diff --git a/.env b/.env
deleted file mode 100644
index d21acab..0000000
--- a/.env
+++ /dev/null
@@ -1 +0,0 @@
-WEBKIT_DISABLE_DMABUF_RENDERER=1
\ No newline at end of file
diff --git a/app.vue b/app.vue
index 4b92728..c5500da 100644
--- a/app.vue
+++ b/app.vue
@@ -23,6 +23,9 @@ switch (state.status) {
   case AppStatus.SignedOut:
     router.push("/auth");
     break;
+  case AppStatus.SignedInNeedsReauth:
+    router.push("/auth/signedout");
+    break;
 }
 
 listen("auth/processing", () => {
diff --git a/components/Header.vue b/components/Header.vue
index 2b16acf..dfe8d0b 100644
--- a/components/Header.vue
+++ b/components/Header.vue
@@ -1,9 +1,9 @@
 <template>
   <div
     @mousedown="() => window.startDragging()"
-    class="h-10 cursor-pointer bg-gray-950 flex flex-row justify-between"
+    class="h-16 cursor-pointer bg-gray-950 flex flex-row justify-between"
   >
-    <div class="flex flex-row grow items-center justify-between px-2 py-3">
+    <div class="flex flex-row grow items-center justify-between pl-5 pr-2 py-3">
       <div class="inline-flex items-center gap-x-10">
         <Wordmark class="h-8 mb-0.5" />
         <nav class="inline-flex items-center mt-0.5">
@@ -31,7 +31,7 @@
         </ol>
       </div>
     </div>
-    <WindowControl />
+    <WindowControl class="h-16 w-16 p-4" />
   </div>
 </template>
 
diff --git a/components/InitiateAuthModule.vue b/components/InitiateAuthModule.vue
new file mode 100644
index 0000000..00627e4
--- /dev/null
+++ b/components/InitiateAuthModule.vue
@@ -0,0 +1,93 @@
+<template>
+  <div
+    class="grid min-h-full grid-cols-1 grid-rows-[1fr,auto,1fr] lg:grid-cols-[max(50%,36rem),1fr]"
+  >
+    <header
+      class="mx-auto w-full max-w-7xl px-6 pt-6 sm:pt-10 lg:col-span-2 lg:col-start-1 lg:row-start-1 lg:px-8"
+    >
+      <Logo class="h-10 w-auto sm:h-12" />
+    </header>
+    <main
+      class="mx-auto w-full max-w-7xl px-6 py-24 sm:py-32 lg:col-span-2 lg:col-start-1 lg:row-start-2 lg:px-8"
+    >
+      <div class="max-w-lg">
+        <slot />
+        <div class="mt-10">
+          <button
+            @click="() => auth()"
+            :disabled="loading"
+            class="text-sm font-semibold leading-7 text-blue-600"
+          >
+            <div v-if="loading" role="status">
+              <svg
+                aria-hidden="true"
+                class="w-5 h-5 text-transparent animate-spin fill-white"
+                viewBox="0 0 100 101"
+                fill="none"
+                xmlns="http://www.w3.org/2000/svg"
+              >
+                <path
+                  d="M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z"
+                  fill="currentColor"
+                />
+                <path
+                  d="M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z"
+                  fill="currentFill"
+                />
+              </svg>
+              <span class="sr-only">Loading...</span>
+            </div>
+            <span v-else>
+              Sign in with your browser <span aria-hidden="true">&rarr;</span>
+            </span>
+          </button>
+        </div>
+      </div>
+    </main>
+    <footer class="self-end lg:col-span-2 lg:col-start-1 lg:row-start-3">
+      <div class="border-t border-blue-600 bg-zinc-900 py-10">
+        <nav
+          class="mx-auto flex w-full max-w-7xl items-center gap-x-4 px-6 text-sm leading-7 text-zinc-400 lg:px-8"
+        >
+          <a href="#">Documentation</a>
+          <svg
+            viewBox="0 0 2 2"
+            aria-hidden="true"
+            class="h-0.5 w-0.5 fill-zinc-700"
+          >
+            <circle cx="1" cy="1" r="1" />
+          </svg>
+          <a href="#">Troubleshooting</a>
+          <svg
+            viewBox="0 0 2 2"
+            aria-hidden="true"
+            class="h-0.5 w-0.5 fill-zinc-700"
+          >
+            <circle cx="1" cy="1" r="1" />
+          </svg>
+          <NuxtLink to="/setup/server">Switch instance</NuxtLink>
+        </nav>
+      </div>
+    </footer>
+    <div
+      class="hidden lg:relative lg:col-start-2 lg:row-start-1 lg:row-end-4 lg:block"
+    >
+      <img
+        src="@/assets/wallpaper.jpg"
+        alt=""
+        class="absolute inset-0 h-full w-full object-cover"
+      />
+    </div>
+  </div>
+</template>
+
+<script setup lang="ts">
+import { invoke } from "@tauri-apps/api/core";
+
+const loading = ref(false);
+
+async function auth() {
+  loading.value = true;
+  await invoke("auth_initiate");
+}
+</script>
diff --git a/components/WindowControl.vue b/components/WindowControl.vue
index 3610162..f777504 100644
--- a/components/WindowControl.vue
+++ b/components/WindowControl.vue
@@ -1,28 +1,7 @@
 <template>
-  <div class="inline-flex items-center gap-x-2">
-    <!--
-    <HeaderButton @click="() => window.minimize()">
-      <MinusIcon />
-    </HeaderButton>
-    <HeaderButton @click="() => window.maximize()">
-      <svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-        <rect
-          x="6"
-          y="6"
-          width="12"
-          height="12"
-          stroke="currentColor"
-          stroke-width="2"
-          stroke-linecap="round"
-          stroke-linejoin="round"
-        />
-      </svg>
-    </HeaderButton>
-    -->
-    <HeaderButton @click="() => window.close()">
-      <XMarkIcon />
-    </HeaderButton>
-  </div>
+  <HeaderButton @click="() => window.close()">
+    <XMarkIcon />
+  </HeaderButton>
 </template>
 
 <script setup lang="ts">
diff --git a/nvidia-prop-dev.sh b/nvidia-prop-dev.sh
new file mode 100755
index 0000000..c761597
--- /dev/null
+++ b/nvidia-prop-dev.sh
@@ -0,0 +1 @@
+WEBKIT_DISABLE_DMABUF_RENDERER=1 yarn tauri dev
\ No newline at end of file
diff --git a/pages/auth/index.vue b/pages/auth/index.vue
index 824479f..059586f 100644
--- a/pages/auth/index.vue
+++ b/pages/auth/index.vue
@@ -1,103 +1,17 @@
 <template>
-  <div
-    class="grid min-h-full grid-cols-1 grid-rows-[1fr,auto,1fr] lg:grid-cols-[max(50%,36rem),1fr]"
-  >
-    <header
-      class="mx-auto w-full max-w-7xl px-6 pt-6 sm:pt-10 lg:col-span-2 lg:col-start-1 lg:row-start-1 lg:px-8"
+  <InitiateAuthModule>
+    <h1
+      class="mt-4 text-3xl font-bold font-display tracking-tight text-zinc-100 sm:text-5xl"
     >
-      <Logo class="h-10 w-auto sm:h-12" />
-    </header>
-    <main
-      class="mx-auto w-full max-w-7xl px-6 py-24 sm:py-32 lg:col-span-2 lg:col-start-1 lg:row-start-2 lg:px-8"
-    >
-      <div class="max-w-lg">
-        <h1
-          class="mt-4 text-3xl font-bold font-display tracking-tight text-zinc-100 sm:text-5xl"
-        >
-          Sign in to Drop
-        </h1>
-        <p class="mt-6 text-base leading-7 text-zinc-400">
-          To get started, sign in to your Drop instance by clicking below.
-        </p>
-        <div class="mt-10">
-          <button
-            @click="() => auth()"
-            :disabled="loading"
-            class="text-sm font-semibold leading-7 text-blue-600"
-          >
-            <div v-if="loading" role="status">
-              <svg
-                aria-hidden="true"
-                class="w-5 h-5 text-transparent animate-spin fill-white"
-                viewBox="0 0 100 101"
-                fill="none"
-                xmlns="http://www.w3.org/2000/svg"
-              >
-                <path
-                  d="M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z"
-                  fill="currentColor"
-                />
-                <path
-                  d="M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z"
-                  fill="currentFill"
-                />
-              </svg>
-              <span class="sr-only">Loading...</span>
-            </div>
-            <span v-else>
-              Sign in with your browser <span aria-hidden="true">&rarr;</span>
-            </span>
-          </button>
-        </div>
-      </div>
-    </main>
-    <footer class="self-end lg:col-span-2 lg:col-start-1 lg:row-start-3">
-      <div class="border-t border-blue-600 bg-zinc-900 py-10">
-        <nav
-          class="mx-auto flex w-full max-w-7xl items-center gap-x-4 px-6 text-sm leading-7 text-zinc-400 lg:px-8"
-        >
-          <a href="#">Documentation</a>
-          <svg
-            viewBox="0 0 2 2"
-            aria-hidden="true"
-            class="h-0.5 w-0.5 fill-zinc-700"
-          >
-            <circle cx="1" cy="1" r="1" />
-          </svg>
-          <a href="#">Troubleshooting</a>
-          <svg
-            viewBox="0 0 2 2"
-            aria-hidden="true"
-            class="h-0.5 w-0.5 fill-zinc-700"
-          >
-            <circle cx="1" cy="1" r="1" />
-          </svg>
-          <NuxtLink to="/setup/server">Switch instance</NuxtLink>
-        </nav>
-      </div>
-    </footer>
-    <div
-      class="hidden lg:relative lg:col-start-2 lg:row-start-1 lg:row-end-4 lg:block"
-    >
-      <img
-        src="@/assets/wallpaper.jpg"
-        alt=""
-        class="absolute inset-0 h-full w-full object-cover"
-      />
-    </div>
-  </div>
+      Sign in to Drop
+    </h1>
+    <p class="mt-6 text-base leading-7 text-zinc-400">
+      To get started, sign in to your Drop instance by clicking below.
+    </p>
+  </InitiateAuthModule>
 </template>
 
 <script setup lang="ts">
-import { invoke } from "@tauri-apps/api/core";
-
-const loading = ref(false);
-
-async function auth() {
-  loading.value = true;
-  await invoke("auth_initiate");
-}
-
 definePageMeta({
   layout: "mini",
 });
diff --git a/pages/auth/signedout.vue b/pages/auth/signedout.vue
new file mode 100644
index 0000000..284cba0
--- /dev/null
+++ b/pages/auth/signedout.vue
@@ -0,0 +1,18 @@
+<template>
+  <InitiateAuthModule>
+    <h1
+      class="mt-4 text-3xl font-bold font-display tracking-tight text-zinc-100 sm:text-5xl"
+    >
+      You've been signed out
+    </h1>
+    <p class="mt-6 text-base leading-7 text-zinc-400">
+      Unfortunately, you've been signed out. To sign back in, click below.
+    </p>
+  </InitiateAuthModule>
+</template>
+
+<script setup lang="ts">
+definePageMeta({
+  layout: "mini",
+});
+</script>
diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock
index 2083da5..474c913 100644
--- a/src-tauri/Cargo.lock
+++ b/src-tauri/Cargo.lock
@@ -931,7 +931,9 @@ version = "0.1.0"
 dependencies = [
  "ciborium",
  "directories",
+ "hex",
  "log",
+ "openssl",
  "os_info",
  "rayon",
  "reqwest",
@@ -945,6 +947,7 @@ dependencies = [
  "tauri-plugin-shell",
  "tauri-plugin-single-instance",
  "url",
+ "uuid",
  "webbrowser",
  "zstd",
 ]
@@ -3203,9 +3206,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.23.13"
+version = "0.23.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2dabaac7466917e566adb06783a81ca48944c6898a1b08b9374106dd671f4c8"
+checksum = "415d9944693cb90382053259f89fbb077ea730ad7273047ec63b19bc9b160ba8"
 dependencies = [
  "once_cell",
  "rustls-pki-types",
@@ -4613,7 +4616,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "81dfa00651efa65069b0b6b651f4aaa31ba9e3c3ce0137aaad053604ee7e0314"
 dependencies = [
  "getrandom 0.2.15",
+ "rand 0.8.5",
  "serde",
+ "uuid-macro-internal",
+]
+
+[[package]]
+name = "uuid-macro-internal"
+version = "1.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee1cd046f83ea2c4e920d6ee9f7c3537ef928d75dce5d84a87c2c5d6b3999a3a"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.79",
 ]
 
 [[package]]
diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml
index a26e11a..1e2d353 100644
--- a/src-tauri/Cargo.toml
+++ b/src-tauri/Cargo.toml
@@ -35,6 +35,18 @@ os_info = "3.8.2"
 tauri-plugin-deep-link = "2"
 log = "0.4.22"
 structured-logger = "1.0.3"
+hex = "0.4.3"
+
+[dependencies.uuid]
+version = "1.10.0"
+features = [
+    "v4",                # Lets you generate random UUIDs
+    "fast-rng",          # Use a faster (but still sufficiently random) RNG
+    "macro-diagnostics", # Enable better diagnostics for compile-time UUIDs
+]
+
+[dependencies.openssl]
+version = "0.10.66"
 
 [dependencies.rustbreak]
 version = "2"
@@ -43,4 +55,3 @@ features = ["bin_enc"] # You can also use "yaml_enc" or "bin_enc"
 [dependencies.reqwest]
 version = "0.12"
 features = ["json", "blocking"]
-
diff --git a/src-tauri/src/auth.rs b/src-tauri/src/auth.rs
index 1c7403b..d0ff6f8 100644
--- a/src-tauri/src/auth.rs
+++ b/src-tauri/src/auth.rs
@@ -1,14 +1,22 @@
 use std::{
     borrow::{Borrow, BorrowMut},
+    fmt::format,
     sync::Mutex,
 };
 
 use log::info;
+use openssl::{
+    ec::EcKey,
+    hash::MessageDigest,
+    pkey::PKey,
+    sign::{self, Signer},
+};
 use serde::{Deserialize, Serialize};
 use tauri::{App, AppHandle, Emitter, Error, EventLoopMessage, Manager, Wry};
 use url::Url;
+use uuid::Uuid;
 
-use crate::{data::DatabaseCerts, AppState, AppStatus, User, DB};
+use crate::{data::DatabaseAuth, AppState, AppStatus, User, DB};
 
 #[derive(Serialize)]
 struct InitiateRequestBody {
@@ -41,6 +49,52 @@ macro_rules! unwrap_or_return {
     };
 }
 
+pub fn sign_nonce(private_key: String, nonce: String) -> Result<String, Error> {
+    let client_private_key = EcKey::private_key_from_pem(private_key.as_bytes()).unwrap();
+    let pkey_private_key = PKey::from_ec_key(client_private_key).unwrap();
+
+    let mut signer = Signer::new(MessageDigest::sha256(), &pkey_private_key).unwrap();
+    signer.update(nonce.as_bytes()).unwrap();
+    let signature = signer.sign_to_vec().unwrap();
+
+    let hex_signature = hex::encode(signature);
+
+    return Ok(hex_signature);
+}
+
+pub fn generate_authorization_header() -> String {
+    let certs = {
+        let db = DB.borrow_data().unwrap();
+        db.auth.clone().unwrap()
+    };
+
+    let nonce = Uuid::new_v4().to_string();
+    let signature = sign_nonce(certs.private, nonce.clone()).unwrap();
+
+    return format!("Nonce {} {} {}", certs.clientId, nonce, signature);
+}
+
+pub fn fetch_user() -> Result<User, Error> {
+    let base_url = {
+        let handle = DB.borrow_data().unwrap();
+        Url::parse(&handle.base_url).unwrap()
+    };
+
+    let endpoint = base_url.join("/api/v1/client/user").unwrap();
+    let header = generate_authorization_header();
+
+    let client = reqwest::blocking::Client::new();
+    let response = client
+        .get(endpoint.to_string())
+        .header("Authorization", header)
+        .send()
+        .unwrap();
+
+    let user = response.json::<User>().unwrap();
+
+    return Ok(user);
+}
+
 pub fn recieve_handshake(app: AppHandle, path: String) {
     // Tell the app we're processing
     app.emit("auth/processing", ()).unwrap();
@@ -63,7 +117,7 @@ pub fn recieve_handshake(app: AppHandle, path: String) {
         token: token.to_string(),
     };
 
-    let endpoint = unwrap_or_return!(base_url.join("/api/v1/client/handshake"), app);
+    let endpoint = unwrap_or_return!(base_url.join("/api/v1/client/auth/handshake"), app);
     let client = reqwest::blocking::Client::new();
     let response = unwrap_or_return!(client.post(endpoint).json(&body).send(), app);
     info!("server responded with {}", response.status());
@@ -71,9 +125,10 @@ pub fn recieve_handshake(app: AppHandle, path: String) {
 
     {
         let mut handle = DB.borrow_data_mut().unwrap();
-        handle.certs = Some(DatabaseCerts {
+        handle.auth = Some(DatabaseAuth {
             private: response_struct.private,
             cert: response_struct.certificate,
+            clientId: response_struct.id,
         });
         drop(handle);
         DB.save().unwrap();
@@ -86,6 +141,8 @@ pub fn recieve_handshake(app: AppHandle, path: String) {
     }
 
     app.emit("auth/finished", ()).unwrap();
+
+    fetch_user().unwrap();
 }
 
 #[tauri::command]
@@ -97,7 +154,7 @@ pub async fn auth_initiate<'a>() -> Result<(), String> {
 
     let current_os_info = os_info::get();
 
-    let endpoint = base_url.join("/api/v1/client/initiate").unwrap();
+    let endpoint = base_url.join("/api/v1/client/auth/initiate").unwrap();
     let body = InitiateRequestBody {
         name: format!("Drop Desktop Client"),
         platform: current_os_info.os_type().to_string(),
@@ -124,10 +181,13 @@ pub fn setup() -> Result<(AppStatus, Option<User>), Error> {
     let data = DB.borrow_data().unwrap();
 
     // If we have certs, exit for now
-    if data.certs.is_some() {
-        // TODO: check if it's still valid, and fetch user information
-        info!("have existing certs, assuming logged in...");
-        return Ok((AppStatus::SignedInNeedsReauth, None));
+    if data.auth.is_some() {
+        let user_result = fetch_user();
+        if user_result.is_err() {
+            return Ok((AppStatus::SignedInNeedsReauth, None));
+
+        }
+        return Ok((AppStatus::SignedIn, Some(user_result.unwrap())))
     }
 
     drop(data);
diff --git a/src-tauri/src/data.rs b/src-tauri/src/data.rs
index 4e52be4..2dd9ebd 100644
--- a/src-tauri/src/data.rs
+++ b/src-tauri/src/data.rs
@@ -7,14 +7,15 @@ use serde::Deserialize;
 use crate::DB;
 
 #[derive(serde::Serialize, Clone, Deserialize)]
-pub struct DatabaseCerts {
+pub struct DatabaseAuth {
     pub private: String,
     pub cert: String,
+    pub clientId: String,
 }
 
 #[derive(serde::Serialize, Clone, Deserialize)]
 pub struct Database {
-    pub certs: Option<DatabaseCerts>,
+    pub auth: Option<DatabaseAuth>,
     pub base_url: String,
 }
 
@@ -24,7 +25,7 @@ pub type DatabaseInterface =
 pub fn setup() -> DatabaseInterface {
     let db_path = BaseDirs::new().unwrap().data_dir().join("drop");
     let default = Database {
-        certs: None,
+        auth: None,
         base_url: "".to_string(),
     };
     let db = match fs::exists(db_path.clone()).unwrap() {
diff --git a/src-tauri/src/lib.rs b/src-tauri/src/lib.rs
index 4f7d644..fadfc0c 100644
--- a/src-tauri/src/lib.rs
+++ b/src-tauri/src/lib.rs
@@ -13,7 +13,7 @@ use auth::{auth_initiate, recieve_handshake};
 use data::DatabaseInterface;
 use log::info;
 use remote::use_remote;
-use serde::Serialize;
+use serde::{Deserialize, Serialize};
 use structured_logger::{json::new_writer, Builder};
 use tauri_plugin_deep_link::DeepLinkExt;
 
@@ -24,7 +24,7 @@ pub enum AppStatus {
     SignedIn,
     SignedInNeedsReauth,
 }
-#[derive(Clone, Copy, Serialize)]
+#[derive(Clone, Copy, Serialize, Deserialize)]
 pub struct User {}
 
 #[derive(Clone, Copy, Serialize)]