diff --git a/Web/Data/WeatherForecast.cs b/Web/Data/WeatherForecast.cs
deleted file mode 100644
index 87a7fe6..0000000
--- a/Web/Data/WeatherForecast.cs
+++ /dev/null
@@ -1,15 +0,0 @@
-using System;
-
-namespace Web.Data
-{
-    public class WeatherForecast
-    {
-        public DateTime Date { get; set; }
-
-        public int TemperatureC { get; set; }
-
-        public int TemperatureF => 32 + (int) (TemperatureC / 0.5556);
-
-        public string Summary { get; set; }
-    }
-}
\ No newline at end of file
diff --git a/Web/Data/WeatherForecastService.cs b/Web/Data/WeatherForecastService.cs
deleted file mode 100644
index 45f5312..0000000
--- a/Web/Data/WeatherForecastService.cs
+++ /dev/null
@@ -1,25 +0,0 @@
-using System;
-using System.Linq;
-using System.Threading.Tasks;
-
-namespace Web.Data
-{
-    public class WeatherForecastService
-    {
-        private static readonly string[] Summaries = new[]
-        {
-            "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
-        };
-
-        public Task<WeatherForecast[]> GetForecastAsync(DateTime startDate)
-        {
-            var rng = new Random();
-            return Task.FromResult(Enumerable.Range(1, 5).Select(index => new WeatherForecast
-            {
-                Date = startDate.AddDays(index),
-                TemperatureC = rng.Next(-20, 55),
-                Summary = Summaries[rng.Next(Summaries.Length)]
-            }).ToArray());
-        }
-    }
-}
\ No newline at end of file
diff --git a/Web/Pages/Counter.razor b/Web/Pages/Counter.razor
deleted file mode 100644
index 8684a6c..0000000
--- a/Web/Pages/Counter.razor
+++ /dev/null
@@ -1,17 +0,0 @@
-@page "/counter"
-
-<h1>Counter</h1>
-
-<p>Current count: @currentCount</p>
-
-<button class="btn btn-primary" @onclick="IncrementCount">Click me</button>
-
-@code {
-    private int currentCount = 0;
-
-    private void IncrementCount()
-    {
-        currentCount++;
-    }
-
-}
\ No newline at end of file
diff --git a/Web/Pages/CreateServer.razor b/Web/Pages/CreateServer.razor
new file mode 100644
index 0000000..04b2bbe
--- /dev/null
+++ b/Web/Pages/CreateServer.razor
@@ -0,0 +1,21 @@
+@page "/CreateServer"
+@using Microsoft.AspNetCore.Http
+@using Microsoft.AspNetCore.Authentication
+@inject IHttpContextAccessor _httpContextAccessor
+<AuthorizeView>
+    <Authorized>
+        
+    </Authorized>
+    <NotAuthorized>
+        <h1>You must be logged in to view this page!</h1>
+    </NotAuthorized>
+</AuthorizeView>
+
+@code {
+    protected async override Task OnInitializedAsync()
+    {
+        string token = await _httpContextAccessor.HttpContext.GetTokenAsync("access_token");
+        var t = 2;
+    }
+
+}
\ No newline at end of file
diff --git a/Web/Pages/FetchData.razor b/Web/Pages/FetchData.razor
deleted file mode 100644
index b127f8b..0000000
--- a/Web/Pages/FetchData.razor
+++ /dev/null
@@ -1,46 +0,0 @@
-@page "/fetchdata"
-
-@using Web.Data
-@inject WeatherForecastService ForecastService
-
-<h1>Weather forecast</h1>
-
-<p>This component demonstrates fetching data from a service.</p>
-
-@if (forecasts == null)
-{
-    <p><em>Loading...</em></p>
-}
-else
-{
-    <table class="table">
-        <thead>
-            <tr>
-                <th>Date</th>
-                <th>Temp. (C)</th>
-                <th>Temp. (F)</th>
-                <th>Summary</th>
-            </tr>
-        </thead>
-        <tbody>
-            @foreach (var forecast in forecasts)
-            {
-                <tr>
-                    <td>@forecast.Date.ToShortDateString()</td>
-                    <td>@forecast.TemperatureC</td>
-                    <td>@forecast.TemperatureF</td>
-                    <td>@forecast.Summary</td>
-                </tr>
-            }
-        </tbody>
-    </table>
-}
-
-@code {
-    private WeatherForecast[] forecasts;
-
-    protected override async Task OnInitializedAsync()
-    {
-        forecasts = await ForecastService.GetForecastAsync(DateTime.Now);
-    }
-}
diff --git a/Web/Startup.cs b/Web/Startup.cs
index 4862858..be69f4f 100644
--- a/Web/Startup.cs
+++ b/Web/Startup.cs
@@ -33,7 +33,6 @@ namespace Web
             services.AddRazorPages();
             services.AddServerSideBlazor();
             services.AddHttpContextAccessor();
-            services.AddSingleton<WeatherForecastService>();
             services.AddAuthentication(options =>
                 {
                     options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
diff --git a/WebAPI/Controllers/BaseController.cs b/WebAPI/Controllers/BaseController.cs
new file mode 100644
index 0000000..0816f16
--- /dev/null
+++ b/WebAPI/Controllers/BaseController.cs
@@ -0,0 +1,16 @@
+using System;
+using System.Linq;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Net.Http.Headers;
+
+namespace WebAPI.Controllers
+{
+    public class BaseController : ControllerBase
+    {
+        protected string BearerToken =>
+            Request.Headers.Keys.Contains(HeaderNames.Authorization) &&
+            Request.Headers[HeaderNames.Authorization].Count > 0
+                ? Request.Headers[HeaderNames.Authorization].First()
+                : String.Empty;
+    }
+}
\ No newline at end of file
diff --git a/WebAPI/Controllers/HelloWorldController.cs b/WebAPI/Controllers/HelloWorldController.cs
index aba8549..e0b434c 100644
--- a/WebAPI/Controllers/HelloWorldController.cs
+++ b/WebAPI/Controllers/HelloWorldController.cs
@@ -10,20 +10,26 @@ namespace WebAPI.Controllers
 {
     [Route("api/[controller]")]
     [ApiController]
-    public class HelloWorldController : ControllerBase
+    public class HelloWorldController : BaseController
     {
         private readonly PterodactylService _pterodactylService;
+        private readonly OIDCService _oidcService;
 
-        public HelloWorldController(PterodactylService pterodactylService)
+        public HelloWorldController(PterodactylService pterodactylService, OIDCService oidcService)
         {
             _pterodactylService = pterodactylService;
+            _oidcService = oidcService;
         }
 
         [HttpGet]
         public async Task<string> HelloWorld()
         {
-            await Task.Delay(5000);
-            return AppSettings.PterodactylAPIKey;
+            if (await _oidcService.ValidateAccessToken(BearerToken))
+            {
+                return "Validated";
+            }
+            return "Failed";
         }
+        
     }
 }
\ No newline at end of file
diff --git a/WebAPI/Data/AppSettings.cs b/WebAPI/Data/AppSettings.cs
index 4c1badb..4711cf1 100644
--- a/WebAPI/Data/AppSettings.cs
+++ b/WebAPI/Data/AppSettings.cs
@@ -7,6 +7,7 @@ namespace WebAPI.Data
     {
         public static string PterodactylAPIKey { get; private set; }
         public static string PterodactylPanelURL { get; private set; }
+        public static string OIDCUserInfoEndpoint { get; private set; }
         public static void Init(IConfiguration configuration)
         {
             var fields = typeof(AppSettings).GetProperties();
diff --git a/WebAPI/Data/OIDCService.cs b/WebAPI/Data/OIDCService.cs
new file mode 100644
index 0000000..705a9f4
--- /dev/null
+++ b/WebAPI/Data/OIDCService.cs
@@ -0,0 +1,39 @@
+using System;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+
+namespace WebAPI.Data
+{
+    public class OIDCService
+    {
+        private HttpClient _httpClient { get; set; }
+        private ILogger<OIDCService> _logger { get; set; }
+        public OIDCService(ILogger<OIDCService> logger)
+        {
+            _logger = logger;
+            _httpClient = new HttpClient();
+        }
+
+        /// <summary>
+        /// Simple check of an OIDC access token by attempting to hit the userinfo endpoint.
+        /// </summary>
+        /// <param name="accessToken">access token to check</param>
+        /// <returns>success</returns>
+        public async Task<bool> ValidateAccessToken(string accessToken)
+        {
+            Uri requestUri = new Uri($"{AppSettings.OIDCUserInfoEndpoint}");
+            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUri);
+            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
+            HttpResponseMessage response = await _httpClient.SendAsync(request);
+            if (!response.IsSuccessStatusCode)
+            {
+                return false;
+            }
+            return false;
+        }
+        
+    }
+}
\ No newline at end of file
diff --git a/WebAPI/Startup.cs b/WebAPI/Startup.cs
index a9645d2..a685ba8 100644
--- a/WebAPI/Startup.cs
+++ b/WebAPI/Startup.cs
@@ -30,9 +30,39 @@ namespace WebAPI
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddControllers();
-            services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new OpenApiInfo {Title = "Petrie Panel Web API", Version = "v1"}); });
+            services.AddSwaggerGen(c =>
+            {
+                c.SwaggerDoc("v1", new OpenApiInfo {Title = "Petrie Panel Web API", Version = "v1"});
+                c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme()
+                {
+                    Description = "JWT Token",
+                    Name = "Authorization",
+                    In = ParameterLocation.Header,
+                    Type = SecuritySchemeType.ApiKey,
+                    Scheme = "Bearer"
+                });
+                c.AddSecurityRequirement(new OpenApiSecurityRequirement()
+                {
+                    {
+                        new OpenApiSecurityScheme
+                        {
+                            Reference = new OpenApiReference
+                            {
+                                Type = ReferenceType.SecurityScheme,
+                                Id = "Bearer"
+                            },
+                            Scheme = "oauth2",
+                            Name = "Bearer",
+                            In = ParameterLocation.Header,
+
+                        },
+                        new List<string>()
+                    }
+                });
+            });
             services.AddDbContext<AppDbContext>(options => options.UseNpgsql(Configuration.GetConnectionString("DefaultConnection")));
             services.AddSingleton<PterodactylService>();
+            services.AddSingleton<OIDCService>();
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
diff --git a/WebAPI/WebAPI.csproj b/WebAPI/WebAPI.csproj
index aa209f5..40ce389 100644
--- a/WebAPI/WebAPI.csproj
+++ b/WebAPI/WebAPI.csproj
@@ -16,8 +16,4 @@
         <PackageReference Include="Swashbuckle.AspNetCore" Version="5.6.3" />
     </ItemGroup>
 
-    <ItemGroup>
-      <Folder Include="Controllers" />
-    </ItemGroup>
-
 </Project>
diff --git a/WebAPI/appsettings.json b/WebAPI/appsettings.json
index a03004a..bb7dea6 100644
--- a/WebAPI/appsettings.json
+++ b/WebAPI/appsettings.json
@@ -11,5 +11,6 @@
   },
   "AllowedHosts": "*",
   "PterodactylAPIKey": "REPLACE_ME",
-  "PterodactylPanelURL": "https://panel.orfl.xyz"
+  "PterodactylPanelURL": "https://panel.orfl.xyz",
+  "OIDCUserInfoEndpoint": "https://authentik.mattstop.com/application/o/userinfo"
 }