diff --git a/server/src/main/java/dev/findfirst/FindFirstApplication.java b/server/src/main/java/dev/findfirst/FindFirstApplication.java
index ba0d3c1e..5f1427c6 100644
--- a/server/src/main/java/dev/findfirst/FindFirstApplication.java
+++ b/server/src/main/java/dev/findfirst/FindFirstApplication.java
@@ -47,8 +47,9 @@ public FilterRegistrationBean<CorsFilter> simpleCorsFilter() {
     config.setAllowCredentials(true);
     // *** URL below needs to match the Vue client URL and port ***
     // Local host and 127.0.0.1 are the same
-    config.setAllowedOrigins(Arrays.asList("https://localhost:3000", "http://localhost:3000",
-        "https://findfirst.dev", "http://localhost", "http://127.0.0.1"));
+    config.setAllowedOriginPatterns(Arrays.asList("https://localhost:3000", "http://localhost:3000",
+        "https://findfirst.dev", "http://localhost", "http://127.0.0.1",
+        "chrome-extension://*", "moz-extension://*"));
     config.setAllowedMethods(Collections.singletonList("*"));
     config.setAllowedHeaders(Collections.singletonList("*"));
     source.registerCorsConfiguration("/**", config);
diff --git a/server/src/main/java/dev/findfirst/security/userauth/context/UserContext.java b/server/src/main/java/dev/findfirst/security/userauth/context/UserContext.java
index 84ca5c2c..0a8dd594 100644
--- a/server/src/main/java/dev/findfirst/security/userauth/context/UserContext.java
+++ b/server/src/main/java/dev/findfirst/security/userauth/context/UserContext.java
@@ -2,14 +2,23 @@
 
 import dev.findfirst.security.jwt.UserAuthenticationToken;
 
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 import org.springframework.stereotype.Component;
 
 @Component
 public class UserContext {
 
   public int getUserId() {
-    return ((UserAuthenticationToken) SecurityContextHolder.getContext().getAuthentication())
-        .getUserId();
+    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+    if (auth instanceof UserAuthenticationToken uat) {
+      return uat.getUserId();
+    }
+    if (auth instanceof JwtAuthenticationToken jat) {
+      Number userId = jat.getToken().getClaim("userId");
+      return userId.intValue();
+    }
+    throw new IllegalStateException("Unexpected authentication type: " + auth.getClass());
   }
 }