diff --git a/src/api/identity.rs b/src/api/identity.rs
index b71697e2..6ace324d 100644
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@@ -317,36 +317,7 @@ async fn _webauthn_login(
     let (access_token, expires_in) = device.refresh_tokens(&user, scope_vec, data.client_id);
     device.save(conn).await?;
 
-    // Fetch all valid Master Password Policies and merge them into one with all trues and largest numbers as one policy
-    let master_password_policies: Vec<MasterPasswordPolicy> =
-        OrgPolicy::find_accepted_and_confirmed_by_user_and_active_policy(
-            &user.uuid,
-            OrgPolicyType::MasterPassword,
-            conn,
-        )
-            .await
-            .into_iter()
-            .filter_map(|p| serde_json::from_str(&p.data).ok())
-            .collect();
-
-    // NOTE: Upstream still uses PascalCase here for `Object`!
-    let master_password_policy = if !master_password_policies.is_empty() {
-        let mut mpp_json = json!(master_password_policies.into_iter().reduce(|acc, policy| {
-            MasterPasswordPolicy {
-                min_complexity: acc.min_complexity.max(policy.min_complexity),
-                min_length: acc.min_length.max(policy.min_length),
-                require_lower: acc.require_lower || policy.require_lower,
-                require_upper: acc.require_upper || policy.require_upper,
-                require_numbers: acc.require_numbers || policy.require_numbers,
-                require_special: acc.require_special || policy.require_special,
-                enforce_on_login: acc.enforce_on_login || policy.enforce_on_login,
-            }
-        }));
-        mpp_json["Object"] = json!("masterPasswordPolicy");
-        mpp_json
-    } else {
-        json!({"Object": "masterPasswordPolicy"})
-    };
+    let master_password_policy = master_password_policy(&user, conn).await;
 
     let mut result = json!({
         "access_token": access_token,