diff --git a/R/auth0.R b/R/auth0.R
index ffd94a5..74985c7 100644
--- a/R/auth0.R
+++ b/R/auth0.R
@@ -202,5 +202,20 @@ internal_add_auth_layers.auth0_config <- function(config, tower) {
       # token and therefore we can return NULL, which will cause the
       # app handler to be called.
       return(NULL)
+    }) |>
+    tower::add_server_layer(function(input, output, session) {
+      cookies <- parse_cookies(session$request$HTTP_COOKIE)
+
+      if (is.null(cookies$access_token)) {
+        stop("No access token")
+      }
+
+      token <- access_token(config, remove_bearer(cookies$access_token))
+
+      if (is_expired(token)) {
+        stop("Token expired")
+      }
+
+      session$userData$token <- token
     })
 }
diff --git a/R/entra_id.R b/R/entra_id.R
index 0c7a887..5919800 100644
--- a/R/entra_id.R
+++ b/R/entra_id.R
@@ -264,5 +264,20 @@ internal_add_auth_layers.entra_id_config <- function(config, tower) {
       # token and therefore we can return NULL, which will cause the
       # app handler to be called.
       return(NULL)
+    }) |>
+    tower::add_server_layer(function(input, output, session) {
+      cookies <- parse_cookies(session$request$HTTP_COOKIE)
+
+      if (is.null(cookies$access_token)) {
+        stop("No access token")
+      }
+
+      token <- access_token(config, remove_bearer(cookies$access_token))
+
+      if (is_expired(token)) {
+        stop("Token expired")
+      }
+
+      session$userData$token <- token
     })
 }
diff --git a/R/google.R b/R/google.R
index 4c6f835..24119d1 100644
--- a/R/google.R
+++ b/R/google.R
@@ -195,5 +195,20 @@ internal_add_auth_layers.google_config <- function(config, tower) {
       # token and therefore we can return NULL, which will cause the
       # app handler to be called.
       return(NULL)
+    }) |>
+    tower::add_server_layer(function(input, output, session) {
+      cookies <- parse_cookies(session$request$HTTP_COOKIE)
+
+      if (is.null(cookies$access_token)) {
+        stop("No access token")
+      }
+
+      token <- access_token(config, remove_bearer(cookies$access_token))
+
+      if (is_expired(token)) {
+        stop("Token expired")
+      }
+
+      session$userData$token <- token
     })
 }
diff --git a/R/shiny.R b/R/shiny.R
index e145687..9ec98e4 100644
--- a/R/shiny.R
+++ b/R/shiny.R
@@ -1,24 +1,3 @@
-#' @keywords internal
-rsso_server <- function(config, server_func) {
-  function(input, output, session) {
-    cookies <- parse_cookies(session$request$HTTP_COOKIE)
-
-    if (is.null(cookies$access_token)) {
-      stop("No access token")
-    }
-
-    token <- access_token(config, remove_bearer(cookies$access_token))
-
-    if (is_expired(token)) {
-      stop("Token expired")
-    }
-
-    session$userData$token <- token
-
-    server_func(input, output, session)
-  }
-}
-
 internal_add_auth_layers <- function(config, tower) {
   UseMethod("internal_add_auth_layers")
 }