diff --git a/src/HTMLForm/TOTPDisableForm.php b/src/HTMLForm/TOTPDisableForm.php
index 5014433e..595c3e4c 100644
--- a/src/HTMLForm/TOTPDisableForm.php
+++ b/src/HTMLForm/TOTPDisableForm.php
@@ -41,7 +41,7 @@ class TOTPDisableForm extends OATHAuthOOUIHTMLForm {
 	 */
 	public function onSubmit( array $formData ) {
 		// Don't increase pingLimiter, instead check for the limit being exceeded.
-		if ( $this->oathUser->getUser()->pingLimiter( 'badoath', 0 ) ) {
+		if ( $this->getUser()->pingLimiter( 'badoath', 0 ) ) {
 			// Arbitrary duration given here
 			LoggerFactory::getInstance( 'authentication' )->info(
 				'OATHAuth {user} rate limited while disabling 2FA from {clientip}', [
diff --git a/src/Key/TOTPKey.php b/src/Key/TOTPKey.php
index 0ffdd774..5749a62a 100644
--- a/src/Key/TOTPKey.php
+++ b/src/Key/TOTPKey.php
@@ -23,6 +23,7 @@ use Base32\Base32;
 use DomainException;
 use Exception;
 use jakobo\HOTP\HOTP;
+use MediaWiki\Context\RequestContext;
 use MediaWiki\Extension\OATHAuth\IAuthKey;
 use MediaWiki\Extension\OATHAuth\Notifications\Manager;
 use MediaWiki\Extension\OATHAuth\OATHAuthServices;
@@ -168,7 +169,7 @@ class TOTPKey implements IAuthKey {
 		// Remove any whitespace from the received token, which can be an intended group separator
 		$token = preg_replace( '/\s+/', '', $token );
 
-		$clientIP = $user->getUser()->getRequest()->getIP();
+		$clientIP = RequestContext::getMain()->getRequest()->getIP();
 
 		$logger = $this->getLogger();
 
diff --git a/src/OATHUser.php b/src/OATHUser.php
index 3ee6d5c8..804e9cc4 100644
--- a/src/OATHUser.php
+++ b/src/OATHUser.php
@@ -19,7 +19,7 @@
 namespace MediaWiki\Extension\OATHAuth;
 
 use InvalidArgumentException;
-use MediaWiki\User\User;
+use MediaWiki\User\UserIdentity;
 use ReflectionClass;
 
 /**
@@ -28,7 +28,7 @@ use ReflectionClass;
  * @ingroup Extensions
  */
 class OATHUser {
-	private User $user;
+	private UserIdentity $user;
 	private int $centralId;
 
 	/** @var IAuthKey[] */
@@ -37,18 +37,15 @@ class OATHUser {
 
 	/**
 	 * Constructor. Can't be called directly. Use OATHUserRepository::findByUser instead.
-	 * @param User $user
+	 * @param UserIdentity $user
 	 * @param int $centralId
 	 */
-	public function __construct( User $user, int $centralId ) {
+	public function __construct( UserIdentity $user, int $centralId ) {
 		$this->user = $user;
 		$this->centralId = $centralId;
 	}
 
-	/**
-	 * @return User
-	 */
-	public function getUser(): User {
+	public function getUser(): UserIdentity {
 		return $this->user;
 	}
 
diff --git a/src/OATHUserRepository.php b/src/OATHUserRepository.php
index 251883b4..3b1f28b2 100644
--- a/src/OATHUserRepository.php
+++ b/src/OATHUserRepository.php
@@ -24,7 +24,7 @@ use MediaWiki\Context\RequestContext;
 use MediaWiki\Extension\OATHAuth\Notifications\Manager;
 use MediaWiki\Json\FormatJson;
 use MediaWiki\User\CentralId\CentralIdLookupFactory;
-use MediaWiki\User\User;
+use MediaWiki\User\UserIdentity;
 use MWException;
 use Psr\Log\LoggerAwareInterface;
 use Psr\Log\LoggerInterface;
@@ -65,12 +65,12 @@ class OATHUserRepository implements LoggerAwareInterface {
 	}
 
 	/**
-	 * @param User $user
+	 * @param UserIdentity $user
 	 * @return OATHUser
 	 * @throws ConfigException
 	 * @throws MWException
 	 */
-	public function findByUser( User $user ) {
+	public function findByUser( UserIdentity $user ) {
 		$oathUser = $this->cache->get( $user->getName() );
 		if ( !$oathUser ) {
 			$uid = $this->centralIdLookupFactory->getLookup()