diff --git a/src/smolvault/auth.py b/src/smolvault/auth.py
new file mode 100644
index 0000000..8b76a9d
--- /dev/null
+++ b/src/smolvault/auth.py
@@ -0,0 +1,27 @@
+from typing import Annotated
+
+from fastapi import Depends
+from fastapi.security import OAuth2PasswordBearer
+from pydantic import BaseModel
+
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
+
+
+class User(BaseModel):
+    username: str
+    email: str | None = None
+    full_name: str | None = None
+    disabled: bool | None = None
+
+
+def decode_token(token: str) -> User:
+    return User(
+        username="fakeuser",
+        email="fake@email.com",
+        full_name="Fake User",
+    )
+
+
+async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]) -> User:
+    user = decode_token(token)
+    return user
diff --git a/src/smolvault/main.py b/src/smolvault/main.py
index 4335fea..f6ab52d 100644
--- a/src/smolvault/main.py
+++ b/src/smolvault/main.py
@@ -11,6 +11,7 @@
 from fastapi.middleware.gzip import GZipMiddleware
 from fastapi.responses import FileResponse, Response
 
+from smolvault.auth import User, get_current_user
 from smolvault.cache.cache_manager import CacheManager
 from smolvault.clients.aws import S3Client
 from smolvault.clients.database import DatabaseClient, FileMetadataRecord
@@ -25,6 +26,7 @@
 logger = logging.getLogger(__name__)
 
 app = FastAPI(title="smolvault")
+
 app.add_middleware(GZipMiddleware, minimum_size=1000)
 app.add_middleware(
     CORSMiddleware,
@@ -34,14 +36,15 @@
     allow_headers=["*"],
 )
 
+
 settings: Settings = get_settings()
 s3_client = S3Client(bucket_name=settings.smolvault_bucket)
 cache = CacheManager(cache_dir=settings.smolvault_cache)
 
 
 @app.get("/")
-async def read_root() -> dict[str, str]:
-    return {"Hello": "World"}
+async def read_root(current_user: Annotated[User, Depends(get_current_user)]) -> User:
+    return current_user
 
 
 @app.post("/file/upload")