diff --git a/proxy/src/auth/backend.rs b/proxy/src/auth/backend.rs
index 8e09c002df..cad5ff2afb 100644
--- a/proxy/src/auth/backend.rs
+++ b/proxy/src/auth/backend.rs
@@ -171,8 +171,6 @@ impl ComputeUserInfo {
 }
 
 pub(crate) enum ComputeCredentialKeys {
-    #[expect(dead_code, reason = "WIP")]
-    Jwt(String),
     #[cfg(any(test, feature = "testing"))]
     Password(Vec<u8>),
     AuthKeys(AuthKeys),
diff --git a/proxy/src/console/provider.rs b/proxy/src/console/provider.rs
index 5fbcf6c4e2..95097f2de9 100644
--- a/proxy/src/console/provider.rs
+++ b/proxy/src/console/provider.rs
@@ -309,7 +309,6 @@ impl NodeInfo {
             #[cfg(any(test, feature = "testing"))]
             ComputeCredentialKeys::Password(password) => self.config.password(password),
             ComputeCredentialKeys::AuthKeys(auth_keys) => self.config.auth_keys(*auth_keys),
-            ComputeCredentialKeys::Jwt(_) => panic!("unsupported keys"),
             ComputeCredentialKeys::None => &mut self.config,
         };
     }
diff --git a/proxy/src/serverless/backend.rs b/proxy/src/serverless/backend.rs
index 9c80f452cc..1a80632929 100644
--- a/proxy/src/serverless/backend.rs
+++ b/proxy/src/serverless/backend.rs
@@ -112,7 +112,7 @@ impl PoolingBackend {
         config: &AuthenticationConfig,
         user_info: &ComputeUserInfo,
         jwt: String,
-    ) -> Result<ComputeCredentials, AuthError> {
+    ) -> Result<(), AuthError> {
         match &self.config.auth_backend {
             crate::auth::Backend::Console(console, ()) => {
                 config
@@ -126,10 +126,8 @@ impl PoolingBackend {
                     )
                     .await
                     .map_err(|e| AuthError::auth_failed(e.to_string()))?;
-                Ok(ComputeCredentials {
-                    info: user_info.clone(),
-                    keys: crate::auth::backend::ComputeCredentialKeys::Jwt(jwt),
-                })
+
+                Ok(())
             }
             crate::auth::Backend::Web(_, ()) => Err(AuthError::auth_failed(
                 "JWT login over web auth proxy is not supported",
@@ -146,11 +144,9 @@ impl PoolingBackend {
                     )
                     .await
                     .map_err(|e| AuthError::auth_failed(e.to_string()))?;
-                Ok(ComputeCredentials {
-                    info: user_info.clone(),
-                    // todo: rewrite JWT signature with key shared somehow between local proxy and postgres
-                    keys: crate::auth::backend::ComputeCredentialKeys::None,
-                })
+
+                // todo: rewrite JWT signature with key shared somehow between local proxy and postgres
+                Ok(())
             }
         }
     }
@@ -203,7 +199,6 @@ impl PoolingBackend {
         &self,
         ctx: &RequestMonitoring,
         conn_info: ConnInfo,
-        keys: ComputeCredentials,
     ) -> Result<http_conn_pool::Client, HttpConnError> {
         info!("pool: looking for an existing connection");
         if let Some(client) = self.http_conn_pool.get(ctx, &conn_info) {
@@ -213,7 +208,14 @@ impl PoolingBackend {
         let conn_id = uuid::Uuid::new_v4();
         tracing::Span::current().record("conn_id", display(conn_id));
         info!(%conn_id, "pool: opening a new connection '{conn_info}'");
-        let backend = self.config.auth_backend.as_ref().map(|()| keys);
+        let backend = self
+            .config
+            .auth_backend
+            .as_ref()
+            .map(|()| ComputeCredentials {
+                info: conn_info.user_info.clone(),
+                keys: crate::auth::backend::ComputeCredentialKeys::None,
+            });
         crate::proxy::connect_compute::connect_to_compute(
             ctx,
             &HyperMechanism {
diff --git a/proxy/src/serverless/sql_over_http.rs b/proxy/src/serverless/sql_over_http.rs
index bbafe25705..dffd94e13f 100644
--- a/proxy/src/serverless/sql_over_http.rs
+++ b/proxy/src/serverless/sql_over_http.rs
@@ -39,6 +39,7 @@ use url::Url;
 use urlencoding;
 use utils::http::error::ApiError;
 
+use crate::auth::backend::ComputeCredentials;
 use crate::auth::backend::ComputeUserInfo;
 use crate::auth::endpoint_sni;
 use crate::auth::ComputeUserInfoParseError;
@@ -610,7 +611,12 @@ async fn handle_db_inner(
                             &conn_info.user_info,
                             jwt,
                         )
-                        .await?
+                        .await?;
+
+                    ComputeCredentials {
+                        info: conn_info.user_info.clone(),
+                        keys: crate::auth::backend::ComputeCredentialKeys::None,
+                    }
                 }
             };
 
@@ -701,7 +707,7 @@ async fn handle_auth_broker_inner(
     jwt: String,
     backend: Arc<PoolingBackend>,
 ) -> Result<Response<BoxBody<Bytes, hyper1::Error>>, SqlOverHttpError> {
-    let keys = backend
+    backend
         .authenticate_with_jwt(
             ctx,
             &config.authentication_config,
@@ -711,7 +717,7 @@ async fn handle_auth_broker_inner(
         .await
         .map_err(HttpConnError::from)?;
 
-    let mut client = backend.connect_to_local_proxy(ctx, conn_info, keys).await?;
+    let mut client = backend.connect_to_local_proxy(ctx, conn_info).await?;
 
     // always completes instantly in http2 mode
     // but good just in case