diff --git a/api/util_test.go b/api/util_test.go
index 769027020..1333269c1 100644
--- a/api/util_test.go
+++ b/api/util_test.go
@@ -14,7 +14,7 @@ import (
 func assertQueryMeta(t *testing.T, qm *QueryMeta) {
 	t.Helper()
 
-	must.NotEq(t, 0, qm.LastIndex, must.Sprint("bad index"))
+	must.NotEq(t, 0, qm.LastIndex, must.Sprint("expected QueryMeta.LastIndex to be != 0"))
 	must.True(t, qm.KnownLeader, must.Sprint("expected a known leader but gone none"))
 }
 
diff --git a/command/agent/acl_endpoint.go b/command/agent/acl_endpoint.go
index ea03afede..2971b46c3 100644
--- a/command/agent/acl_endpoint.go
+++ b/command/agent/acl_endpoint.go
@@ -219,27 +219,25 @@ func (s *HTTPServer) aclTokenQuery(resp http.ResponseWriter, req *http.Request,
 	return out.Token, nil
 }
 
-func (s *HTTPServer) aclTokenSelf(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
+func (s *HTTPServer) aclTokenSelf(resp http.ResponseWriter, req *http.Request) (any, error) {
 	if req.Method != http.MethodGet {
 		return nil, CodedError(405, ErrInvalidMethod)
 	}
-	args := structs.ResolveACLTokenRequest{}
+	args := structs.GenericRequest{}
 	if s.parse(resp, req, &args.Region, &args.QueryOptions) {
 		return nil, nil
 	}
 
-	args.SecretID = args.AuthToken
-
-	var out structs.ResolveACLTokenResponse
-	if err := s.agent.RPC("ACL.ResolveToken", &args, &out); err != nil {
+	var out structs.ACLWhoAmIResponse
+	if err := s.agent.RPC("ACL.WhoAmI", &args, &out); err != nil {
 		return nil, err
 	}
 
 	setMeta(resp, &out.QueryMeta)
-	if out.Token == nil {
+	if out.Identity == nil || out.Identity.ACLToken == nil {
 		return nil, CodedError(404, "ACL token not found")
 	}
-	return out.Token, nil
+	return out.Identity.ACLToken, nil
 }
 
 func (s *HTTPServer) aclTokenUpdate(resp http.ResponseWriter, req *http.Request,
diff --git a/nomad/acl_endpoint.go b/nomad/acl_endpoint.go
index 997643455..af5478834 100644
--- a/nomad/acl_endpoint.go
+++ b/nomad/acl_endpoint.go
@@ -1055,10 +1055,8 @@ func (a *ACL) GetTokens(args *structs.ACLTokenSetRequest, reply *structs.ACLToke
 
 // ResolveToken is used to lookup a specific token by a secret ID.
 //
-// Deprecated: Prior to Nomad 1.5 this RPC was used by clients for
-// authenticating local RPCs. Since Nomad 1.5 added workload identity support,
-// clients now use the more flexible ACL.WhoAmI RPC. The /v1/acl/token/self API
-// is the only remaining caller and should be switched to ACL.WhoAmI.
+// Deprecated: This RPC has been deprecated since Nomad 1.5 and is only kept for
+// compatibility purposes.
 func (a *ACL) ResolveToken(args *structs.ResolveACLTokenRequest, reply *structs.ResolveACLTokenResponse) error {
 	if !a.srv.config.ACLEnabled {
 		return aclDisabled
@@ -2190,6 +2188,9 @@ func (a *ACL) WhoAmI(args *structs.GenericRequest, reply *structs.ACLWhoAmIRespo
 		}
 	}
 
+	// Setup the query meta
+	a.srv.setQueryMeta(&reply.QueryMeta)
+
 	reply.Identity = args.GetIdentity()
 
 	// COMPAT: originally these were time.Time objects but switching to go-jose
@@ -2201,6 +2202,10 @@ func (a *ACL) WhoAmI(args *structs.GenericRequest, reply *structs.ACLWhoAmIRespo
 		reply.Identity.Claims.NotBefore = nil
 	}
 
+	if reply.Identity.ACLToken != nil {
+		reply.Index = reply.Identity.ACLToken.ModifyIndex
+	}
+
 	return nil
 }