diff --git a/go.mod b/go.mod
index 93434fa..2126dc4 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,6 @@ require (
 	github.com/charmbracelet/huh v0.8.0
 	github.com/docker/docker v28.5.2+incompatible
 	github.com/gin-gonic/gin v1.11.0
-	github.com/glebarez/sqlite v1.11.0
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/golang-migrate/migrate/v4 v4.19.1
 	github.com/google/go-querystring v1.2.0
@@ -24,7 +23,6 @@ require (
 	golang.org/x/crypto v0.46.0
 	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b
 	golang.org/x/oauth2 v0.34.0
-	gorm.io/gorm v1.31.1
 	gotest.tools/v3 v3.5.2
 	modernc.org/sqlite v1.38.2
 )
@@ -62,7 +60,6 @@ require (
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.10 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
-	github.com/glebarez/go-sqlite v1.21.2 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -74,8 +71,6 @@ require (
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/imdario/mergo v0.3.11 // indirect
-	github.com/jinzhu/inflection v1.0.0 // indirect
-	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
diff --git a/go.sum b/go.sum
index e0d1cc5..b04ac5b 100644
--- a/go.sum
+++ b/go.sum
@@ -101,10 +101,6 @@ github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
 github.com/gin-gonic/gin v1.11.0 h1:OW/6PLjyusp2PPXtyxKHU0RbX6I/l28FTdDlae5ueWk=
 github.com/gin-gonic/gin v1.11.0/go.mod h1:+iq/FyxlGzII0KHiBGjuNn4UNENUlKbGlNmc+W50Dls=
-github.com/glebarez/go-sqlite v1.21.2 h1:3a6LFC4sKahUunAmynQKLZceZCOzUthkRkEAl9gAXWo=
-github.com/glebarez/go-sqlite v1.21.2/go.mod h1:sfxdZyhQjTM2Wry3gVYWaW072Ri1WMdWJi0k6+3382k=
-github.com/glebarez/sqlite v1.11.0 h1:wSG0irqzP6VurnMEpFGer5Li19RpIRi2qvQz++w0GMw=
-github.com/glebarez/sqlite v1.11.0/go.mod h1:h8/o8j5wiAsqSPoWELDUdJXhjAhsVliSn7bWZjOhrgQ=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
@@ -161,10 +157,6 @@ github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh6
 github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs=
 github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY=
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
-github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
-github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ=
-github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
@@ -375,8 +367,6 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/gorm v1.31.1 h1:7CA8FTFz/gRfgqgpeKIBcervUn3xSyPUmr6B2WXJ7kg=
-gorm.io/gorm v1.31.1/go.mod h1:XyQVbO2k6YkOis7C2437jSit3SsDK72s7n7rsSHd+Gs=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
 gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
 modernc.org/cc/v4 v4.26.2 h1:991HMkLjJzYBIfha6ECZdjrIYz2/1ayr+FL8GN+CNzM=
diff --git a/internal/bootstrap/db_bootstrap.go b/internal/bootstrap/db_bootstrap.go
index 9969361..b9c56e7 100644
--- a/internal/bootstrap/db_bootstrap.go
+++ b/internal/bootstrap/db_bootstrap.go
@@ -5,7 +5,8 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-	"tinyauth/internal/assets"
+
+	"github.com/steveiliop56/tinyauth/internal/assets"
 
 	"github.com/golang-migrate/migrate/v4"
 	"github.com/golang-migrate/migrate/v4/database/sqlite3"
@@ -16,7 +17,7 @@ import (
 func (app *BootstrapApp) setupDatabase(databasePath string) (*sql.DB, error) {
 	dir := filepath.Dir(databasePath)
 
-	if err := os.MkdirAll(dir, 0755); err != nil {
+	if err := os.MkdirAll(dir, 0750); err != nil {
 		return nil, fmt.Errorf("failed to create database directory %s: %w", dir, err)
 	}
 
diff --git a/internal/model/session_model.go b/internal/model/session_model.go
deleted file mode 100644
index 283dd6b..0000000
--- a/internal/model/session_model.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package model
-
-type Session struct {
-	UUID        string `gorm:"column:uuid;primaryKey"`
-	Username    string `gorm:"column:username"`
-	Email       string `gorm:"column:email"`
-	Name        string `gorm:"column:name"`
-	Provider    string `gorm:"column:provider"`
-	TOTPPending bool   `gorm:"column:totp_pending"`
-	OAuthGroups string `gorm:"column:oauth_groups"`
-	Expiry      int64  `gorm:"column:expiry"`
-	OAuthName   string `gorm:"column:oauth_name"`
-	OAuthSub    string `gorm:"column:oauth_sub"`
-}
diff --git a/internal/repository/models.go b/internal/repository/models.go
index 5283d3f..0f5195e 100644
--- a/internal/repository/models.go
+++ b/internal/repository/models.go
@@ -14,4 +14,5 @@ type Session struct {
 	OAuthGroups string
 	Expiry      int64
 	OAuthName   string
+	OAuthSub    string
 }
diff --git a/internal/repository/query.sql.go b/internal/repository/query.sql.go
index ba47872..110bd1b 100644
--- a/internal/repository/query.sql.go
+++ b/internal/repository/query.sql.go
@@ -19,11 +19,12 @@ INSERT INTO sessions (
     "totp_pending",
     "oauth_groups",
     "expiry",
-    "oauth_name"
+    "oauth_name",
+    "oauth_sub"
 ) VALUES (
-    ?, ?, ?, ?, ?, ?, ?, ?, ?
+    ?, ?, ?, ?, ?, ?, ?, ?, ?, ?
 )
-RETURNING uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, oauth_name
+RETURNING uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, oauth_name, oauth_sub
 `
 
 type CreateSessionParams struct {
@@ -36,6 +37,7 @@ type CreateSessionParams struct {
 	OAuthGroups string
 	Expiry      int64
 	OAuthName   string
+	OAuthSub    string
 }
 
 func (q *Queries) CreateSession(ctx context.Context, arg CreateSessionParams) (Session, error) {
@@ -49,6 +51,7 @@ func (q *Queries) CreateSession(ctx context.Context, arg CreateSessionParams) (S
 		arg.OAuthGroups,
 		arg.Expiry,
 		arg.OAuthName,
+		arg.OAuthSub,
 	)
 	var i Session
 	err := row.Scan(
@@ -61,6 +64,7 @@ func (q *Queries) CreateSession(ctx context.Context, arg CreateSessionParams) (S
 		&i.OAuthGroups,
 		&i.Expiry,
 		&i.OAuthName,
+		&i.OAuthSub,
 	)
 	return i, err
 }
@@ -86,7 +90,7 @@ func (q *Queries) DeleteSession(ctx context.Context, uuid string) error {
 }
 
 const getSession = `-- name: GetSession :one
-SELECT uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, oauth_name FROM "sessions"
+SELECT uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, oauth_name, oauth_sub FROM "sessions"
 WHERE "uuid" = ?
 `
 
@@ -103,6 +107,7 @@ func (q *Queries) GetSession(ctx context.Context, uuid string) (Session, error)
 		&i.OAuthGroups,
 		&i.Expiry,
 		&i.OAuthName,
+		&i.OAuthSub,
 	)
 	return i, err
 }
@@ -116,9 +121,10 @@ UPDATE "sessions" SET
     "totp_pending" = ?,
     "oauth_groups" = ?,
     "expiry" = ?,
-    "oauth_name" = ?
+    "oauth_name" = ?,
+    "oauth_sub" = ?
 WHERE "uuid" = ?
-RETURNING uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, oauth_name
+RETURNING uuid, username, email, name, provider, totp_pending, oauth_groups, expiry, oauth_name, oauth_sub
 `
 
 type UpdateSessionParams struct {
@@ -130,6 +136,7 @@ type UpdateSessionParams struct {
 	OAuthGroups string
 	Expiry      int64
 	OAuthName   string
+	OAuthSub    string
 	UUID        string
 }
 
@@ -143,6 +150,7 @@ func (q *Queries) UpdateSession(ctx context.Context, arg UpdateSessionParams) (S
 		arg.OAuthGroups,
 		arg.Expiry,
 		arg.OAuthName,
+		arg.OAuthSub,
 		arg.UUID,
 	)
 	var i Session
@@ -156,6 +164,7 @@ func (q *Queries) UpdateSession(ctx context.Context, arg UpdateSessionParams) (S
 		&i.OAuthGroups,
 		&i.Expiry,
 		&i.OAuthName,
+		&i.OAuthSub,
 	)
 	return i, err
 }
diff --git a/internal/service/auth_service.go b/internal/service/auth_service.go
index 599c652..cedd781 100644
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -11,7 +11,7 @@ import (
 	"time"
 
 	"github.com/steveiliop56/tinyauth/internal/config"
-	"github.com/steveiliop56/tinyauth/internal/model"
+	"github.com/steveiliop56/tinyauth/internal/repository"
 	"github.com/steveiliop56/tinyauth/internal/utils"
 
 	"github.com/gin-gonic/gin"
@@ -236,7 +236,7 @@ func (auth *AuthService) RefreshSessionCookie(c *gin.Context) error {
 		return err
 	}
 
-	session, err := gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).First(c)
+	session, err := auth.queries.GetSession(auth.ctx, cookie)
 
 	if err != nil {
 		return err
@@ -250,8 +250,17 @@ func (auth *AuthService) RefreshSessionCookie(c *gin.Context) error {
 
 	newExpiry := currentTime + int64(time.Hour.Seconds())
 
-	_, err = gorm.G[model.Session](auth.database).Where("uuid = ?", cookie).Updates(c, model.Session{
-		Expiry: newExpiry,
+	_, err = auth.queries.UpdateSession(c, repository.UpdateSessionParams{
+		Username:    session.Username,
+		Email:       session.Email,
+		Name:        session.Name,
+		Provider:    session.Provider,
+		TotpPending: session.TotpPending,
+		OAuthGroups: session.OAuthGroups,
+		Expiry:      newExpiry,
+		OAuthName:   session.OAuthName,
+		OAuthSub:    session.OAuthSub,
+		UUID:        session.UUID,
 	})
 
 	if err != nil {
diff --git a/internal/service/database_service.go b/internal/service/database_service.go
deleted file mode 100644
index d3ac9b5..0000000
--- a/internal/service/database_service.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package service
-
-import (
-	"database/sql"
-	"fmt"
-	"os"
-	"path/filepath"
-
-	"github.com/steveiliop56/tinyauth/internal/assets"
-
-	"github.com/glebarez/sqlite"
-	"github.com/golang-migrate/migrate/v4"
-	sqliteMigrate "github.com/golang-migrate/migrate/v4/database/sqlite3"
-	"github.com/golang-migrate/migrate/v4/source/iofs"
-	"gorm.io/gorm"
-)
-
-type DatabaseServiceConfig struct {
-	DatabasePath string
-}
-
-type DatabaseService struct {
-	config   DatabaseServiceConfig
-	database *gorm.DB
-}
-
-func NewDatabaseService(config DatabaseServiceConfig) *DatabaseService {
-	return &DatabaseService{
-		config: config,
-	}
-}
-
-func (ds *DatabaseService) Init() error {
-	dbPath := ds.config.DatabasePath
-	if dbPath == "" {
-		dbPath = "/data/tinyauth.db"
-	}
-
-	dir := filepath.Dir(dbPath)
-	if err := os.MkdirAll(dir, 0755); err != nil {
-		return fmt.Errorf("failed to create database directory %s: %w", dir, err)
-	}
-
-	gormDB, err := gorm.Open(sqlite.Open(dbPath), &gorm.Config{})
-
-	if err != nil {
-		return err
-	}
-
-	sqlDB, err := gormDB.DB()
-
-	if err != nil {
-		return err
-	}
-
-	sqlDB.SetMaxOpenConns(1)
-
-	err = ds.migrateDatabase(sqlDB)
-
-	if err != nil && err != migrate.ErrNoChange {
-		return err
-	}
-
-	ds.database = gormDB
-	return nil
-}
-
-func (ds *DatabaseService) migrateDatabase(sqlDB *sql.DB) error {
-	data, err := iofs.New(assets.Migrations, "migrations")
-
-	if err != nil {
-		return err
-	}
-
-	target, err := sqliteMigrate.WithInstance(sqlDB, &sqliteMigrate.Config{})
-
-	if err != nil {
-		return err
-	}
-
-	migrator, err := migrate.NewWithInstance("iofs", data, "tinyauth", target)
-
-	if err != nil {
-		return err
-	}
-
-	return migrator.Up()
-}
-
-func (ds *DatabaseService) GetDatabase() *gorm.DB {
-	return ds.database
-}
diff --git a/query.sql b/query.sql
index 8737f48..36d0e7f 100644
--- a/query.sql
+++ b/query.sql
@@ -8,9 +8,10 @@ INSERT INTO sessions (
     "totp_pending",
     "oauth_groups",
     "expiry",
-    "oauth_name"
+    "oauth_name",
+    "oauth_sub"
 ) VALUES (
-    ?, ?, ?, ?, ?, ?, ?, ?, ?
+    ?, ?, ?, ?, ?, ?, ?, ?, ?, ?
 )
 RETURNING *;
 
@@ -31,10 +32,11 @@ UPDATE "sessions" SET
     "totp_pending" = ?,
     "oauth_groups" = ?,
     "expiry" = ?,
-    "oauth_name" = ?
+    "oauth_name" = ?,
+    "oauth_sub" = ?
 WHERE "uuid" = ?
 RETURNING *;
 
 -- name: DeleteExpiredSessions :exec
 DELETE FROM "sessions"
-WHERE "expiry" < ?;
\ No newline at end of file
+WHERE "expiry" < ?;
diff --git a/schema.sql b/schema.sql
index d26cfd0..4221930 100644
--- a/schema.sql
+++ b/schema.sql
@@ -7,5 +7,6 @@ CREATE TABLE IF NOT EXISTS "sessions" (
     "totp_pending" BOOLEAN NOT NULL,
     "oauth_groups" TEXT NULL,
     "expiry" INTEGER NOT NULL,
-    "oauth_name" TEXT NULL
+    "oauth_name" TEXT NULL,
+    "oauth_sub" TEXT NULL
 );
diff --git a/sqlc.yml b/sqlc.yml
index 0ab33c0..bced79b 100644
--- a/sqlc.yml
+++ b/sqlc.yml
@@ -11,8 +11,11 @@ sql:
           uuid: "UUID"
           oauth_groups: "OAuthGroups"
           oauth_name: "OAuthName"
+          oauth_sub: "OAuthSub"
         overrides:
           - column: "sessions.oauth_groups"
             go_type: "string"
           - column: "sessions.oauth_name"
             go_type: "string"
+          - column: "sessions.oauth_sub"
+            go_type: "string"