diff --git a/cmd/server/pactasrv/pactasrv.go b/cmd/server/pactasrv/pactasrv.go
index 1730401..37e2a2a 100644
--- a/cmd/server/pactasrv/pactasrv.go
+++ b/cmd/server/pactasrv/pactasrv.go
@@ -82,7 +82,7 @@ type DB interface {
 	UpdateIncompleteUpload(tx db.Tx, id pacta.IncompleteUploadID, mutations ...db.UpdateIncompleteUploadFn) error
 	DeleteIncompleteUpload(tx db.Tx, id pacta.IncompleteUploadID) (pacta.BlobURI, error)
 
-	GetOrCreateOwnerForUser(tx db.Tx, uID pacta.UserID) (pacta.OwnerID, error)
+	GetOwnerForUser(tx db.Tx, uID pacta.UserID) (pacta.OwnerID, error)
 
 	PortfolioGroup(tx db.Tx, id pacta.PortfolioGroupID) (*pacta.PortfolioGroup, error)
 	PortfolioGroupsByOwner(tx db.Tx, owner pacta.OwnerID) ([]*pacta.PortfolioGroup, error)
@@ -156,7 +156,7 @@ func (s *Server) getUserOwnerID(ctx context.Context) (pacta.OwnerID, error) {
 	if err != nil {
 		return "", err
 	}
-	ownerID, err := s.DB.GetOrCreateOwnerForUser(s.DB.NoTxn(ctx), userID)
+	ownerID, err := s.DB.GetOwnerForUser(s.DB.NoTxn(ctx), userID)
 	if err != nil {
 		return "", oapierr.Internal("failed to find or create owner for user",
 			zap.String("user_id", string(userID)), zap.Error(err))
diff --git a/db/sqldb/owner.go b/db/sqldb/owner.go
index dd95d64..a781c57 100644
--- a/db/sqldb/owner.go
+++ b/db/sqldb/owner.go
@@ -70,7 +70,7 @@ func (d *DB) ownerByInitiative(tx db.Tx, id pacta.InitiativeID) (*pacta.Owner, e
 	return nil, db.NotFound(id, "ownerByInitiativeId")
 }
 
-func (d *DB) GetOrCreateOwnerForUser(tx db.Tx, uID pacta.UserID) (pacta.OwnerID, error) {
+func (d *DB) GetOwnerForUser(tx db.Tx, uID pacta.UserID) (pacta.OwnerID, error) {
 	var ownerID pacta.OwnerID
 	err := d.RunOrContinueTransaction(tx, func(tx db.Tx) error {
 		owner, err := d.ownerByUser(tx, uID)
@@ -79,13 +79,9 @@ func (d *DB) GetOrCreateOwnerForUser(tx db.Tx, uID pacta.UserID) (pacta.OwnerID,
 			return nil
 		}
 		if !db.IsNotFound(err) {
-			return fmt.Errorf("querying owner by user: %w", err)
+			return fmt.Errorf("user owner not found: %w", err)
 		}
-		ownerID, err = d.createOwner(tx, &pacta.Owner{User: &pacta.User{ID: uID}})
-		if err != nil {
-			return fmt.Errorf("creating owner: %w", err)
-		}
-		return nil
+		return fmt.Errorf("looking up owner: %w", err)
 	})
 	if err != nil {
 		return "", fmt.Errorf("getting or creating owner for initiative: %w", err)
diff --git a/db/sqldb/owner_test.go b/db/sqldb/owner_test.go
index ff04dd6..76f385c 100644
--- a/db/sqldb/owner_test.go
+++ b/db/sqldb/owner_test.go
@@ -17,11 +17,11 @@ func TestGetOrCreateOwners(t *testing.T) {
 	u := userForTesting(t, tdb)
 	i := initiativeForTesting(t, tdb)
 
-	uo, err := tdb.GetOrCreateOwnerForUser(tx, u.ID)
+	uo, err := tdb.GetOwnerForUser(tx, u.ID)
 	if err != nil {
-		t.Fatalf("creating owner for user: %v", err)
+		t.Fatalf("getting owner for user: %v", err)
 	}
-	uo2, err := tdb.GetOrCreateOwnerForUser(tx, u.ID)
+	uo2, err := tdb.GetOwnerForUser(tx, u.ID)
 	if err != nil {
 		t.Fatalf("creating owner for user: %v", err)
 	}
@@ -82,7 +82,7 @@ func TestReadOwners(t *testing.T) {
 func ownerUserForTesting(t *testing.T, tdb *DB, u *pacta.User) *pacta.Owner {
 	t.Helper()
 	tx := tdb.NoTxn(context.Background())
-	oid, err := tdb.GetOrCreateOwnerForUser(tx, u.ID)
+	oid, err := tdb.GetOwnerForUser(tx, u.ID)
 	if err != nil {
 		t.Fatalf("creating owner for user: %v", err)
 	}
diff --git a/db/sqldb/user.go b/db/sqldb/user.go
index c0412e0..91948a2 100644
--- a/db/sqldb/user.go
+++ b/db/sqldb/user.go
@@ -72,6 +72,10 @@ func (d *DB) GetOrCreateUserByAuthn(tx db.Tx, authnMechanism pacta.AuthnMechanis
 		if err != nil {
 			return fmt.Errorf("creating user: %w", err)
 		}
+		_, err = d.createOwner(tx, &pacta.Owner{User: &pacta.User{ID: uID}})
+		if err != nil {
+			return fmt.Errorf("creating owner: %w", err)
+		}
 		u, err = d.User(tx, uID)
 		if err != nil {
 			return fmt.Errorf("reading back created user: %w", err)
diff --git a/db/sqldb/user_test.go b/db/sqldb/user_test.go
index dc9752e..3d7d557 100644
--- a/db/sqldb/user_test.go
+++ b/db/sqldb/user_test.go
@@ -324,18 +324,15 @@ func userForTesting(t *testing.T, tdb *DB) *pacta.User {
 
 func userForTestingWithKey(t *testing.T, tdb *DB, key string) *pacta.User {
 	t.Helper()
-	u := &pacta.User{
-		CanonicalEmail: fmt.Sprintf("canoncal-email-%s@example.com", key),
-		EnteredEmail:   fmt.Sprintf("entered-email-%s+helloworld@example.com", key),
-		AuthnMechanism: pacta.AuthnMechanism_EmailAndPass,
-		AuthnID:        fmt.Sprintf("authn-id-%s", key),
-	}
+	canonicalEmail := fmt.Sprintf("canoncal-email-%s@example.com", key)
+	enteredEmail := fmt.Sprintf("entered-email-%s+helloworld@example.com", key)
+	authnMechanism := pacta.AuthnMechanism_EmailAndPass
+	authnID := fmt.Sprintf("authn-id-%s", key)
 	ctx := context.Background()
 	tx := tdb.NoTxn(ctx)
-	uid, err := tdb.createUser(tx, u)
+	user, err := tdb.GetOrCreateUserByAuthn(tx, authnMechanism, authnID, enteredEmail, canonicalEmail)
 	if err != nil {
 		t.Fatalf("creating user: %v", err)
 	}
-	u.ID = uid
-	return u
+	return user
 }