diff --git a/deno.json b/deno.json
index ecd0a97cd..4f6c1a6dd 100644
--- a/deno.json
+++ b/deno.json
@@ -8,7 +8,7 @@
     "db:migrate": "deno run --allow-read --allow-env --allow-net --unstable-kv tasks/db_migrate.ts",
     "db:reset": "deno run --allow-read --allow-env --unstable-kv tasks/db_reset.ts",
     "start": "deno run --unstable-kv -A --watch=static/,routes/ --env dev.ts",
-    "test": "DENO_KV_PATH=:memory: deno test -A --parallel --unstable-kv --coverage",
+    "test": "DENO_KV_PATH=:memory: deno test -A --parallel --unstable-kv --coverage --env",
     "check:license": "deno run --allow-read --allow-write tasks/check_license.ts",
     "check:types": "deno check **/*.ts && deno check **/*.tsx",
     "ok": "deno fmt --check && deno lint && deno task check:license --check && deno task check:types && deno task test",
@@ -31,7 +31,6 @@
     "tailwindcss/plugin": "npm:/tailwindcss@3.4.1/plugin.js",
     "$std/": "https://deno.land/std@0.208.0/",
     "stripe": "npm:/stripe@13.5.0",
-    "kv_oauth/": "https://deno.land/x/deno_kv_oauth@v0.9.1/",
     "tabler_icons_tsx/": "https://deno.land/x/tabler_icons_tsx@0.0.4/tsx/",
     "fresh_charts/": "https://deno.land/x/fresh_charts@0.3.1/"
   },
diff --git a/plugins/kv_oauth.ts b/plugins/kv_oauth.ts
index 8a741f292..3c0e3a66f 100644
--- a/plugins/kv_oauth.ts
+++ b/plugins/kv_oauth.ts
@@ -1,11 +1,6 @@
 // Copyright 2023-2024 the Deno authors. All rights reserved. MIT license.
 import type { Plugin } from "$fresh/server.ts";
-import {
-  createGitHubOAuthConfig,
-  handleCallback,
-  signIn,
-  signOut,
-} from "kv_oauth/mod.ts";
+import { createGitHubOAuthConfig, createHelpers } from "jsr:@deno/kv-oauth";
 import {
   createUser,
   getUser,
@@ -15,6 +10,9 @@ import {
 import { isStripeEnabled, stripe } from "@/utils/stripe.ts";
 import { getGitHubUser } from "@/utils/github.ts";
 
+export const { signIn, handleCallback, signOut, getSessionId } = createHelpers(
+  createGitHubOAuthConfig(),
+);
 // Exported for mocking and spying in e2e tests
 export const _internals = { handleCallback };
 
@@ -31,14 +29,13 @@ export default {
   routes: [
     {
       path: "/signin",
-      handler: async (req) => await signIn(req, createGitHubOAuthConfig()),
+      handler: async (req) => await signIn(req),
     },
     {
       path: "/callback",
       handler: async (req) => {
         const { response, tokens, sessionId } = await _internals.handleCallback(
           req,
-          createGitHubOAuthConfig(),
         );
 
         const githubUser = await getGitHubUser(tokens.accessToken);
@@ -64,7 +61,7 @@ export default {
     },
     {
       path: "/signout",
-      handler: signOut,
+      handler: async (req) => await signOut(req),
     },
   ],
 } as Plugin;
diff --git a/plugins/session.ts b/plugins/session.ts
index cc12fd7fa..c204c6138 100644
--- a/plugins/session.ts
+++ b/plugins/session.ts
@@ -1,10 +1,10 @@
 // Copyright 2023-2024 the Deno authors. All rights reserved. MIT license.
 import { Plugin } from "$fresh/server.ts";
 import type { FreshContext } from "$fresh/server.ts";
-import { getSessionId } from "kv_oauth/mod.ts";
 import { getUserBySession } from "@/utils/db.ts";
 import type { User } from "@/utils/db.ts";
 import { UnauthorizedError } from "@/utils/http.ts";
+import { getSessionId } from "@/plugins/kv_oauth.ts";
 
 export interface State {
   sessionUser?: User;
@@ -12,24 +12,21 @@ export interface State {
 
 export type SignedInState = Required<State>;
 
-export function assertSignedIn(
-  ctx: { state: State },
-): asserts ctx is { state: SignedInState } {
+export function assertSignedIn(ctx: {
+  state: State;
+}): asserts ctx is { state: SignedInState } {
   if (ctx.state.sessionUser === undefined) {
     throw new UnauthorizedError("User must be signed in");
   }
 }
 
-async function setSessionState(
-  req: Request,
-  ctx: FreshContext<State>,
-) {
+async function setSessionState(req: Request, ctx: FreshContext<State>) {
   if (ctx.destination !== "route") return await ctx.next();
 
   // Initial state
   ctx.state.sessionUser = undefined;
 
-  const sessionId = getSessionId(req);
+  const sessionId = await getSessionId(req);
   if (sessionId === undefined) return await ctx.next();
   const user = await getUserBySession(sessionId);
   if (user === null) return await ctx.next();
@@ -39,10 +36,7 @@ async function setSessionState(
   return await ctx.next();
 }
 
-async function ensureSignedIn(
-  _req: Request,
-  ctx: FreshContext<State>,
-) {
+async function ensureSignedIn(_req: Request, ctx: FreshContext<State>) {
   assertSignedIn(ctx);
   return await ctx.next();
 }
diff --git a/utils/github.ts b/utils/github.ts
index 6b7f1ff15..2b6e36dc0 100644
--- a/utils/github.ts
+++ b/utils/github.ts
@@ -1,5 +1,5 @@
 // Copyright 2023-2024 the Deno authors. All rights reserved. MIT license.
-import { createGitHubOAuthConfig } from "kv_oauth/mod.ts";
+import { createGitHubOAuthConfig } from "jsr:@deno/kv-oauth";
 import { BadRequestError } from "@/utils/http.ts";
 
 export function isGitHubSetup() {
@@ -39,5 +39,5 @@ export async function getGitHubUser(accessToken: string) {
     const { message } = await resp.json();
     throw new BadRequestError(message);
   }
-  return await resp.json() as Promise<GitHubUser>;
+  return (await resp.json()) as Promise<GitHubUser>;
 }