diff --git a/apps/settings/lib/Controller/AuthSettingsController.php b/apps/settings/lib/Controller/AuthSettingsController.php
index b948cd5065d1b260413bfa4b7cd5f7c1ca27db26..8325c9112831e02774a30bad830c96979d18d833 100644
--- a/apps/settings/lib/Controller/AuthSettingsController.php
+++ b/apps/settings/lib/Controller/AuthSettingsController.php
@@ -29,6 +29,7 @@ namespace OCA\Settings\Controller;
 
 use BadMethodCallException;
 use OC\Authentication\Exceptions\InvalidTokenException;
+use OC\Authentication\Exceptions\ExpiredTokenException;
 use OC\Authentication\Exceptions\PasswordlessTokenException;
 use OC\Authentication\Exceptions\WipeTokenException;
 use OC\Authentication\Token\INamedToken;
@@ -259,10 +260,13 @@ class AuthSettingsController extends Controller {
 	 * @param int $id
 	 * @return IToken
 	 * @throws InvalidTokenException
-	 * @throws \OC\Authentication\Exceptions\ExpiredTokenException
 	 */
 	private function findTokenByIdAndUser(int $id): IToken {
-		$token = $this->tokenProvider->getTokenById($id);
+		try {
+			$token = $this->tokenProvider->getTokenById($id);
+		} catch (ExpiredTokenException $e) {
+			$token = $e->getToken();
+		}
 		if ($token->getUID() !== $this->uid) {
 			throw new InvalidTokenException('This token does not belong to you!');
 		}
diff --git a/apps/settings/tests/Controller/AuthSettingsControllerTest.php b/apps/settings/tests/Controller/AuthSettingsControllerTest.php
index 88913b1f03f580c4edad6b3003e3b7cfcfe89331..40000e191717ffb7c5d389fac99fd4308c984a28 100644
--- a/apps/settings/tests/Controller/AuthSettingsControllerTest.php
+++ b/apps/settings/tests/Controller/AuthSettingsControllerTest.php
@@ -23,6 +23,7 @@ namespace Test\Settings\Controller;
 
 use OC\AppFramework\Http;
 use OC\Authentication\Exceptions\InvalidTokenException;
+use OC\Authentication\Exceptions\ExpiredTokenException;
 use OC\Authentication\Token\DefaultToken;
 use OC\Authentication\Token\IProvider;
 use OC\Authentication\Token\IToken;
@@ -188,6 +189,30 @@ class AuthSettingsControllerTest extends TestCase {
 		$this->assertEquals([], $this->controller->destroy($tokenId));
 	}
 
+	public function testDestroyExpired() {
+		$tokenId = 124;
+		$token = $this->createMock(DefaultToken::class);
+
+		$token->expects($this->exactly(2))
+			->method('getId')
+			->willReturn($tokenId);
+
+		$token->expects($this->once())
+			->method('getUID')
+			->willReturn($this->uid);
+
+		$this->tokenProvider->expects($this->once())
+			->method('getTokenById')
+			->with($this->equalTo($tokenId))
+			->willThrowException(new ExpiredTokenException($token));
+
+		$this->tokenProvider->expects($this->once())
+			->method('invalidateTokenById')
+			->with($this->uid, $tokenId);
+
+		$this->assertSame([], $this->controller->destroy($tokenId));
+	}
+
 	public function testDestroyWrongUser() {
 		$tokenId = 124;
 		$token = $this->createMock(DefaultToken::class);
@@ -320,6 +345,26 @@ class AuthSettingsControllerTest extends TestCase {
 		$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
 	}
 
+	public function testUpdateExpired() {
+		$tokenId = 42;
+		$token = $this->createMock(DefaultToken::class);
+
+		$token->expects($this->once())
+			->method('getUID')
+			->willReturn($this->uid);
+
+		$this->tokenProvider->expects($this->once())
+			->method('getTokenById')
+			->with($this->equalTo($tokenId))
+			->willThrowException(new ExpiredTokenException($token));
+
+		$this->tokenProvider->expects($this->once())
+			->method('updateToken')
+			->with($this->equalTo($token));
+
+		$this->assertSame([], $this->controller->update($tokenId, ['filesystem' => true], 'App password'));
+	}
+
 	public function testUpdateTokenWrongUser() {
 		$tokenId = 42;
 		$token = $this->createMock(DefaultToken::class);