diff --git a/bugsink/__init__.py b/bugsink/__init__.py
index 8bc6789..86cfd0e 100644
--- a/bugsink/__init__.py
+++ b/bugsink/__init__.py
@@ -1,6 +1,5 @@
 from django.db.backends.signals import connection_created
 from django.contrib.auth.management.commands.createsuperuser import Command as CreateSuperUserCommand
-from drf_spectacular.extensions import OpenApiAuthenticationExtension
 
 
 def set_pragmas(sender, connection, **kwargs):
@@ -41,16 +40,3 @@ def _get_input_message(self, field, default=None):
 
 unpatched_get_input_message = CreateSuperUserCommand._get_input_message
 CreateSuperUserCommand._get_input_message = _get_input_message
-
-
-class BearerTokenAuthenticationExtension(OpenApiAuthenticationExtension):
-    # Will be auto-discovered b/c in __init__.py and subclass of OpenApiAuthenticationExtension
-    target_class = 'bugsink.authentication.BearerTokenAuthentication'
-    name = 'BearerAuth'
-
-    def get_security_definition(self, auto_schema):
-        return {
-            'type': 'http',
-            'scheme': 'bearer',
-            'bearerFormat': 'token',
-        }
diff --git a/bugsink/authentication.py b/bugsink/authentication.py
index d001c9f..394ca28 100644
--- a/bugsink/authentication.py
+++ b/bugsink/authentication.py
@@ -1,6 +1,8 @@
 from django.contrib.auth.models import AnonymousUser
 from rest_framework.authentication import BaseAuthentication
 from rest_framework import exceptions
+from drf_spectacular.extensions import OpenApiAuthenticationExtension
+
 from bsmain.models import AuthToken
 
 
@@ -29,3 +31,16 @@ class BearerTokenAuthentication(BaseAuthentication):
     def authenticate_header(self, request):
         # tells DRF what to send in WWW-Authenticate on 401 responses, hinting the required auth scheme
         return self.keyword
+
+
+class BearerTokenAuthenticationExtension(OpenApiAuthenticationExtension):
+    # auto-discovered b/c authentication is loaded in settnigs and this is a subclass of OpenApiAuthenticationExtension
+    target_class = 'bugsink.authentication.BearerTokenAuthentication'
+    name = 'BearerAuth'
+
+    def get_security_definition(self, auto_schema):
+        return {
+            'type': 'http',
+            'scheme': 'bearer',
+            'bearerFormat': 'token',
+        }