diff --git a/backend/app/api/handlers/v1/v1_ctrl_auth.go b/backend/app/api/handlers/v1/v1_ctrl_auth.go
index a11db5c..d5d4c27 100644
--- a/backend/app/api/handlers/v1/v1_ctrl_auth.go
+++ b/backend/app/api/handlers/v1/v1_ctrl_auth.go
@@ -89,7 +89,7 @@ func (ctrl *V1Controller) HandleAuthLogin() errchain.HandlerFunc {
 	}
 }
 
-func (ctrl *V1Controller) HandleSsoHeaderLogin() server.HandlerFunc {
+func (ctrl *V1Controller) HandleSsoHeaderLogin() errchain.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) error {
 		log.Info().Msg("Header SSO Login Attempt")
 		if !ctrl.headerSSOEnabled {
@@ -109,13 +109,13 @@ func (ctrl *V1Controller) HandleSsoHeaderLogin() server.HandlerFunc {
 			return validate.NewRequestError(errors.New("authentication failed. not SSO header found or empty"), http.StatusInternalServerError)
 		}
 
-		newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(email))
+		newToken, err := ctrl.svc.User.LoginWithoutPassword(r.Context(), strings.ToLower(email), false)
 
 		if err != nil {
 			return validate.NewRequestError(errors.New("authentication failed"), http.StatusInternalServerError)
 		}
 
-		return server.Respond(w, http.StatusOK, TokenResponse{
+		return server.JSON(w, http.StatusOK, TokenResponse{
 			Token:           "Bearer " + newToken.Raw,
 			ExpiresAt:       newToken.ExpiresAt,
 			AttachmentToken: newToken.AttachmentToken,
diff --git a/backend/app/api/routes.go b/backend/app/api/routes.go
index f7aeccd..307a54a 100644
--- a/backend/app/api/routes.go
+++ b/backend/app/api/routes.go
@@ -66,7 +66,7 @@ func (a *app) mountRoutes(r *chi.Mux, chain *errchain.ErrChain, repos *repo.AllR
 
 	r.Post(v1Base("/users/register"), chain.ToHandlerFunc(v1Ctrl.HandleUserRegistration()))
 	r.Post(v1Base("/users/login"), chain.ToHandlerFunc(v1Ctrl.HandleAuthLogin()))
-	r.server.Post(v1Base("/users/login-sso-header"), v1Ctrl.HandleSsoHeaderLogin())
+	r.Post(v1Base("/users/login-sso-header"), chain.ToHandlerFunc(v1Ctrl.HandleSsoHeaderLogin()))
 
 	userMW := []errchain.Middleware{
 		a.mwAuthToken,
diff --git a/backend/internal/core/services/service_user.go b/backend/internal/core/services/service_user.go
index da49f20..7df2b01 100644
--- a/backend/internal/core/services/service_user.go
+++ b/backend/internal/core/services/service_user.go
@@ -193,16 +193,15 @@ func (svc *UserService) Login(ctx context.Context, username, password string, ex
 	return svc.createSessionToken(ctx, usr.ID, extendedSession)
 }
 
-func (svc *UserService) LoginWithoutPassword(ctx context.Context, username string) (UserAuthTokenDetail, error) {
+func (svc *UserService) LoginWithoutPassword(ctx context.Context, username string, extendedSession bool) (UserAuthTokenDetail, error) {
 	usr, err := svc.repos.Users.GetOneEmail(ctx, username)
-
 	if err != nil {
 		// SECURITY: Perform hash to ensure response times are the same
 		hasher.CheckPasswordHash("not-a-real-password", "not-a-real-password")
 		return UserAuthTokenDetail{}, ErrorInvalidLogin
 	}
 
-	return svc.createSessionToken(ctx, usr.ID)
+	return svc.createSessionToken(ctx, usr.ID, extendedSession)
 }
 
 func (svc *UserService) Logout(ctx context.Context, token string) error {