diff --git a/crates/store/src/auth/static_user_store.rs b/crates/store/src/auth/static_user_store.rs
index 80a94b8..01827ad 100644
--- a/crates/store/src/auth/static_user_store.rs
+++ b/crates/store/src/auth/static_user_store.rs
@@ -44,11 +44,6 @@ impl AuthenticationProvider for StaticUserStore {
             None => return Ok(None),
         };
 
-        let password = match &user_entry.user.password {
-            Some(password) => password,
-            None => return Ok(None),
-        };
-
         // Try app tokens first since they are cheaper to calculate
         // They can afford less iterations since they can be generated with high entropy
         for app_token in &user_entry.app_tokens {
@@ -56,6 +51,12 @@ impl AuthenticationProvider for StaticUserStore {
                 return Ok(Some(user_entry.user));
             }
         }
+
+        let password = match &user_entry.user.password {
+            Some(password) => password,
+            None => return Ok(None),
+        };
+
         if password_auth::verify_password(token, password).is_ok() {
             return Ok(Some(user_entry.user));
         }