diff --git a/packages/backend-core/src/middleware/authenticated.ts b/packages/backend-core/src/middleware/authenticated.ts
index 17aadbcaea..51cd4ec2af 100644
--- a/packages/backend-core/src/middleware/authenticated.ts
+++ b/packages/backend-core/src/middleware/authenticated.ts
@@ -131,7 +131,8 @@ export default function (
           } else {
             user = await getUser(userId, session.tenantId)
           }
-          ;(user as any).csrfToken = session.csrfToken
+          // @ts-ignore
+          user.csrfToken = session.csrfToken
 
           if (session?.lastAccessedAt < timeMinusOneMinute()) {
             // make sure we denote that the session is still in use