diff --git a/src/DigitalData.Auth.API/Program.cs b/src/DigitalData.Auth.API/Program.cs
index 27dd250..71dd06e 100644
--- a/src/DigitalData.Auth.API/Program.cs
+++ b/src/DigitalData.Auth.API/Program.cs
@@ -32,7 +32,7 @@ builder.Services.AddJwtSignatureHandler<Consumer>(api => new Dictionary<string,
 builder.Services.AddJwtSignatureHandler<UserReadDto>(user => new Dictionary<string, object>
 {
     { JwtRegisteredClaimNames.Sub, user.Id },
-    { JwtRegisteredClaimNames.UniqueName, user.Id },
+    { JwtRegisteredClaimNames.UniqueName, user.Username },
     { JwtRegisteredClaimNames.Email, user.Email ?? string.Empty },
     { JwtRegisteredClaimNames.GivenName, user.Prename ?? string.Empty },
     { JwtRegisteredClaimNames.FamilyName, user.Name ?? string.Empty },
@@ -108,7 +108,37 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                     && token is not null)  
                     context.Token = token;
                 return Task.CompletedTask;
-            }
+            },
+        };
+    });
+
+builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(options =>
+    {
+        options.RequireHttpsMetadata = apiParams!.RequireHttpsMetadata;
+        options.ClaimsIssuer = apiParams!.Issuer;
+        options.Audience = apiParams.LocalConsumer.Audience;
+        options.TokenValidationParameters = new()
+        {
+            ValidateIssuer = true,
+            ValidIssuer = apiParams!.Issuer,
+            ValidateAudience = true,
+            ValidAudience = apiParams.LocalConsumer.Audience,
+            ValidateLifetime = true,
+            IssuerSigningKey = issuerSigningKeyInitiator?.Value
+        };
+
+        options.Events = new JwtBearerEvents
+        {
+            OnMessageReceived = context =>
+            {
+                // if there is no token read related cookie
+                if (context.Token is null   // if there is no token
+                    && context.Request.Cookies.TryGetValue(apiParams!.DefaultCookieName, out var token)    // get token from cookies  
+                    && token is not null)
+                    context.Token = token;
+                return Task.CompletedTask;
+            },
         };
     });