diff --git a/server/pkg/controller/user/jwt.go b/server/pkg/controller/user/jwt.go
index 9cfe61972a..c52ba61cc7 100644
--- a/server/pkg/controller/user/jwt.go
+++ b/server/pkg/controller/user/jwt.go
@@ -38,7 +38,7 @@ func (c *UserController) GetJWTTokenForClaim(claim *enteJWT.WebCommonJWTClaim) (
 	return tokenString, nil
 }
 
-func (c *UserController) ValidateJWTToken(jwtToken string, scope enteJWT.ClaimScope) (int64, error) {
+func (c *UserController) ValidateJWTToken(jwtToken string, scope enteJWT.ClaimScope) (*enteJWT.WebCommonJWTClaim, error) {
 	token, err := jwt.ParseWithClaims(jwtToken, &enteJWT.WebCommonJWTClaim{}, func(token *jwt.Token) (interface{}, error) {
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, stacktrace.Propagate(fmt.Errorf("unexpected signing method: %v", token.Header["alg"]), "")
@@ -46,14 +46,14 @@ func (c *UserController) ValidateJWTToken(jwtToken string, scope enteJWT.ClaimSc
 		return c.JwtSecret, nil
 	})
 	if err != nil {
-		return -1, stacktrace.Propagate(err, "JWT parsed failed")
+		return nil, stacktrace.Propagate(err, "JWT parsed failed")
 	}
 	claims, ok := token.Claims.(*enteJWT.WebCommonJWTClaim)
 	if ok && token.Valid {
 		if claims.GetScope() != scope {
-			return -1, stacktrace.Propagate(fmt.Errorf("recived claimScope %s is different than expected scope: %s", claims.GetScope(), scope), "")
+			return nil, stacktrace.Propagate(fmt.Errorf("recived claimScope %s is different than expected scope: %s", claims.GetScope(), scope), "")
 		}
-		return claims.UserID, nil
+		return claims, nil
 	}
-	return -1, stacktrace.Propagate(err, "JWT claim failed")
+	return nil, stacktrace.Propagate(err, "JWT claim failed")
 }
diff --git a/server/pkg/controller/user/user_delete.go b/server/pkg/controller/user/user_delete.go
index 8dddec5727..a7257174a3 100644
--- a/server/pkg/controller/user/user_delete.go
+++ b/server/pkg/controller/user/user_delete.go
@@ -63,11 +63,11 @@ func (c *UserController) GetDeleteChallengeToken(ctx *gin.Context) (*ente.Delete
 
 func (c *UserController) SelfDeleteAccount(ctx *gin.Context, req ente.DeleteAccountRequest) (*ente.DeleteAccountResponse, error) {
 	userID := auth.GetUserID(ctx.Request.Header)
-	tokenUserID, err := c.ValidateJWTToken(req.Challenge, enteJWT.DELETE_ACCOUNT)
+	claim, err := c.ValidateJWTToken(req.Challenge, enteJWT.DELETE_ACCOUNT)
 	if err != nil {
 		return nil, stacktrace.Propagate(err, "failed to validate jwt token")
 	}
-	if tokenUserID != userID {
+	if claim.UserID != userID {
 		return nil, stacktrace.Propagate(ente.ErrPermissionDenied, "jwtToken belongs to different user")
 	}
 	user, err := c.UserRepo.Get(userID)
diff --git a/server/pkg/middleware/auth.go b/server/pkg/middleware/auth.go
index 3113043a58..cd3c387fce 100644
--- a/server/pkg/middleware/auth.go
+++ b/server/pkg/middleware/auth.go
@@ -48,7 +48,12 @@ func (m *AuthMiddleware) TokenAuthMiddleware(jwtClaimScope *jwt.ClaimScope) gin.
 		var err error
 		if !found {
 			if isJWT {
-				userID, err = m.UserController.ValidateJWTToken(token, *jwtClaimScope)
+				claim, claimErr := m.UserController.ValidateJWTToken(token, *jwtClaimScope)
+				if claimErr != nil {
+					err = claimErr
+				} else {
+					userID = claim.UserID
+				}
 			} else {
 				userID, err = m.UserAuthRepo.GetUserIDWithToken(token, app)
 				if err != nil && !errors.Is(err, sql.ErrNoRows) {