diff --git a/brewman/core/security.py b/brewman/core/security.py
index 25c32aa8..8a4051c7 100644
--- a/brewman/core/security.py
+++ b/brewman/core/security.py
@@ -1,6 +1,6 @@
 import uuid
 from datetime import datetime, timedelta
-from typing import List
+from typing import List, Union
 from jwt import PyJWTError
 
 from fastapi import Depends, HTTPException, status, Security
@@ -20,10 +20,7 @@ ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 30
 
 
-oauth2_scheme = OAuth2PasswordBearer(
-    tokenUrl="/token",
-    scopes={}
-)
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token", scopes={})
 
 
 class Token(BaseModel):
@@ -41,6 +38,7 @@ class User(BaseModel):
     name: str
     locked_out: bool = None
     password: str
+    permissions: List[str]
 
 
 def f7(seq):
@@ -69,20 +67,27 @@ def create_access_token(*, data: dict, expires_delta: timedelta = None):
     return encoded_jwt
 
 
-def get_user(username: str, db: Session):
-    user = db.query(UserModel).filter(UserModel.name.ilike(username)).first()
-    if user:
-        return User(id_=user.id, name=user.name, locked_out=user.locked_out, password=user.password)
+def get_user(username: str, id_: str, locked_out: bool, scopes: List[str]):
+    return User(
+        id_=uuid.UUID(id_),
+        name=username,
+        locked_out=locked_out,
+        password="",
+        permissions=scopes,
+    )
 
 
-def authenticate_user(username: str, password: str, db: Session):
+def authenticate_user(username: str, password: str, db: Session) -> Union[UserModel, bool]:
     found, user = UserModel.auth(username, password, db)
     if not found:
         return False
     return user
 
 
-async def get_current_user(security_scopes: SecurityScopes, token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
+async def get_current_user(
+    security_scopes: SecurityScopes,
+    token: str = Depends(oauth2_scheme),
+):
     if security_scopes.scopes:
         authenticate_value = f'Bearer scope="{security_scopes.scope_str}"'
     else:
@@ -101,7 +106,7 @@ async def get_current_user(security_scopes: SecurityScopes, token: str = Depends
         token_data = TokenData(scopes=token_scopes, username=username)
     except (PyJWTError, ValidationError):
         raise credentials_exception
-    user = get_user(username=token_data.username, db=db)
+    user = get_user(username=token_data.username, id_=payload.get("user_id", None), locked_out=payload.get("locked_out", True), scopes=token_scopes)
     if user is None:
         raise credentials_exception
     for scope in security_scopes.scopes:
@@ -114,9 +119,9 @@ async def get_current_user(security_scopes: SecurityScopes, token: str = Depends
     return user
 
 
-async def get_current_active_user(current_user: User = Security(get_current_user, scopes=["authenticated"])):
+async def get_current_active_user(
+    current_user: User = Security(get_current_user, scopes=["authenticated"])
+):
     if current_user.locked_out:
         raise HTTPException(status_code=400, detail="Inactive user")
     return current_user
-
-
diff --git a/brewman/routers/login.py b/brewman/routers/login.py
index 33961ea5..8b56120d 100644
--- a/brewman/routers/login.py
+++ b/brewman/routers/login.py
@@ -48,6 +48,8 @@ async def login_for_access_token(
                     ]
                 )
             ),
+            "user_id": str(user.id),
+            "locked_out": user.locked_out
         },
         expires_delta=access_token_expires,
     )