diff --git a/backend/src/api/controllers/user.ts b/backend/src/api/controllers/user.ts
index 7677cd493..869b104ce 100644
--- a/backend/src/api/controllers/user.ts
+++ b/backend/src/api/controllers/user.ts
@@ -200,7 +200,6 @@ export async function deleteUser(
 
   //delete user from
   await AuthUtil.deleteUser(uid);
-  await AuthUtil.revokeTokensByUid(uid);
 
   void Logger.logToDb(
     "user_deleted",
@@ -326,7 +325,6 @@ export async function updateEmail(
   try {
     await AuthUtil.updateUserEmail(uid, newEmail);
     await UserDAL.updateEmail(uid, newEmail);
-    await AuthUtil.revokeTokensByUid(uid);
   } catch (e) {
     if (e.code === "auth/email-already-exists") {
       throw new MonkeyError(
@@ -367,7 +365,6 @@ export async function updatePassword(
   const { newPassword } = req.body;
 
   await AuthUtil.updateUserPassword(uid, newPassword);
-  await AuthUtil.revokeTokensByUid(uid);
 
   return new MonkeyResponse("Password updated");
 }
diff --git a/backend/src/utils/auth.ts b/backend/src/utils/auth.ts
index 93bc67288..f7d973ffb 100644
--- a/backend/src/utils/auth.ts
+++ b/backend/src/utils/auth.ts
@@ -53,6 +53,7 @@ export async function updateUserEmail(
   uid: string,
   email: string
 ): Promise<UserRecord> {
+  await revokeTokensByUid(uid);
   return await FirebaseAdmin().auth().updateUser(uid, {
     email,
     emailVerified: false,
@@ -63,12 +64,14 @@ export async function updateUserPassword(
   uid: string,
   password: string
 ): Promise<UserRecord> {
+  await revokeTokensByUid(uid);
   return await FirebaseAdmin().auth().updateUser(uid, {
     password,
   });
 }
 
 export async function deleteUser(uid: string): Promise<void> {
+  await revokeTokensByUid(uid);
   await FirebaseAdmin().auth().deleteUser(uid);
 }