diff --git a/pyproject.toml b/pyproject.toml
index 2b3ac1d..473cc1d 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -21,7 +21,14 @@ postgres = [
 	"transaction",
 	"zope.sqlalchemy",
 ]
-app = ["python-dotenv", "zope.publisher", "zope.traversing"]
+app = [
+	"python-dotenv", 
+	"zope.authentication",
+	"zope.component",
+	"zope.interface",
+	"zope.publisher", 
+	"zope.traversing",
+]
 test = ["zope.testrunner"]
 #test = ["pytest"]
 
diff --git a/scopes/server/auth.py b/scopes/server/auth.py
new file mode 100644
index 0000000..2a96f4d
--- /dev/null
+++ b/scopes/server/auth.py
@@ -0,0 +1,38 @@
+# scopes.server.auth
+
+from zope.authentication.interfaces import IAuthentication
+from zope.principalregistry.principalregistry import PrincipalRegistry
+from zope.component import getUtility, provideUtility, queryNextUtility
+from zope.interface import implementer
+
+baseAuth = None
+
+class JwtAuthentication(PrincipalRegistry):
+
+    def authenticate(self, request):
+        prc = authenticate(request)
+        if prc is None:
+            return baseAuth.authenticate(request)
+
+    def getPrincipal(self, id):
+        return baseAuth.getPrincipal(id)
+
+    def unauthenticatedPrincipal(self):
+        return baseAuth.unauthenticatedPrincipal()
+
+    def unauthorized(self, id, request):
+        return baseAuth.unauthorized(id, request)
+
+
+
+def authenticate(request):
+    print('*** authenticate')
+    return None
+
+
+def registerAuthUtility():
+    global baseAuth
+    baseAuth = getUtility(IAuthentication)
+    print('*** registerAuthUtility, baseAuth:', baseAuth)
+    provideUtility(JwtAuthentication(), IAuthentication)
+