diff --git a/pyproject.toml b/pyproject.toml
index 473cc1d..39982cc 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -24,7 +24,6 @@ postgres = [
 app = [
 	"python-dotenv", 
 	"zope.authentication",
-	"zope.component",
 	"zope.interface",
 	"zope.publisher", 
 	"zope.traversing",
diff --git a/scopes/server/auth.py b/scopes/server/auth.py
index 2a96f4d..7d3dcb2 100644
--- a/scopes/server/auth.py
+++ b/scopes/server/auth.py
@@ -1,38 +1,38 @@
 # scopes.server.auth
 
 from zope.authentication.interfaces import IAuthentication
-from zope.principalregistry.principalregistry import PrincipalRegistry
-from zope.component import getUtility, provideUtility, queryNextUtility
 from zope.interface import implementer
-
-baseAuth = None
-
-class JwtAuthentication(PrincipalRegistry):
-
-    def authenticate(self, request):
-        prc = authenticate(request)
-        if prc is None:
-            return baseAuth.authenticate(request)
-
-    def getPrincipal(self, id):
-        return baseAuth.getPrincipal(id)
-
-    def unauthenticatedPrincipal(self):
-        return baseAuth.unauthenticatedPrincipal()
-
-    def unauthorized(self, id, request):
-        return baseAuth.unauthorized(id, request)
-
+from zope.publisher.interfaces import Unauthorized
 
 
 def authenticate(request):
-    print('*** authenticate')
+    #print('*** authenticate')
     return None
 
 
-def registerAuthUtility():
-    global baseAuth
-    baseAuth = getUtility(IAuthentication)
-    print('*** registerAuthUtility, baseAuth:', baseAuth)
-    provideUtility(JwtAuthentication(), IAuthentication)
-    
+@implementer(IAuthentication)
+class JwtAuthentication:
+
+    def __init__(self, baseAuth):
+        self.baseAuth = baseAuth
+
+    def authenticate(self, request):
+        prc = authenticate(request)
+        if prc is None and self.baseAuth is not None:
+            prc = self.baseAuth.authenticate(request)
+        if prc is None:
+            raise Unauthorized
+        return prc
+
+    def getPrincipal(self, id):
+        if self.baseAuth is not None:
+            return self.baseAuth.getPrincipal(id)
+
+    def unauthenticatedPrincipal(self):
+        if self.baseAuth is not None:
+            return self.baseAuth.unauthenticatedPrincipal()
+
+    def unauthorized(self, id, request):
+        if self.baseAuth is not None:
+            return self.baseAuth.unauthorized(id, request)
+