diff --git a/dojo/middleware.py b/dojo/middleware.py
index f3939d68c48..7cc20b765d0 100644
--- a/dojo/middleware.py
+++ b/dojo/middleware.py
@@ -10,6 +10,7 @@
 from django.db import models
 from django.http import HttpResponseRedirect
 from django.urls import reverse
+from rest_framework.authentication import TokenAuthentication as DRFTokenAuthentication
 from watson.middleware import SearchContextMiddleware
 from watson.search import search_context_manager
 
@@ -71,6 +72,7 @@ def __call__(self, request):
                 uwsgi = __import__("uwsgi", globals(), locals(), ["set_logvar"], 0)
                 # this populates dd_user log var, so can appear in the uwsgi logs
                 uwsgi.set_logvar("dd_user", str(request.user))
+                request.META["REMOTE_USER"] = str(request.user)
         return response
 
 
@@ -309,3 +311,23 @@ def _trigger_async_index_update(self, model_groups):
             for i, batch in enumerate(batches, 1):
                 logger.debug(f"AsyncSearchContextMiddleware: Triggering batch {i}/{len(batches)} for {model_name}: {len(batch)} instances")
                 dojo_dispatch_task(update_watson_search_index_for_model, model_name, batch)
+
+
+class DojoTokenAuthentication(DRFTokenAuthentication):
+
+    """Custom token authentication that logs the username to uWSGI."""
+
+    def authenticate(self, request):
+        result = super().authenticate(request)
+
+        if result is not None:
+            user, _token = result
+            username = str(user)
+
+            request.META["REMOTE_USER"] = username
+
+            with suppress(ModuleNotFoundError):
+                uwsgi = __import__("uwsgi", globals(), locals(), ["set_logvar"], 0)
+                uwsgi.set_logvar("dd_user", username)
+
+        return result
diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py
index a1cd0cc5501..32134a6de7b 100644
--- a/dojo/settings/settings.dist.py
+++ b/dojo/settings/settings.dist.py
@@ -672,7 +672,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param
 }
 
 if API_TOKENS_ENABLED:
-    REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"] += ("rest_framework.authentication.TokenAuthentication",)
+    REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"] += ("dojo.middleware.DojoTokenAuthentication",)
 
 SPECTACULAR_SETTINGS = {
     "TITLE": "DefectDojo API v2",