diff --git a/packages/server/src/api/controllers/auth.js b/packages/server/src/api/controllers/auth.js
index ea12e5cc24..828a88bb9b 100644
--- a/packages/server/src/api/controllers/auth.js
+++ b/packages/server/src/api/controllers/auth.js
@@ -2,6 +2,7 @@ const jwt = require("jsonwebtoken")
 const CouchDB = require("../../db")
 const ClientDb = require("../../db/clientDb")
 const bcrypt = require("../../utilities/bcrypt")
+const { generateUserID } = require("../../db/utils")
 
 exports.authenticate = async ctx => {
   if (!ctx.user.appId) ctx.throw(400, "No appId")
@@ -35,7 +36,7 @@ exports.authenticate = async ctx => {
 
   let dbUser
   try {
-    dbUser = await instanceDb.get(`user_${username}`)
+    dbUser = await instanceDb.get(generateUserID(username))
   } catch (_) {
     // do not want to throw a 404 - as this could be
     // used to dtermine valid usernames