diff --git a/lib/galaxy/authnz/managers.py b/lib/galaxy/authnz/managers.py
index beb531b8bfa4..7874466215d5 100644
--- a/lib/galaxy/authnz/managers.py
+++ b/lib/galaxy/authnz/managers.py
@@ -129,7 +129,7 @@ def _extend_cloudauthz_config(self, trans, cloudauthz):
         if cloudauthz.provider == "aws":
             success, message, backend = self._get_authnz_backend(cloudauthz.authn.provider)
             strategy = Strategy(trans, Storage, backend.config)
-            on_the_fly_config(trans.app, trans.sa_session)
+            on_the_fly_config(trans.sa_session)
             try:
                 config['id_token'] = cloudauthz.authn.get_id_token(strategy)
             except requests.exceptions.HTTPError as e:
diff --git a/lib/galaxy/authnz/psa_authnz.py b/lib/galaxy/authnz/psa_authnz.py
index cf7506aa4645..dbd13a31bde4 100644
--- a/lib/galaxy/authnz/psa_authnz.py
+++ b/lib/galaxy/authnz/psa_authnz.py
@@ -123,13 +123,13 @@ def _login_user(self, backend, user, social_user):
         self.config['user'] = user
 
     def authenticate(self, trans):
-        on_the_fly_config(trans.app, trans.sa_session)
+        on_the_fly_config(trans.sa_session)
         strategy = Strategy(trans, Storage, self.config)
         backend = self._load_backend(strategy, self.config['redirect_uri'])
         return do_auth(backend)
 
     def callback(self, state_token, authz_code, trans, login_redirect_url):
-        on_the_fly_config(trans.app, trans.sa_session)
+        on_the_fly_config(trans.sa_session)
         self.config[setting_name('LOGIN_REDIRECT_URL')] = login_redirect_url
         strategy = Strategy(trans, Storage, self.config)
         strategy.session_set(BACKENDS_NAME[self.config['provider']] + '_state', state_token)
@@ -142,7 +142,7 @@ def callback(self, state_token, authz_code, trans, login_redirect_url):
         return redirect_url, self.config.get('user', None)
 
     def disconnect(self, provider, trans, disconnect_redirect_url=None, association_id=None):
-        on_the_fly_config(trans.app, trans.sa_session)
+        on_the_fly_config(trans.sa_session)
         self.config[setting_name('DISCONNECT_REDIRECT_URL')] =\
             disconnect_redirect_url if disconnect_redirect_url is not None else ()
         strategy = Strategy(trans, Storage, self.config)
@@ -235,12 +235,12 @@ def is_integrity_error(cls, exception):
         return exception.__class__ is IntegrityError
 
 
-def on_the_fly_config(app, sa_session):
-    app.model.PSACode.sa_session = sa_session
-    app.model.UserAuthnzToken.sa_session = sa_session
-    app.model.PSANonce.sa_session = sa_session
-    app.model.PSAPartial.sa_session = sa_session
-    app.model.PSAAssociation.sa_session = sa_session
+def on_the_fly_config(sa_session):
+    PSACode.sa_session = sa_session
+    UserAuthnzToken.sa_session = sa_session
+    PSANonce.sa_session = sa_session
+    PSAPartial.sa_session = sa_session
+    PSAAssociation.sa_session = sa_session
 
 
 def contains_required_data(response=None, is_new=False, **kwargs):