diff --git a/crates/tranquil-pds/tests/oauth_token_eviction.rs b/crates/tranquil-pds/tests/oauth_token_eviction.rs
index 00bb644..6c29e14 100644
--- a/crates/tranquil-pds/tests/oauth_token_eviction.rs
+++ b/crates/tranquil-pds/tests/oauth_token_eviction.rs
@@ -2,10 +2,15 @@ mod common;
 mod helpers;
 
 use chrono::{DateTime, Duration, Utc};
-use common::{base_url, client, get_test_db_pool, get_test_repos};
+use common::{base_url, client, get_test_repos};
+use futures::StreamExt;
 use helpers::verify_new_account;
 use reqwest::StatusCode;
 use serde_json::{Value, json};
+use tranquil_oauth::{
+    AuthorizationRequestParameters, ClientAuth, CodeChallengeMethod, ResponseType, TokenData,
+    TokenId,
+};
 use tranquil_types::Did;
 
 async fn create_account_and_get_did(handle: &str, email: &str, password: &str) -> Did {
@@ -33,32 +38,49 @@ async fn create_account_and_get_did(handle: &str, email: &str, password: &str) -
     Did::new(did_str).expect("invalid DID format")
 }
 
-async fn insert_token_with_created_at(
-    pool: &sqlx::PgPool,
-    did: &Did,
-    token_id: &str,
-    created_at: DateTime<Utc>,
-) {
-    sqlx::query(
-        r#"
-        INSERT INTO oauth_token (
-            did, token_id, created_at, updated_at, expires_at,
-            client_id, client_auth, parameters
-        ) VALUES ($1, $2, $3, $3, $4, $5, $6::jsonb, $7::jsonb)
-        "#,
-    )
-    .bind(did.as_str())
-    .bind(token_id)
-    .bind(created_at)
-    .bind(created_at + Duration::hours(1))
-    .bind("https://test.example/client")
-    .bind(r#"{"method":"none"}"#)
-    .bind(
-        r#"{"response_type":"code","client_id":"https://test.example/client","redirect_uri":"https://test.example/cb","code_challenge":"x","code_challenge_method":"S256"}"#,
-    )
-    .execute(pool)
-    .await
-    .expect("token insert failed");
+fn make_token_data(did: &Did, token_id: &str, created_at: DateTime<Utc>) -> TokenData {
+    let client_id = "https://squid.nel.pet/client".to_string();
+    TokenData {
+        did: did.clone(),
+        token_id: TokenId(token_id.to_string()),
+        created_at,
+        updated_at: created_at,
+        expires_at: created_at + Duration::hours(1),
+        client_id: client_id.clone(),
+        client_auth: ClientAuth::None,
+        device_id: None,
+        parameters: AuthorizationRequestParameters {
+            response_type: ResponseType::Code,
+            client_id,
+            redirect_uri: "https://squid.nel.pet/cb".to_string(),
+            scope: None,
+            state: None,
+            code_challenge: "x".to_string(),
+            code_challenge_method: CodeChallengeMethod::S256,
+            response_mode: None,
+            login_hint: None,
+            dpop_jkt: None,
+            prompt: None,
+            extra: None,
+        },
+        details: None,
+        code: None,
+        current_refresh_token: None,
+        scope: None,
+        controller_did: None,
+    }
+}
+
+async fn seed_tokens(repos: &tranquil_db::PostgresRepositories, tokens: &[TokenData]) {
+    futures::stream::iter(tokens)
+        .for_each(|token| async move {
+            repos
+                .oauth
+                .create_token(token)
+                .await
+                .expect("token insert failed");
+        })
+        .await;
 }
 
 #[tokio::test]
@@ -68,16 +90,15 @@ async fn delete_oldest_tokens_evicts_lowest_created_at() {
     let email = format!("tok-evict-{}@test.com", ts);
     let did = create_account_and_get_did(&handle, &email, "EvictTest123!").await;
 
-    let pool = get_test_db_pool().await;
     let repos = get_test_repos().await;
 
     let base = Utc::now();
     let token_ids: Vec<String> = (0..5).map(|i| format!("tok-{}-{}", ts, i)).collect();
-
-    for (i, tid) in token_ids.iter().enumerate() {
-        let created = base + Duration::seconds(i as i64);
-        insert_token_with_created_at(pool, &did, tid, created).await;
-    }
+    let tokens: Vec<TokenData> = (0i64..)
+        .zip(token_ids.iter())
+        .map(|(offset, tid)| make_token_data(&did, tid, base + Duration::seconds(offset)))
+        .collect();
+    seed_tokens(repos, &tokens).await;
 
     let count_before = repos
         .oauth
@@ -116,15 +137,19 @@ async fn delete_oldest_tokens_no_op_when_under_keep_count() {
     let email = format!("tok-evict-noop-{}@test.com", ts);
     let did = create_account_and_get_did(&handle, &email, "EvictTest123!").await;
 
-    let pool = get_test_db_pool().await;
     let repos = get_test_repos().await;
 
     let base = Utc::now();
-    for i in 0..2 {
-        let tid = format!("noop-tok-{}-{}", ts, i);
-        let created = base + Duration::seconds(i);
-        insert_token_with_created_at(pool, &did, &tid, created).await;
-    }
+    let tokens: Vec<TokenData> = (0i64..2)
+        .map(|offset| {
+            make_token_data(
+                &did,
+                &format!("noop-tok-{}-{}", ts, offset),
+                base + Duration::seconds(offset),
+            )
+        })
+        .collect();
+    seed_tokens(repos, &tokens).await;
 
     let deleted = repos
         .oauth