diff --git a/packages/backend/src/server/api/mastodon/helpers/auth.ts b/packages/backend/src/server/api/mastodon/helpers/auth.ts
index 2fa898161..362380332 100644
--- a/packages/backend/src/server/api/mastodon/helpers/auth.ts
+++ b/packages/backend/src/server/api/mastodon/helpers/auth.ts
@@ -1,6 +1,6 @@
 import OAuth from "@/server/api/mastodon/entities/oauth/oauth.js";
 import { secureRndstr } from "@/misc/secure-rndstr.js";
-import { Apps, AuthSessions } from "@/models/index.js";
+import { AccessTokens, Apps, AuthSessions } from "@/models/index.js";
 import { genId } from "@/misc/gen-id.js";
 import { v4 as uuid } from "uuid";
 import config from "@/config/index.js";
@@ -40,4 +40,33 @@ export class AuthHelpers {
         appdata.session_token = session.token;
         return appdata;
     }
+
+    public static async getAuthToken(appSecret: string, token: string) {
+        // Lookup app
+        const app = await Apps.findOneBy({
+            secret: appSecret,
+        });
+
+        if (app == null) throw new Error("No such app");
+
+        // Fetch token
+        const session = await AuthSessions.findOneBy({
+            token: token,
+            appId: app.id,
+        });
+
+        if (session == null) throw new Error("No such session");
+        if (session.userId == null) throw new Error("This session is still pending");
+
+        // Lookup access token
+        const accessToken = await AccessTokens.findOneByOrFail({
+            appId: app.id,
+            userId: session.userId,
+        });
+
+        // Delete session
+        AuthSessions.delete(session.id);
+
+        return accessToken.token;
+    }
 }
diff --git a/packages/backend/src/server/index.ts b/packages/backend/src/server/index.ts
index ff1d8abbe..d9c8c9481 100644
--- a/packages/backend/src/server/index.ts
+++ b/packages/backend/src/server/index.ts
@@ -15,14 +15,12 @@ import * as slow from "koa-slow";
 import { IsNull } from "typeorm";
 import config from "@/config/index.js";
 import Logger from "@/services/logger.js";
-import { UserProfiles, Users } from "@/models/index.js";
+import { Users } from "@/models/index.js";
 import { fetchMeta } from "@/misc/fetch-meta.js";
 import { genIdenticon } from "@/misc/gen-identicon.js";
 import { createTemp } from "@/misc/create-temp.js";
-import { publishMainStream } from "@/services/stream.js";
 import * as Acct from "@/misc/acct.js";
 import { envOption } from "@/env.js";
-import megalodon, { MegalodonInterface } from "megalodon";
 import activityPub from "./activitypub.js";
 import nodeinfo from "./nodeinfo.js";
 import wellKnown from "./well-known.js";
@@ -34,6 +32,7 @@ import { initializeStreamingServer } from "./api/streaming.js";
 import { koaBody } from "koa-body";
 import removeTrailingSlash from "koa-remove-trailing-slashes";
 import { v4 as uuid } from "uuid";
+import { AuthHelpers } from "@/server/api/mastodon/helpers/auth.js";
 
 export const serverLogger = new Logger("server", "gray", false);
 
@@ -154,20 +153,14 @@ mastoRouter.post("/oauth/token", async (ctx) => {
 	console.log("token-request", body);
 	console.log("token-query", ctx.request.query);
 	if (body.grant_type === "client_credentials") {
-		const ret = {
+		ctx.body = {
 			access_token: uuid(),
 			token_type: "Bearer",
 			scope: "read",
 			created_at: Math.floor(new Date().getTime() / 1000),
 		};
-		ctx.body = ret;
 		return;
 	}
-	let client_id: any = body.client_id;
-	const BASE_URL = `${ctx.request.protocol}://${ctx.request.hostname}`;
-	const generator = (megalodon as any).default;
-	const client = generator(BASE_URL, null) as MegalodonInterface;
-	let m = null;
 	let token = null;
 	if (body.code) {
 		//m = body.code.match(/^([a-zA-Z0-9]{8})([a-zA-Z0-9]{4})([a-zA-Z0-9]{4})([a-zA-Z0-9]{4})([a-zA-Z0-9]{12})/);
@@ -179,19 +172,10 @@ mastoRouter.post("/oauth/token", async (ctx) => {
 		console.log(body.code, token);
 		token = body.code;
 	}
-	if (client_id instanceof Array) {
-		client_id = client_id.toString();
-	} else if (!client_id) {
-		client_id = null;
-	}
 	try {
-		const atData = await client.fetchAccessToken(
-			client_id,
-			body.client_secret,
-			token ? token : "",
-		);
+		const accessToken = await AuthHelpers.getAuthToken(body.client_secret, token ? token : "");
 		const ret = {
-			access_token: atData.accessToken,
+			access_token: accessToken,
 			token_type: "Bearer",
 			scope: body.scope || "read write follow push",
 			created_at: Math.floor(new Date().getTime() / 1000),