diff --git a/frappe/app.py b/frappe/app.py
index c036b65e9c..6b8ba0110b 100644
--- a/frappe/app.py
+++ b/frappe/app.py
@@ -22,7 +22,7 @@ import frappe.rate_limiter
 import frappe.recorder
 import frappe.utils.response
 from frappe import _
-from frappe.auth import SAFE_HTTP_METHODS, UNSAFE_HTTP_METHODS, HTTPRequest, validate_auth
+from frappe.auth import SAFE_HTTP_METHODS, UNSAFE_HTTP_METHODS, HTTPRequest, validate_auth, validate_auth_via_hooks
 from frappe.middlewares import StaticDataMiddleware
 from frappe.utils import CallbackManager, cint, get_site_name
 from frappe.utils.data import escape_html
@@ -94,6 +94,8 @@ def application(request: Request):
 
 		init_request(request)
 
+		validate_auth_via_hooks()
+
 		validate_auth()
 
 		if request.method == "OPTIONS":
diff --git a/frappe/auth.py b/frappe/auth.py
index 65e1fe8fac..25621951e0 100644
--- a/frappe/auth.py
+++ b/frappe/auth.py
@@ -571,7 +571,6 @@ def validate_auth():
 	authorization_header = frappe.get_request_header("Authorization", "").split(" ")
 
 	if len(authorization_header) == 2:
-		validate_auth_via_hooks()
 		validate_oauth(authorization_header)
 		validate_auth_via_api_keys(authorization_header)