diff --git a/app/controllers/concerns/token_authentication.rb b/app/controllers/concerns/token_authentication.rb
index a6ed6d2cd..1b87ffb9c 100644
--- a/app/controllers/concerns/token_authentication.rb
+++ b/app/controllers/concerns/token_authentication.rb
@@ -22,7 +22,10 @@ module TokenAuthentication
 
     Extends::API_PLUGABLE_AUTH_METHODS.each do |auth_method|
       method(auth_method).call
-      return true if current_user
+      if current_user
+        sign_in(current_user) if devise_controller?
+        return true
+      end
     end
 
     # Default token implementation
@@ -33,5 +36,7 @@ module TokenAuthentication
     payload = Api::CoreJwt.decode(@token)
     @current_user = User.find_by(id: payload['sub'])
     raise JWT::InvalidPayload, I18n.t('api.core.no_user_mapping') unless current_user
+
+    sign_in(current_user) if devise_controller?
   end
 end