diff --git a/src/server/auth.js b/src/server/auth.js
new file mode 100644
index 0000000..1b3c430
--- /dev/null
+++ b/src/server/auth.js
@@ -0,0 +1,46 @@
+const util = require("util");
+
+const jwtVerify = util.promisify(require("jsonwebtoken").verify);
+const jwksClient = require("jwks-rsa");
+
+const jwks = jwksClient({
+  jwksUri: "https://openneo.us.auth0.com/.well-known/jwks.json",
+});
+
+async function getJwtKey(header, callback) {
+  jwks.getSigningKey(header.kid, (err, key) => {
+    if (err) {
+      return callback(null, signingKey);
+    }
+    const signingKey = key.publicKey || key.rsaPublicKey;
+    callback(null, signingKey);
+  });
+}
+
+async function getUserIdFromToken(token) {
+  if (!token) {
+    return null;
+  }
+
+  let payload;
+  try {
+    payload = await jwtVerify(token, getJwtKey, {
+      audience: "https://impress-2020.openneo.net/api",
+      issuer: "https://openneo.us.auth0.com/",
+      algorithms: ["RS256"],
+    });
+  } catch (e) {
+    console.error(`Invalid auth token: ${token}\n${e}`);
+    return null;
+  }
+
+  const subMatch = payload.sub.match(/auth0\|impress-([0-9]+)/);
+  if (!subMatch) {
+    console.log("Unexpected auth token sub format", payload.sub);
+    return null;
+  }
+  const userId = subMatch[1];
+  return userId;
+}
+
+module.exports = { getUserIdFromToken };
diff --git a/src/server/index.js b/src/server/index.js
index 55c5f55..f1dc42a 100644
--- a/src/server/index.js
+++ b/src/server/index.js
@@ -1,10 +1,7 @@
-const util = require("util");
-
 const { beelinePlugin } = require("./lib/beeline-graphql");
 const { gql, makeExecutableSchema } = require("apollo-server");
-const jwtVerify = util.promisify(require("jsonwebtoken").verify);
-const jwksClient = require("jwks-rsa");
 
+const { getUserIdFromToken } = require("./auth");
 const connectToDb = require("./db");
 const buildLoaders = require("./loaders");
 const { svgLoggingPlugin } = require("./types/AppearanceLayer");
@@ -53,46 +50,6 @@ if (process.env["NODE_ENV"] !== "test") {
   plugins.push(beelinePlugin);
 }
 
-const jwks = jwksClient({
-  jwksUri: "https://openneo.us.auth0.com/.well-known/jwks.json",
-});
-
-async function getJwtKey(header, callback) {
-  jwks.getSigningKey(header.kid, (err, key) => {
-    if (err) {
-      return callback(null, signingKey);
-    }
-    const signingKey = key.publicKey || key.rsaPublicKey;
-    callback(null, signingKey);
-  });
-}
-
-async function getUserIdFromToken(token) {
-  if (!token) {
-    return null;
-  }
-
-  let payload;
-  try {
-    payload = await jwtVerify(token, getJwtKey, {
-      audience: "https://impress-2020.openneo.net/api",
-      issuer: "https://openneo.us.auth0.com/",
-      algorithms: ["RS256"],
-    });
-  } catch (e) {
-    console.error(`Invalid auth token: ${token}\n${e}`);
-    return null;
-  }
-
-  const subMatch = payload.sub.match(/auth0\|impress-([0-9]+)/);
-  if (!subMatch) {
-    console.log("Unexpected auth token sub format", payload.sub);
-    return null;
-  }
-  const userId = subMatch[1];
-  return userId;
-}
-
 const config = {
   schema,
   context: async ({ req }) => {