diff --git a/controller/northbound/server/auth.go b/controller/northbound/server/auth.go
index cf6c370d20baa8282f72955d9854e3798b95bd43..6d9e6410d3cd3bcb20c53a1edd88f24cf43dc1c7 100644
--- a/controller/northbound/server/auth.go
+++ b/controller/northbound/server/auth.go
@@ -183,21 +183,9 @@ func (s AuthServer) handleLogout(ctx context.Context, userName string) error {
 			return err
 		}
 
-		storedTokens := storedUser.GetTokens()
-		foundToken := false
-		for _, storedToken := range storedTokens {
-			if storedToken == token {
-				err := storedUser.RemoveToken(token)
-				if err != nil {
-					return status.Errorf(codes.Aborted, "error checking match of token provied for user")
-				}
-				foundToken = true
-				break
-			}
-		}
-
-		if !foundToken {
-			return status.Errorf(codes.Aborted, "missing match of token provied for user")
+		err = removeTokenFromUserIfExists(storedUser, token)
+		if err != nil {
+			status.Errorf(codes.Aborted, "Error removing token from user, it was either already logged out or otherwise not found")
 		}
 
 		err = s.userService.Update(&rbac.User{UserID: storedUser.ID(),
@@ -227,3 +215,17 @@ func addTokenAndEnsureTokenLimit(userToUpdate rbacInterfaces.User, token string)
 	}
 	return nil
 }
+
+func removeTokenFromUserIfExists(storedUser rbacInterfaces.User, token string) error {
+	storedTokens := storedUser.GetTokens()
+	for _, storedToken := range storedTokens {
+		if storedToken == token {
+			err := storedUser.RemoveToken(token)
+			if err != nil {
+				return errors.New("could not remove token from user")
+			}
+			return nil
+		}
+	}
+	return errors.New("token not found for user")
+}
diff --git a/controller/northbound/server/auth_test.go b/controller/northbound/server/auth_test.go
index 8712b7da535fade6828de01d2847060fce91eef8..8ad8cb6de1b5042d68debf09db1751507f5e3731 100644
--- a/controller/northbound/server/auth_test.go
+++ b/controller/northbound/server/auth_test.go
@@ -319,3 +319,19 @@ func TestAuth_addTokenAndEnsureTokenLimit_removeOldKey(t *testing.T) {
 	assert.Equal(t, "token2", user.GetTokens()[0])
 	assert.Equal(t, "token3", user.GetTokens()[1])
 }
+func Test_removeTokenFromUserIfExists(t *testing.T) {
+	config.MaxTokensPerUser = 100
+	user := rbac.NewUser(uuid.New(), "testUser", map[string]string{}, "password", []string{"token1", "token2", "token3"}, "salt", conflict.Metadata{ResourceVersion: 0})
+
+	err := removeTokenFromUserIfExists(user, "token2")
+	assert.Nil(t, err)
+	assert.Equal(t, []string{"token1", "token3"}, user.GetTokens())
+
+	err = removeTokenFromUserIfExists(user, "token4")
+	assert.NotNil(t, err)
+	assert.Equal(t, []string{"token1", "token3"}, user.GetTokens())
+
+	user = rbac.NewUser(uuid.New(), "testUser", map[string]string{}, "password", []string{}, "salt", conflict.Metadata{ResourceVersion: 0})
+	err = removeTokenFromUserIfExists(user, "token4")
+	assert.NotNil(t, err)
+}