diff --git a/Gemfile b/Gemfile
index 5549a753d..94e51f529 100644
--- a/Gemfile
+++ b/Gemfile
@@ -16,7 +16,6 @@ gem 'rails', '~> 6.1.1'
 gem 'recaptcha', require: 'recaptcha/rails'
 gem 'sanitize', '~> 5.2'
 gem 'sassc-rails'
-gem 'simple_token_authentication', '~> 1.16.0' # Token authentication for Devise
 gem 'webpacker', '~> 4.0.0'
 gem 'yomu', git: 'https://github.com/biosistemika/yomu', branch: 'master'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 12f2ba0e1..4f665e982 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -561,10 +561,6 @@ GEM
     shoulda-matchers (4.5.1)
       activesupport (>= 4.2.0)
     silencer (1.0.1)
-    simple_token_authentication (1.16.0)
-      actionmailer (>= 3.2.6, < 7)
-      actionpack (>= 3.2.6, < 7)
-      devise (>= 3.2, < 6)
     simplecov (0.21.2)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
@@ -716,7 +712,6 @@ DEPENDENCIES
   selenium-webdriver
   shoulda-matchers
   silencer
-  simple_token_authentication (~> 1.16.0)
   simplecov
   sneaky-save!
   spinjs-rails
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e09bc460d..2baf06124 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,5 +1,4 @@
 class ApplicationController < ActionController::Base
-  acts_as_token_authentication_handler_for User, unless: -> { current_user.present? }
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception, prepend: true
diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index 9f9da0d8d..7bef0c169 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -39,31 +39,6 @@ class Users::SessionsController < Devise::SessionsController
   #   super
   # end
 
-  # Singing in with authentication token (needed when signing in automatically
-  # from another website). NOTE: For some reason URL needs to end with '/'.
-  def auth_token_create
-    user = User.find_by_email(params[:user_email])
-    user_token = params[:user_token]
-    # Remove trailing slash if present
-    user_token.chop! if !user_token.nil? && user_token.end_with?('/')
-
-    if user && user.authentication_token == user_token
-      sign_in(:user, user)
-      # This will cause new token to be generated
-      user.update(authentication_token: nil)
-      redirect_url = root_path
-    else
-      flash[:error] = t('devise.sessions.auth_token_create.wrong_credentials')
-      redirect_url = new_user_session_path
-    end
-
-    respond_to do |format|
-      format.html do
-        redirect_to redirect_url
-      end
-    end
-  end
-
   def after_sign_in
     flash[:system_notification_modal] = true
   end
diff --git a/config/initializers/simple_token_authentication.rb b/config/initializers/simple_token_authentication.rb
deleted file mode 100644
index b66288f53..000000000
--- a/config/initializers/simple_token_authentication.rb
+++ /dev/null
@@ -1,75 +0,0 @@
-SimpleTokenAuthentication.configure do |config|
-  # Configure the session persistence policy after a successful sign in,
-  # in other words, if the authentication token acts as a signin token.
-  # If true, user is stored in the session and the authentication token and
-  # email may be provided only once.
-  # If false, users must provide their authentication token and email at every
-  # request.
-  # config.sign_in_token = false
-
-  # Configure the name of the HTTP headers watched for authentication.
-  #
-  # Default header names for a given token authenticatable entity follow the
-  # pattern:
-  #   { entity: { authentication_token: 'X-Entity-Token', email:
-  #    'X-Entity-Email'} }
-  #
-  # When several token authenticatable models are defined, custom header names
-  # can be specified for none, any, or all of them.
-  #
-  # Note: when using the identifiers options, this option behaviour is modified.
-  # Please see the example below.
-  #
-  # Examples
-  #
-  #   Given User and SuperAdmin are token authenticatable,
-  #   When the following configuration is used:
-  #     `config.header_names = { super_admin: { authentication_token:
-  #      'X-Admin-Auth-Token' } }`
-  #   Then the token authentification handler for User watches the following
-  #   headers:
-  #     `X-User-Token, X-User-Email`
-  #   And the token authentification handler for SuperAdmin watches the
-  #   following headers:
-  #     `X-Admin-Auth-Token, X-SuperAdmin-Email`
-  #
-  #   When the identifiers option is set:
-  #     `config.identifiers = { super_admin: :phone_number }`
-  #   Then both the header names identifier key and default value are modified
-  #   accordingly:
-  #     `config.header_names = { super_admin: { phone_number:
-  #      'X-SuperAdmin-PhoneNumber' } }`
-  #
-  # config.header_names = { user: { authentication_token: 'X-User-Token', email:
-  #                        'X-User-Email' } }
-
-  # Configure the name of the attribute used to identify the user for
-  # authentication.
-  # That attribute must exist in your model.
-  #
-  # The default identifiers follow the pattern:
-  # { entity: 'email' }
-  #
-  # Note: the identifer must match your Devise configuration,
-  # see https://github.com/plataformatec/devise/wiki/How-To:-Allow-users-to-sign-in-using-their-username-or-email-address#tell-devise-to-use-username-in-the-authentication_keys
-  #
-  # Note: setting this option does modify the header_names behaviour,
-  # see the header_names section above.
-  #
-  # Example:
-  #
-  #   `config.identifiers = { super_admin: 'phone_number', user: 'uuid' }`
-  #
-  # config.identifiers = { user: 'email' }
-
-  # Configure the Devise trackable strategy integration.
-  #
-  # If true, tracking is disabled for token authentication: signing in through
-  # token authentication won't modify the Devise trackable statistics.
-  #
-  # If false, given Devise trackable is configured for the relevant model,
-  # then signing in through token authentication will be tracked as any other
-  # sign in.
-  #
-  # config.skip_devise_trackable = true
-end
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 27fb8c43a..a6903a6e6 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -49,8 +49,6 @@ en:
         not_correct_code: "Not correct recovery code"
       create:
         team_name: "%{user}'s projects"
-      auth_token_create:
-        wrong_credentials: "Failed to automatically sign in (wrong credentials)."
     unlocks:
       new:
         head_title: "Resend unlock instructions"
diff --git a/config/routes.rb b/config/routes.rb
index d37e14dfd..8bbaf4c93 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -641,7 +641,6 @@ Rails.application.routes.draw do
 
     devise_scope :user do
       get 'avatar/:id/:style' => 'users/registrations#avatar', as: 'avatar'
-      get 'users/auth_token_sign_in' => 'users/sessions#auth_token_create'
       get 'users/sign_up_provider' => 'users/registrations#new_with_provider'
       get 'users/two_factor_recovery' => 'users/sessions#two_factor_recovery'
       post 'users/authenticate_with_two_factor' => 'users/sessions#authenticate_with_two_factor'