diff --git a/syncstorage/src/db/transaction.rs b/syncstorage/src/db/transaction.rs
index 9763d0e6..de43c0f6 100644
--- a/syncstorage/src/db/transaction.rs
+++ b/syncstorage/src/db/transaction.rs
@@ -16,9 +16,8 @@ use crate::error::{ApiError, ApiErrorKind};
 use crate::server::metrics::Metrics;
 use crate::server::ServerState;
 use crate::web::extractors::{
-    BsoParam, CollectionParam, PreConditionHeader, PreConditionHeaderOpt,
+    BsoParam, CollectionParam, HawkIdentifier, PreConditionHeader, PreConditionHeaderOpt,
 };
-use crate::web::middleware::SyncServerRequest;
 use crate::web::tags::Tags;
 use crate::web::X_LAST_MODIFIED;
 
@@ -241,13 +240,10 @@ impl FromRequest for DbTransactionPool {
                 }
             };
             let method = req.method().clone();
-            let user_id = match req.get_hawk_id() {
-                Ok(v) => v,
-                Err(e) => {
-                    warn!("⚠️ Bad Hawk Id: {:?}", e; "user_agent"=> useragent);
-                    return Err(e);
-                }
-            };
+            let user_id = HawkIdentifier::extract(&req).await.map_err(|e| {
+                warn!("⚠️ Bad Hawk Id: {:?}", e; "user_agent"=> useragent);
+                e
+            })?;
             let bso = BsoParam::extrude(req.head(), &mut req.extensions_mut()).ok();
             let bso_opt = bso.map(|b| b.bso);
 
diff --git a/syncstorage/src/web/extractors.rs b/syncstorage/src/web/extractors.rs
index 9d00378f..41725a43 100644
--- a/syncstorage/src/web/extractors.rs
+++ b/syncstorage/src/web/extractors.rs
@@ -42,7 +42,7 @@ use crate::tokenserver::auth::TokenserverOrigin;
 use crate::web::{
     auth::HawkPayload,
     error::{HawkErrorKind, ValidationErrorKind},
-    X_WEAVE_RECORDS,
+    DOCKER_FLOW_ENDPOINTS, X_WEAVE_RECORDS,
 };
 const BATCH_MAX_IDS: usize = 100;
 
@@ -1137,32 +1137,36 @@ impl From<HawkIdentifier> for UserIdentifier {
 impl FromRequest for HawkIdentifier {
     type Config = ();
     type Error = Error;
-    type Future = LocalBoxFuture<'static, Result<Self, Self::Error>>;
+    type Future = Ready<Result<Self, Self::Error>>;
 
     /// Use HawkPayload extraction and format as HawkIdentifier.
     fn from_request(req: &HttpRequest, _payload: &mut Payload) -> Self::Future {
+        // Dummy token if a Docker Flow request is detected.
+        if DOCKER_FLOW_ENDPOINTS.contains(&req.uri().path().to_lowercase().as_str()) {
+            return future::ready(Ok(HawkIdentifier::cmd_dummy()));
+        }
         let req = req.clone();
+        let uri = req.uri();
+        // NOTE: `connection_info()` will get a mutable reference lock on `extensions()`
+        let connection_info = req.connection_info().clone();
+        let method = req.method().clone();
+        // Tried collapsing this to a `.or_else` and hit problems with the return resolving
+        // to an appropriate error state. Can't use `?` since the function does not return a result.
+        let secrets = match req.app_data::<Data<Arc<Secrets>>>() {
+            Some(v) => v,
+            None => {
+                let err: ApiError = ApiErrorKind::Internal("No app_data Secrets".to_owned()).into();
+                return future::ready(Err(err.into()));
+            }
+        };
 
-        Box::pin(async move {
-            let secrets = match req.app_data::<Data<Arc<Secrets>>>() {
-                Some(s) => s,
-                None => {
-                    error!("⚠️ Could not load the app secrets");
-                    return Err(ValidationErrorKind::FromDetails(
-                        "Internal error".to_owned(),
-                        RequestErrorLocation::Unknown,
-                        Some("secrets".to_owned()),
-                        None,
-                    )
-                    .into());
-                }
-            };
-            // NOTE: `connection_info()` will get a mutable reference lock on `extensions()`
-            let connection_info = req.connection_info().clone();
-            let method = req.method().as_str();
-            let uri = req.uri();
-            Self::extrude(&req, method, uri, &connection_info, secrets)
-        })
+        future::ready(Self::extrude(
+            &req,
+            method.as_str(),
+            uri,
+            &connection_info,
+            secrets,
+        ))
     }
 }
 
diff --git a/syncstorage/src/web/middleware/mod.rs b/syncstorage/src/web/middleware/mod.rs
index 4f4b1274..f300c935 100644
--- a/syncstorage/src/web/middleware/mod.rs
+++ b/syncstorage/src/web/middleware/mod.rs
@@ -6,63 +6,17 @@ pub mod weave;
 //
 // Matches the [Sync Storage middleware](https://github.com/mozilla-services/server-syncstorage/blob/master/syncstorage/tweens.py) (tweens).
 
-use std::{future::Future, sync::Arc};
+use std::future::Future;
 
 use actix_web::{
     dev::{Service, ServiceRequest, ServiceResponse},
-    Error, HttpRequest,
+    web::Data,
 };
-use syncstorage_db_common::util::SyncTimestamp;
 
 use crate::error::{ApiError, ApiErrorKind};
 use crate::server::{metrics::Metrics, ServerState};
-use crate::settings::Secrets;
 use crate::tokenserver::auth::TokenserverOrigin;
-use crate::web::{extractors::HawkIdentifier, tags::Tags, DOCKER_FLOW_ENDPOINTS};
-use actix_web::web::Data;
-
-/// The resource in question's Timestamp
-pub struct ResourceTimestamp(SyncTimestamp);
-
-pub trait SyncServerRequest {
-    fn get_hawk_id(&self) -> Result<HawkIdentifier, Error>;
-}
-
-impl SyncServerRequest for ServiceRequest {
-    fn get_hawk_id(&self) -> Result<HawkIdentifier, Error> {
-        if DOCKER_FLOW_ENDPOINTS.contains(&self.uri().path().to_lowercase().as_str()) {
-            return Ok(HawkIdentifier::cmd_dummy());
-        }
-        let method = self.method().clone();
-        // NOTE: `connection_info()` gets a mutable reference lock on `extensions()`, so
-        // it must be cloned
-        let ci = &self.connection_info().clone();
-        let secrets = &self
-            .app_data::<Data<Arc<Secrets>>>()
-            .ok_or_else(|| -> ApiError {
-                ApiErrorKind::Internal("No app_data Secrets".to_owned()).into()
-            })?;
-        HawkIdentifier::extrude(self, method.as_str(), self.uri(), ci, secrets)
-    }
-}
-
-impl SyncServerRequest for HttpRequest {
-    fn get_hawk_id(&self) -> Result<HawkIdentifier, Error> {
-        if DOCKER_FLOW_ENDPOINTS.contains(&self.uri().path().to_lowercase().as_str()) {
-            return Ok(HawkIdentifier::cmd_dummy());
-        }
-        let method = self.method().clone();
-        // NOTE: `connection_info()` gets a mutable reference lock on `extensions()`, so
-        // it must be cloned
-        let ci = &self.connection_info().clone();
-        let secrets = &self
-            .app_data::<Data<Arc<Secrets>>>()
-            .ok_or_else(|| -> ApiError {
-                ApiErrorKind::Internal("No app_data Secrets".to_owned()).into()
-            })?;
-        HawkIdentifier::extrude(self, method.as_str(), self.uri(), ci, secrets)
-    }
-}
+use crate::web::tags::Tags;
 
 pub fn emit_http_status_with_tokenserver_origin(
     req: ServiceRequest,