1 files changed, 17 insertions, 7 deletions

diff --git a/src/token/extract/identity.rs b/src/token/extract/identity.rs
index bee4e31..5c004ef 100644
--- a/src/token/extract/identity.rs
+++ b/src/token/extract/identity.rs
@@ -1,16 +1,18 @@
 use axum::{
-    extract::{FromRequestParts, OptionalFromRequestParts, State},
+    extract::{FromRef, FromRequestParts, OptionalFromRequestParts, State},
     http::request::Parts,
     response::{IntoResponse, Response},
 };
 
 use super::IdentityCookie;
 use crate::{
-    app::App,
     clock::RequestedAt,
     error::{Internal, Unauthorized},
     login::Login,
-    token::{Token, app::ValidateError},
+    token::{
+        Token,
+        app::{Tokens, ValidateError},
+    },
 };
 
 #[derive(Clone, Debug)]
@@ -19,7 +21,11 @@ pub struct Identity {
     pub login: Login,
 }
 
-impl FromRequestParts<App> for Identity {
+impl<App> FromRequestParts<App> for Identity
+where
+    Tokens: FromRef<App>,
+    App: Send + Sync,
+{
     type Rejection = LoginError<Internal>;
 
     async fn from_request_parts(parts: &mut Parts, state: &App) -> Result<Self, Self::Rejection> {
@@ -28,8 +34,8 @@ impl FromRequestParts<App> for Identity {
 
         let secret = cookie.secret().ok_or(LoginError::Unauthorized)?;
 
-        let app = State::<App>::from_request_parts(parts, state).await?;
-        app.tokens()
+        let tokens = State::<Tokens>::from_request_parts(parts, state).await?;
+        tokens
             .validate(&secret, &used_at)
             .await
             .map_err(|err| match err {
@@ -39,7 +45,11 @@ impl FromRequestParts<App> for Identity {
     }
 }
 
-impl OptionalFromRequestParts<App> for Identity {
+impl<App> OptionalFromRequestParts<App> for Identity
+where
+    Tokens: FromRef<App>,
+    App: Send + Sync,
+{
     type Rejection = LoginError<Internal>;
 
     async fn from_request_parts(