swagger:operation POST /api/v1/statuses/{id}/favourite statusFave
@@ -68,7 +67,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusFavePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusfavedby.go b/internal/api/client/statuses/statusfavedby.go
index 7dca760cc..14f21f229 100644
--- a/internal/api/client/statuses/statusfavedby.go
+++ b/internal/api/client/statuses/statusfavedby.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusFavedByGETHandler swagger:operation GET /api/v1/statuses/{id}/favourited_by statusFavedBy
@@ -69,7 +68,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusFavedByGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusget.go b/internal/api/client/statuses/statusget.go
index 8c3edac81..d6c26a9bb 100644
--- a/internal/api/client/statuses/statusget.go
+++ b/internal/api/client/statuses/statusget.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusGETHandler swagger:operation GET /api/v1/statuses/{id} statusGet
@@ -68,7 +67,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statushistory.go b/internal/api/client/statuses/statushistory.go
index ba1af58cf..399e19dce 100644
--- a/internal/api/client/statuses/statushistory.go
+++ b/internal/api/client/statuses/statushistory.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusHistoryGETHandler swagger:operation GET /api/v1/statuses/{id}/history statusHistoryGet
@@ -70,7 +69,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusHistoryGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusmute.go b/internal/api/client/statuses/statusmute.go
index 58d14a8bf..f784ae35a 100644
--- a/internal/api/client/statuses/statusmute.go
+++ b/internal/api/client/statuses/statusmute.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusMutePOSTHandler swagger:operation POST /api/v1/statuses/{id}/mute statusMute
@@ -72,7 +71,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusMutePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statuspin.go b/internal/api/client/statuses/statuspin.go
index e5879f715..e9121ec0b 100644
--- a/internal/api/client/statuses/statuspin.go
+++ b/internal/api/client/statuses/statuspin.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusPinPOSTHandler swagger:operation POST /api/v1/statuses/{id}/pin statusPin
@@ -74,7 +73,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusPinPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statussource.go b/internal/api/client/statuses/statussource.go
index c74d99bfc..604a221ca 100644
--- a/internal/api/client/statuses/statussource.go
+++ b/internal/api/client/statuses/statussource.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusSourceGETHandler swagger:operation GET /api/v1/statuses/{id}/source statusSourceGet
@@ -68,7 +67,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusSourceGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusunbookmark.go b/internal/api/client/statuses/statusunbookmark.go
index 7dbed9658..f37af4eca 100644
--- a/internal/api/client/statuses/statusunbookmark.go
+++ b/internal/api/client/statuses/statusunbookmark.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusUnbookmarkPOSTHandler swagger:operation POST /api/v1/statuses/{id}/unbookmark statusUnbookmark
@@ -69,7 +68,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusUnbookmarkPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusunboost.go b/internal/api/client/statuses/statusunboost.go
index ae5c2f600..ecf831f1e 100644
--- a/internal/api/client/statuses/statusunboost.go
+++ b/internal/api/client/statuses/statusunboost.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusUnboostPOSTHandler swagger:operation POST /api/v1/statuses/{id}/unreblog statusUnreblog
@@ -69,7 +68,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusUnboostPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusunfave.go b/internal/api/client/statuses/statusunfave.go
index 6fb445143..2e2f187a9 100644
--- a/internal/api/client/statuses/statusunfave.go
+++ b/internal/api/client/statuses/statusunfave.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusUnfavePOSTHandler swagger:operation POST /api/v1/statuses/{id}/unfavourite statusUnfave
@@ -68,7 +67,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusUnfavePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusunmute.go b/internal/api/client/statuses/statusunmute.go
index e657992ca..469d5b92b 100644
--- a/internal/api/client/statuses/statusunmute.go
+++ b/internal/api/client/statuses/statusunmute.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusUnmutePOSTHandler swagger:operation POST /api/v1/statuses/{id}/unmute statusUnmute
@@ -72,7 +71,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusUnmutePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/statuses/statusunpin.go b/internal/api/client/statuses/statusunpin.go
index fbe85755f..e94d4ebe2 100644
--- a/internal/api/client/statuses/statusunpin.go
+++ b/internal/api/client/statuses/statusunpin.go
@@ -24,7 +24,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // StatusUnpinPOSTHandler swagger:operation POST /api/v1/statuses/{id}/unpin statusUnpin
@@ -69,7 +68,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) StatusUnpinPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/streaming/stream.go b/internal/api/client/streaming/stream.go
index 6c57cea03..59f9fb749 100644
--- a/internal/api/client/streaming/stream.go
+++ b/internal/api/client/streaming/stream.go
@@ -28,7 +28,6 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/id"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	streampkg "github.com/superseriousbusiness/gotosocial/internal/stream"
 
 	"github.com/gin-gonic/gin"
@@ -187,7 +186,7 @@ func (m *Module) StreamGETHandler(c *gin.Context) {
 
 		// No explicit token was provided:
 		// try regular oauth as a last resort.
-		authed, err := oauth.Authed(c, true, true, true, true)
+		authed, err := apiutil.TokenAuth(c, true, true, true, true)
 		if err != nil {
 			errWithCode := gtserror.NewErrorUnauthorized(err, err.Error())
 			apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
diff --git a/internal/api/client/tags/follow.go b/internal/api/client/tags/follow.go
index 2952996b1..2e2de631a 100644
--- a/internal/api/client/tags/follow.go
+++ b/internal/api/client/tags/follow.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // FollowTagPOSTHandler swagger:operation POST /api/v1/tags/{tag_name}/follow followTag
@@ -65,7 +64,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) FollowTagPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/tags/get.go b/internal/api/client/tags/get.go
index b61b7cc65..072ab7eef 100644
--- a/internal/api/client/tags/get.go
+++ b/internal/api/client/tags/get.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // TagGETHandler swagger:operation GET /api/v1/tags/{tag_name} getTag
@@ -67,7 +66,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) TagGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/tags/unfollow.go b/internal/api/client/tags/unfollow.go
index 3166e08ed..4fc2d725d 100644
--- a/internal/api/client/tags/unfollow.go
+++ b/internal/api/client/tags/unfollow.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // UnfollowTagPOSTHandler swagger:operation POST /api/v1/tags/{tag_name}/unfollow unfollowTag
@@ -67,7 +66,7 @@ import (
 //		'500':
 //			description: internal server error
 func (m *Module) UnfollowTagPOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/timelines/home.go b/internal/api/client/timelines/home.go
index 55928dd3a..fe7b468cc 100644
--- a/internal/api/client/timelines/home.go
+++ b/internal/api/client/timelines/home.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // HomeTimelineGETHandler swagger:operation GET /api/v1/timelines/home homeTimeline
@@ -107,7 +106,7 @@ import (
 //		'400':
 //			description: bad request
 func (m *Module) HomeTimelineGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/timelines/list.go b/internal/api/client/timelines/list.go
index 25695bf0e..8da6a0930 100644
--- a/internal/api/client/timelines/list.go
+++ b/internal/api/client/timelines/list.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ListTimelineGETHandler swagger:operation GET /api/v1/timelines/list/{id} listTimeline
@@ -106,7 +105,7 @@ import (
 //		'400':
 //			description: bad request
 func (m *Module) ListTimelineGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/timelines/public.go b/internal/api/client/timelines/public.go
index 49530216f..0b31caaa9 100644
--- a/internal/api/client/timelines/public.go
+++ b/internal/api/client/timelines/public.go
@@ -24,7 +24,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // PublicTimelineGETHandler swagger:operation GET /api/v1/timelines/public publicTimeline
@@ -108,15 +107,15 @@ import (
 //		'400':
 //			description: bad request
 func (m *Module) PublicTimelineGETHandler(c *gin.Context) {
-	var authed *oauth.Auth
+	var authed *apiutil.Auth
 	var err error
 
 	if config.GetInstanceExposePublicTimeline() {
 		// If the public timeline is allowed to be exposed, still check if we
 		// can extract various authentication properties, but don't require them.
-		authed, err = oauth.Authed(c, false, false, false, false)
+		authed, err = apiutil.TokenAuth(c, false, false, false, false)
 	} else {
-		authed, err = oauth.Authed(c, true, true, true, true)
+		authed, err = apiutil.TokenAuth(c, true, true, true, true)
 	}
 
 	if err != nil {
diff --git a/internal/api/client/timelines/tag.go b/internal/api/client/timelines/tag.go
index 258184355..f43eeca30 100644
--- a/internal/api/client/timelines/tag.go
+++ b/internal/api/client/timelines/tag.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // TagTimelineGETHandler swagger:operation GET /api/v1/timelines/tag/{tag_name} tagTimeline
@@ -108,7 +107,7 @@ import (
 //		'400':
 //			description: bad request
 func (m *Module) TagTimelineGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/user/emailchange.go b/internal/api/client/user/emailchange.go
index b2e25343f..26fc9b107 100644
--- a/internal/api/client/user/emailchange.go
+++ b/internal/api/client/user/emailchange.go
@@ -25,7 +25,6 @@ import (
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // EmailChangePOSTHandler swagger:operation POST /api/v1/user/email_change userEmailChange
@@ -66,7 +65,7 @@ import (
 //		'500':
 //			description: internal error
 func (m *Module) EmailChangePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/user/passwordchange.go b/internal/api/client/user/passwordchange.go
index df9f5b0c8..76c9ad5bc 100644
--- a/internal/api/client/user/passwordchange.go
+++ b/internal/api/client/user/passwordchange.go
@@ -26,7 +26,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/config"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 const OIDCPasswordHelp = "password change request cannot be processed by GoToSocial as this instance is running with OIDC enabled; you must change password using your OIDC provider"
@@ -70,7 +69,7 @@ const OIDCPasswordHelp = "password change request cannot be processed by GoToSoc
 //		'500':
 //			description: internal error
 func (m *Module) PasswordChangePOSTHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/client/user/userget.go b/internal/api/client/user/userget.go
index 147c1dbd5..73a538a12 100644
--- a/internal/api/client/user/userget.go
+++ b/internal/api/client/user/userget.go
@@ -23,7 +23,6 @@ import (
 	"github.com/gin-gonic/gin"
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // UserGETHandler swagger:operation GET /api/v1/user getUser
@@ -57,7 +56,7 @@ import (
 //		'500':
 //			description: internal error
 func (m *Module) UserGETHandler(c *gin.Context) {
-	authed, err := oauth.Authed(c, true, true, true, true)
+	authed, err := apiutil.TokenAuth(c, true, true, true, true)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGetV1)
 		return
diff --git a/internal/api/fileserver/servefile.go b/internal/api/fileserver/servefile.go
index fc6ef0e7e..3ae87a0cc 100644
--- a/internal/api/fileserver/servefile.go
+++ b/internal/api/fileserver/servefile.go
@@ -31,7 +31,6 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
 // ServeFile is for serving attachments, headers, and avatars to the requester from instance storage.
@@ -39,7 +38,7 @@ import (
 // Note: to mitigate scraping attempts, no information should be given out on a bad request except "404 page not found".
 // Don't give away account ids or media ids or anything like that; callers shouldn't be able to infer anything.
 func (m *Module) ServeFile(c *gin.Context) {
-	authed, err := oauth.Authed(c, false, false, false, false)
+	authed, err := apiutil.TokenAuth(c, false, false, false, false)
 	if err != nil {
 		apiutil.ErrorHandler(c, gtserror.NewErrorNotFound(err), m.processor.InstanceGetV1)
 		return
diff --git a/internal/oauth/util.go b/internal/api/util/authtoken.go
similarity index 60%
rename from internal/oauth/util.go
rename to internal/api/util/authtoken.go
index e7b2d1292..40d9ffd50 100644
--- a/internal/oauth/util.go
+++ b/internal/api/util/authtoken.go
@@ -1,27 +1,12 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package oauth
+package util
 
 import (
+	"errors"
+
 	"github.com/gin-gonic/gin"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
+	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/oauth2/v4"
-	"github.com/superseriousbusiness/oauth2/v4/errors"
 )
 
 // Auth wraps an authorized token, application, user, and account.
@@ -35,23 +20,29 @@ type Auth struct {
 	Account     *gtsmodel.Account
 }
 
-// Authed is a convenience function for returning an Authed struct from a gin context.
+// TokenAuth is a convenience function for returning an TokenAuth struct from a gin context.
 // In essence, it tries to extract a token, application, user, and account from the context,
 // and then sets them on a struct for convenience.
 //
-// If any are not present in the context, they will be set to nil on the returned Authed struct.
+// If any are not present in the context, they will be set to nil on the returned TokenAuth struct.
 //
 // If *ALL* are not present, then nil and an error will be returned.
 //
 // If something goes wrong during parsing, then nil and an error will be returned (consider this not authed).
-// Authed is like GetAuthed, but will fail if one of the requirements is not met.
-func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool, requireAccount bool) (*Auth, error) {
+// TokenAuth is like GetAuthed, but will fail if one of the requirements is not met.
+func TokenAuth(
+	c *gin.Context,
+	requireToken bool,
+	requireApp bool,
+	requireUser bool,
+	requireAccount bool,
+) (*Auth, error) {
 	ctx := c.Copy()
 	a := &Auth{}
 	var i interface{}
 	var ok bool
 
-	i, ok = ctx.Get(SessionAuthorizedToken)
+	i, ok = ctx.Get(oauth.SessionAuthorizedToken)
 	if ok {
 		parsed, ok := i.(oauth2.TokenInfo)
 		if !ok {
@@ -60,7 +51,7 @@ func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool
 		a.Token = parsed
 	}
 
-	i, ok = ctx.Get(SessionAuthorizedApplication)
+	i, ok = ctx.Get(oauth.SessionAuthorizedApplication)
 	if ok {
 		parsed, ok := i.(*gtsmodel.Application)
 		if !ok {
@@ -69,7 +60,7 @@ func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool
 		a.Application = parsed
 	}
 
-	i, ok = ctx.Get(SessionAuthorizedUser)
+	i, ok = ctx.Get(oauth.SessionAuthorizedUser)
 	if ok {
 		parsed, ok := i.(*gtsmodel.User)
 		if !ok {
@@ -78,7 +69,7 @@ func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool
 		a.User = parsed
 	}
 
-	i, ok = ctx.Get(SessionAuthorizedAccount)
+	i, ok = ctx.Get(oauth.SessionAuthorizedAccount)
 	if ok {
 		parsed, ok := i.(*gtsmodel.Account)
 		if !ok {
diff --git a/internal/oauth/tokenstore_test.go b/internal/oauth/tokenstore_test.go
deleted file mode 100644
index 2b76024f7..000000000
--- a/internal/oauth/tokenstore_test.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// GoToSocial
-// Copyright (C) GoToSocial Authors admin@gotosocial.org
-// SPDX-License-Identifier: AGPL-3.0-or-later
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package oauth_test
-
-// TODO: write tests
diff --git a/internal/processing/account/move.go b/internal/processing/account/move.go
index 44f8da268..1c5209e70 100644
--- a/internal/processing/account/move.go
+++ b/internal/processing/account/move.go
@@ -27,6 +27,7 @@ import (
 
 	"github.com/superseriousbusiness/gotosocial/internal/ap"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/federation/dereferencing"
 	"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
@@ -34,14 +35,13 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/id"
 	"github.com/superseriousbusiness/gotosocial/internal/messages"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/uris"
 	"golang.org/x/crypto/bcrypt"
 )
 
 func (p *Processor) MoveSelf(
 	ctx context.Context,
-	authed *oauth.Auth,
+	authed *apiutil.Auth,
 	form *apimodel.AccountMoveRequest,
 ) gtserror.WithCode {
 	// Ensure valid MovedToURI.
diff --git a/internal/processing/account/move_test.go b/internal/processing/account/move_test.go
index 9d06829ca..76cbe1512 100644
--- a/internal/processing/account/move_test.go
+++ b/internal/processing/account/move_test.go
@@ -24,6 +24,7 @@ import (
 
 	"github.com/stretchr/testify/suite"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
@@ -56,7 +57,7 @@ func (suite *MoveTestSuite) TestMoveAccountOK() {
 	// Trigger move from zork to admin.
 	if err := suite.accountProcessor.MoveSelf(
 		ctx,
-		&oauth.Auth{
+		&apiutil.Auth{
 			Token:       oauth.DBTokenToToken(suite.testTokens["local_account_1"]),
 			Application: suite.testApplications["local_account_1"],
 			User:        suite.testUsers["local_account_1"],
@@ -120,7 +121,7 @@ func (suite *MoveTestSuite) TestMoveAccountNotAliased() {
 	// not aliased back to zork.
 	err := suite.accountProcessor.MoveSelf(
 		ctx,
-		&oauth.Auth{
+		&apiutil.Auth{
 			Token:       oauth.DBTokenToToken(suite.testTokens["local_account_1"]),
 			Application: suite.testApplications["local_account_1"],
 			User:        suite.testUsers["local_account_1"],
@@ -150,7 +151,7 @@ func (suite *MoveTestSuite) TestMoveAccountBadPassword() {
 	// not aliased back to zork.
 	err := suite.accountProcessor.MoveSelf(
 		ctx,
-		&oauth.Auth{
+		&apiutil.Auth{
 			Token:       oauth.DBTokenToToken(suite.testTokens["local_account_1"]),
 			Application: suite.testApplications["local_account_1"],
 			User:        suite.testUsers["local_account_1"],
diff --git a/internal/processing/app.go b/internal/processing/app.go
index d492b3bc4..2a43c5212 100644
--- a/internal/processing/app.go
+++ b/internal/processing/app.go
@@ -22,13 +22,13 @@ import (
 
 	"github.com/google/uuid"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/id"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 )
 
-func (p *Processor) AppCreate(ctx context.Context, authed *oauth.Auth, form *apimodel.ApplicationCreateRequest) (*apimodel.Application, gtserror.WithCode) {
+func (p *Processor) AppCreate(ctx context.Context, authed *apiutil.Auth, form *apimodel.ApplicationCreateRequest) (*apimodel.Application, gtserror.WithCode) {
 	// set default 'read' for scopes if it's not set
 	var scopes string
 	if form.Scopes == "" {
diff --git a/internal/processing/processor_test.go b/internal/processing/processor_test.go
index 84ab9ef48..9cf6cbd60 100644
--- a/internal/processing/processor_test.go
+++ b/internal/processing/processor_test.go
@@ -22,6 +22,7 @@ import (
 
 	"github.com/stretchr/testify/suite"
 	"github.com/superseriousbusiness/gotosocial/internal/admin"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/cleaner"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/email"
@@ -66,7 +67,7 @@ type ProcessingStandardTestSuite struct {
 	testStatuses     map[string]*gtsmodel.Status
 	testTags         map[string]*gtsmodel.Tag
 	testMentions     map[string]*gtsmodel.Mention
-	testAutheds      map[string]*oauth.Auth
+	testAutheds      map[string]*apiutil.Auth
 	testBlocks       map[string]*gtsmodel.Block
 	testActivities   map[string]testrig.ActivityWithSignature
 	testLists        map[string]*gtsmodel.List
@@ -85,7 +86,7 @@ func (suite *ProcessingStandardTestSuite) SetupSuite() {
 	suite.testStatuses = testrig.NewTestStatuses()
 	suite.testTags = testrig.NewTestTags()
 	suite.testMentions = testrig.NewTestMentions()
-	suite.testAutheds = map[string]*oauth.Auth{
+	suite.testAutheds = map[string]*apiutil.Auth{
 		"local_account_1": {
 			Application: suite.testApplications["local_account_1"],
 			User:        suite.testUsers["local_account_1"],
diff --git a/internal/processing/timeline/faved.go b/internal/processing/timeline/faved.go
index bb7f03fff..6e915f4ef 100644
--- a/internal/processing/timeline/faved.go
+++ b/internal/processing/timeline/faved.go
@@ -23,15 +23,15 @@ import (
 	"fmt"
 
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	statusfilter "github.com/superseriousbusiness/gotosocial/internal/filter/status"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
-func (p *Processor) FavedTimelineGet(ctx context.Context, authed *oauth.Auth, maxID string, minID string, limit int) (*apimodel.PageableResponse, gtserror.WithCode) {
+func (p *Processor) FavedTimelineGet(ctx context.Context, authed *apiutil.Auth, maxID string, minID string, limit int) (*apimodel.PageableResponse, gtserror.WithCode) {
 	statuses, nextMaxID, prevMinID, err := p.state.DB.GetFavedTimeline(ctx, authed.Account.ID, maxID, minID, limit)
 	if err != nil && !errors.Is(err, db.ErrNoEntries) {
 		err = fmt.Errorf("FavedTimelineGet: db error getting statuses: %w", err)
diff --git a/internal/processing/timeline/home.go b/internal/processing/timeline/home.go
index 215000933..38cf38405 100644
--- a/internal/processing/timeline/home.go
+++ b/internal/processing/timeline/home.go
@@ -22,6 +22,7 @@ import (
 	"errors"
 
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	statusfilter "github.com/superseriousbusiness/gotosocial/internal/filter/status"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/usermute"
@@ -29,7 +30,6 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/state"
 	"github.com/superseriousbusiness/gotosocial/internal/timeline"
 	"github.com/superseriousbusiness/gotosocial/internal/typeutils"
@@ -118,7 +118,7 @@ func HomeTimelineStatusPrepare(state *state.State, converter *typeutils.Converte
 	}
 }
 
-func (p *Processor) HomeTimelineGet(ctx context.Context, authed *oauth.Auth, maxID string, sinceID string, minID string, limit int, local bool) (*apimodel.PageableResponse, gtserror.WithCode) {
+func (p *Processor) HomeTimelineGet(ctx context.Context, authed *apiutil.Auth, maxID string, sinceID string, minID string, limit int, local bool) (*apimodel.PageableResponse, gtserror.WithCode) {
 	statuses, err := p.state.Timelines.Home.GetTimeline(ctx, authed.Account.ID, maxID, sinceID, minID, limit, local)
 	if err != nil && !errors.Is(err, db.ErrNoEntries) {
 		err = gtserror.Newf("error getting statuses: %w", err)
diff --git a/internal/processing/timeline/home_test.go b/internal/processing/timeline/home_test.go
index c73c209a3..ea56418f6 100644
--- a/internal/processing/timeline/home_test.go
+++ b/internal/processing/timeline/home_test.go
@@ -23,10 +23,10 @@ import (
 
 	"github.com/stretchr/testify/suite"
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/visibility"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/id"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	tlprocessor "github.com/superseriousbusiness/gotosocial/internal/processing/timeline"
 	"github.com/superseriousbusiness/gotosocial/internal/timeline"
 	"github.com/superseriousbusiness/gotosocial/internal/typeutils"
@@ -64,7 +64,7 @@ func (suite *HomeTestSuite) TestHomeTimelineGetHideFiltered() {
 	var (
 		ctx                 = context.Background()
 		requester           = suite.testAccounts["local_account_1"]
-		authed              = &oauth.Auth{Account: requester}
+		authed              = &apiutil.Auth{Account: requester}
 		maxID               = ""
 		sinceID             = ""
 		minID               = "01F8MHAAY43M6RJ473VQFCVH36" // 1 before filteredStatus
diff --git a/internal/processing/timeline/list.go b/internal/processing/timeline/list.go
index a7f5e9d71..147f87ab4 100644
--- a/internal/processing/timeline/list.go
+++ b/internal/processing/timeline/list.go
@@ -22,6 +22,7 @@ import (
 	"errors"
 
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	statusfilter "github.com/superseriousbusiness/gotosocial/internal/filter/status"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/usermute"
@@ -29,7 +30,6 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtscontext"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/state"
 	"github.com/superseriousbusiness/gotosocial/internal/timeline"
 	"github.com/superseriousbusiness/gotosocial/internal/typeutils"
@@ -130,7 +130,7 @@ func ListTimelineStatusPrepare(state *state.State, converter *typeutils.Converte
 	}
 }
 
-func (p *Processor) ListTimelineGet(ctx context.Context, authed *oauth.Auth, listID string, maxID string, sinceID string, minID string, limit int) (*apimodel.PageableResponse, gtserror.WithCode) {
+func (p *Processor) ListTimelineGet(ctx context.Context, authed *apiutil.Auth, listID string, maxID string, sinceID string, minID string, limit int) (*apimodel.PageableResponse, gtserror.WithCode) {
 	// Ensure list exists + is owned by this account.
 	list, err := p.state.DB.GetListByID(ctx, listID)
 	if err != nil {
diff --git a/internal/processing/timeline/notification.go b/internal/processing/timeline/notification.go
index 09636e7eb..04a898198 100644
--- a/internal/processing/timeline/notification.go
+++ b/internal/processing/timeline/notification.go
@@ -24,6 +24,7 @@ import (
 	"net/url"
 
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/db"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/status"
 	"github.com/superseriousbusiness/gotosocial/internal/filter/usermute"
@@ -31,14 +32,13 @@ import (
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
 	"github.com/superseriousbusiness/gotosocial/internal/log"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/paging"
 	"github.com/superseriousbusiness/gotosocial/internal/util"
 )
 
 func (p *Processor) NotificationsGet(
 	ctx context.Context,
-	authed *oauth.Auth,
+	authed *apiutil.Auth,
 	page *paging.Page,
 	types []gtsmodel.NotificationType,
 	excludeTypes []gtsmodel.NotificationType,
@@ -164,7 +164,7 @@ func (p *Processor) NotificationGet(ctx context.Context, account *gtsmodel.Accou
 	return apiNotif, nil
 }
 
-func (p *Processor) NotificationsClear(ctx context.Context, authed *oauth.Auth) gtserror.WithCode {
+func (p *Processor) NotificationsClear(ctx context.Context, authed *apiutil.Auth) gtserror.WithCode {
 	// Delete all notifications of all types that target the authorized account.
 	if err := p.state.DB.DeleteNotifications(ctx, nil, authed.Account.ID, ""); err != nil && !errors.Is(err, db.ErrNoEntries) {
 		return gtserror.NewErrorInternalError(err)
diff --git a/internal/processing/workers/workers_test.go b/internal/processing/workers/workers_test.go
index ffd40d8fb..b7ec54c1e 100644
--- a/internal/processing/workers/workers_test.go
+++ b/internal/processing/workers/workers_test.go
@@ -21,8 +21,8 @@ import (
 	"context"
 
 	"github.com/stretchr/testify/suite"
+	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
-	"github.com/superseriousbusiness/gotosocial/internal/oauth"
 	"github.com/superseriousbusiness/gotosocial/internal/processing"
 	"github.com/superseriousbusiness/gotosocial/internal/stream"
 	"github.com/superseriousbusiness/gotosocial/testrig"
@@ -48,7 +48,7 @@ type WorkersTestSuite struct {
 	testStatuses     map[string]*gtsmodel.Status
 	testTags         map[string]*gtsmodel.Tag
 	testMentions     map[string]*gtsmodel.Mention
-	testAutheds      map[string]*oauth.Auth
+	testAutheds      map[string]*apiutil.Auth
 	testBlocks       map[string]*gtsmodel.Block
 	testActivities   map[string]testrig.ActivityWithSignature
 	testLists        map[string]*gtsmodel.List
@@ -66,7 +66,7 @@ func (suite *WorkersTestSuite) SetupSuite() {
 	suite.testStatuses = testrig.NewTestStatuses()
 	suite.testTags = testrig.NewTestTags()
 	suite.testMentions = testrig.NewTestMentions()
-	suite.testAutheds = map[string]*oauth.Auth{
+	suite.testAutheds = map[string]*apiutil.Auth{
 		"local_account_1": {
 			Application: suite.testApplications["local_account_1"],
 			User:        suite.testUsers["local_account_1"],