diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bb42b239..173f1e25 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -15,7 +15,11 @@ class ApplicationController < ActionController::Base
   rescue_from ActionController::InvalidAuthenticityToken, with: :render_csrf_error
 
   def current_user
-    @current_user ||= ExternalUser.find_by(id: session[:external_user_id]) || login_from_session || login_from_other_sources || nil
+    @current_user ||= ExternalUser.find_by(id: session[:external_user_id]) ||
+                      login_from_session ||
+                      login_from_other_sources ||
+                      login_from_authentication_token ||
+                      nil
   end
 
   def require_user!
@@ -32,6 +36,13 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def login_from_authentication_token
+    token = AuthenticationToken.find_by(shared_secret: params[:token])
+    return unless token
+
+    auto_login(token.user) if token.expire_at.future?
+  end
+
   def set_sentry_context
     return if current_user.blank?