diff --git a/.gitignore b/.gitignore
index 9161861..4f021b3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,5 @@ blas
 !cmd/blas/
 Session.vim
 coverage.txt
+*.dlv
+*.core
diff --git a/pkg/auth/authenticator.go b/pkg/auth/authenticator.go
index 20c67ac..321b42a 100644
--- a/pkg/auth/authenticator.go
+++ b/pkg/auth/authenticator.go
@@ -20,6 +20,7 @@ var (
 )
 
 type Authenticator struct {
+	store     AuthStore
 	flows     FlowStore
 	sessions  SessionStore
 	providers map[string]AuthProvider
diff --git a/pkg/auth/session.go b/pkg/auth/session.go
index 5549284..2b6f1bc 100644
--- a/pkg/auth/session.go
+++ b/pkg/auth/session.go
@@ -1,12 +1,10 @@
 package auth
 
 import (
-	"errors"
 	"net/http"
 	"time"
 
 	"github.com/labstack/echo/v4"
-	"github.com/rs/zerolog/log"
 )
 
 type SessionStore struct {
@@ -77,25 +75,6 @@ func (ss *SessionStore) verifyAndGetCredential(tr *TokenRequest, r *http.Request
 	return &Credential{user: user}
 }
 
-type User struct {
-	Username string
-	Active   bool
-}
-
-func (u *User) allowedToAuth() error {
-	if !u.Active {
-		return errors.New("user disabled")
-	}
-
-	return nil
-}
-
-func (a *Authenticator) getOrCreateUser(c *Credential) (*User, error) {
-	log.Debug().Str("user", c.user.ProviderUsername()).Msg("getOrCreateUser")
-	panic("not implemented")
-	return &User{}, nil
-}
-
 const defaultExpiration = 2 * time.Hour
 
 func (a *Authenticator) NewToken(r *http.Request, user ProviderUser, f *Flow) TokenID {
@@ -119,7 +98,7 @@ type GrantType string
 
 const (
 	GTAuthorizationCode GrantType = "authorization_code"
-	GTRefreshToken      GrantType = "refresh_token"
+	GTRefreshToken GrantType = "refresh_token"
 )
 
 type ClientID string
@@ -131,8 +110,8 @@ func (c *ClientID) IsValid() bool {
 
 type TokenRequest struct {
 	ClientID  ClientID  `form:"client_id"`
-	Code      TokenID   `form:"code"`
-	GrantType GrantType `form:"grant_type"`
+	Code      TokenID `form:"code"`
+	GrantType GrantType  `form:"grant_type"`
 }
 
 func (a *Authenticator) TokenHandler(c echo.Context) error {
@@ -159,7 +138,7 @@ func (a *Authenticator) TokenHandler(c echo.Context) error {
 				return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: "bad user"})
 			}
 
-			if err := user.allowedToAuth(); err != nil {
+			if err := user.allowedToAuth(); err != nil  {
 				return c.JSON(http.StatusUnauthorized, AuthError{Error: "access_denied", Description: err.Error()})
 			}
 			return c.String(http.StatusOK, "token good I guess")
diff --git a/pkg/auth/user.go b/pkg/auth/user.go
new file mode 100644
index 0000000..c1b475d
--- /dev/null
+++ b/pkg/auth/user.go
@@ -0,0 +1,36 @@
+package auth
+
+import (
+	"errors"
+
+	"github.com/rs/zerolog/log"
+)
+
+const (
+	AuthKey = "auth"
+)
+
+type User struct {
+	Username string
+	UserMetadata
+}
+
+type UserMetadata struct {
+	Active bool
+}
+
+func (u *User) allowedToAuth() error {
+	if !u.Active {
+		return errors.New("user disabled")
+	}
+
+	return nil
+}
+
+func (a *Authenticator) getOrCreateUser(c *Credential) (*User, error) {
+	log.Debug().Str("user", c.user.ProviderUsername()).Msg("getOrCreateUser")
+	panic("not implemented")
+	return &User{}, nil
+}
+
+