diff --git a/ansible_base/oauth2_provider/authentication.py b/ansible_base/oauth2_provider/authentication.py
index 41a2dda79..1e80bf408 100644
--- a/ansible_base/oauth2_provider/authentication.py
+++ b/ansible_base/oauth2_provider/authentication.py
@@ -23,13 +23,22 @@ class LoggedOAuth2Authentication(OAuth2Authentication):
     def authenticate(self, request):
         # sha256 the bearer token. We store the hash in the database
         # and this gives us a place to hash the incoming token for comparison
+        did_hash_token = False
         bearer_token = request.META.get('HTTP_AUTHORIZATION')
         if bearer_token and bearer_token.lower().startswith('bearer '):
             token_component = bearer_token.split(' ', 1)[1]
             hashed = hash_string(token_component, hasher=hashlib.sha256)
+            did_hash_token = True
             request.META['HTTP_AUTHORIZATION'] = f"Bearer {hashed}"
 
-        ret = super().authenticate(request)
+        # We don't /really/ want to modify the request, so after we're done authing,
+        # revert what we did above.
+        try:
+            ret = super().authenticate(request)
+        finally:
+            if did_hash_token:
+                request.META['HTTP_AUTHORIZATION'] = bearer_token
+
         if ret:
             user, token = ret
             username = user.username if user else '<none>'