diff --git a/packages/server/modules/auth/domain/operations.ts b/packages/server/modules/auth/domain/operations.ts
index 1cf378268..90e32561e 100644
--- a/packages/server/modules/auth/domain/operations.ts
+++ b/packages/server/modules/auth/domain/operations.ts
@@ -105,3 +105,8 @@ export type PassportAuthenticateHandlerBuilder = (
   strategy: Strategy | string,
   options?: Optional<AuthenticateOptions>
 ) => Handler
+
+export type GetTokenAppInfo = (params: {
+  token: string
+  appId?: string
+}) => Promise<ServerAppRecord | undefined>
diff --git a/packages/server/modules/auth/repositories/apps.ts b/packages/server/modules/auth/repositories/apps.ts
index cbae9a4c3..04ac31ff0 100644
--- a/packages/server/modules/auth/repositories/apps.ts
+++ b/packages/server/modules/auth/repositories/apps.ts
@@ -13,6 +13,7 @@ import {
   GetApp,
   GetAuthorizationCode,
   GetRefreshToken,
+  GetTokenAppInfo,
   RegisterDefaultApp,
   RevokeExistingAppCredentials,
   RevokeExistingAppCredentialsForUser,
@@ -412,3 +413,31 @@ export const getRefreshTokenFactory =
   async ({ id }) => {
     return await tables.refreshTokens(deps.db).select('*').where({ id }).first()
   }
+
+export const getTokenAppInfoFactory =
+  (deps: { db: Knex }): GetTokenAppInfo =>
+  async (params: { token: string; appId?: string }) => {
+    const { token, appId } = params
+    const tokenId = token.slice(0, 10)
+
+    const q = tables
+      .apiTokens(deps.db)
+      .select<ServerAppRecord[]>(ServerApps.cols)
+      .where({
+        [ApiTokens.col.id]: tokenId,
+        ...(appId
+          ? {
+              [UserServerAppTokens.col.appId]: appId
+            }
+          : {})
+      })
+      .innerJoin(
+        UserServerAppTokens.name,
+        ApiTokens.col.id,
+        UserServerAppTokens.col.tokenId
+      )
+      .innerJoin(ServerApps.name, ServerApps.col.id, UserServerAppTokens.col.appId)
+      .first()
+
+    return await q
+  }
diff --git a/packages/server/modules/core/graph/resolvers/appTokens.ts b/packages/server/modules/core/graph/resolvers/appTokens.ts
index 5143c90d3..353ab66d3 100644
--- a/packages/server/modules/core/graph/resolvers/appTokens.ts
+++ b/packages/server/modules/core/graph/resolvers/appTokens.ts
@@ -1,8 +1,11 @@
+import { db } from '@/db/knex'
+import { getTokenAppInfoFactory } from '@/modules/auth/repositories/apps'
 import { Resolvers } from '@/modules/core/graph/generated/graphql'
 import { canCreateAppToken } from '@/modules/core/helpers/token'
-import { getTokenAppInfo } from '@/modules/core/repositories/tokens'
 import { createAppToken } from '@/modules/core/services/tokens'
 
+const getTokenAppInfo = getTokenAppInfoFactory({ db })
+
 export = {
   Query: {
     async authenticatedAsApp(_parent, _args, ctx) {
diff --git a/packages/server/modules/core/repositories/tokens.ts b/packages/server/modules/core/repositories/tokens.ts
deleted file mode 100644
index 84eea75d7..000000000
--- a/packages/server/modules/core/repositories/tokens.ts
+++ /dev/null
@@ -1,27 +0,0 @@
-import { ApiTokens, ServerApps, UserServerAppTokens } from '@/modules/core/dbSchema'
-import { ServerAppRecord } from '@/modules/core/helpers/types'
-
-export async function getTokenAppInfo(params: { token: string; appId?: string }) {
-  const { token, appId } = params
-  const tokenId = token.slice(0, 10)
-
-  const q = ApiTokens.knex()
-    .select<ServerAppRecord[]>(ServerApps.cols)
-    .where({
-      [ApiTokens.col.id]: tokenId,
-      ...(appId
-        ? {
-            [UserServerAppTokens.col.appId]: appId
-          }
-        : {})
-    })
-    .innerJoin(
-      UserServerAppTokens.name,
-      ApiTokens.col.id,
-      UserServerAppTokens.col.tokenId
-    )
-    .innerJoin(ServerApps.name, ServerApps.col.id, UserServerAppTokens.col.appId)
-    .first()
-
-  return await q
-}
diff --git a/packages/server/modules/core/services/tokens.ts b/packages/server/modules/core/services/tokens.ts
index a9023125d..308e42411 100644
--- a/packages/server/modules/core/services/tokens.ts
+++ b/packages/server/modules/core/services/tokens.ts
@@ -1,6 +1,6 @@
 import bcrypt from 'bcrypt'
 import crs from 'crypto-random-string'
-import knex from '@/db/knex'
+import knex, { db } from '@/db/knex'
 import {
   ServerAcl,
   ApiTokens,
@@ -13,10 +13,10 @@ import {
   TokenResourceAccessRecord,
   TokenValidationResult
 } from '@/modules/core/helpers/types'
-import { getTokenAppInfo } from '@/modules/core/repositories/tokens'
 import { Optional, ServerRoles } from '@speckle/shared'
 import { TokenResourceIdentifierInput } from '@/modules/core/graph/generated/graphql'
 import { UserInputError } from '@/modules/core/errors/userinput'
+import { getTokenAppInfoFactory } from '@/modules/auth/repositories/apps'
 
 /*
   Tokens
@@ -130,6 +130,7 @@ export async function validateToken(
     return { valid: false }
   }
 
+  const getTokenAppInfo = getTokenAppInfoFactory({ db })
   const valid = await bcrypt.compare(tokenContent, token.tokenDigest)
 
   if (valid) {