diff --git a/packages/backend/src/config/index.js b/packages/backend/src/config/index.js
index 7094792c24a..abd24e886c8 100644
--- a/packages/backend/src/config/index.js
+++ b/packages/backend/src/config/index.js
@@ -8,7 +8,7 @@ export default {
   jwt: {
     secretOrKey: process.env.MONGO_ENC_KEY,
     issuer: process.env.JWT_ISSUER,
-    audience: process.env.JWT_SITE,
+    audience: process.env.JWT_ISSUER,
     expiresIn: "36 days",
 
   },
diff --git a/packages/backend/src/controllers/user.js b/packages/backend/src/controllers/user.js
index 40fd68647ec..01e6888db93 100644
--- a/packages/backend/src/controllers/user.js
+++ b/packages/backend/src/controllers/user.js
@@ -5,10 +5,9 @@ import { log } from "../utils";
 import jwt from "jsonwebtoken";
 import config from "../config";
 
-const userController = {};
+function UserController() { }
 
-// Login
-userController.login = (req, res) => {
+UserController.prototype.login = function (req, res) {
   if (!req.body) return res.sendStatus(400);
   User.findOne({
     $or: [
@@ -25,7 +24,9 @@ userController.login = (req, res) => {
         let account = user.account();
         let token = jwt.sign({
           _id: account._id,
-          handle: account.handle
+          handle: account.handle,
+          aud: config.jwt.audience,
+          iss: config.jwt.issuer,
         }, config.jwt.secretOrKey);
         user.updateLoginTime(() => res.send({account,token}));
       } else {
@@ -36,40 +37,40 @@ userController.login = (req, res) => {
   });
 }
 
+
 // CRUD basics
-userController.create = (req, res) => { }
-userController.readAccount = (req, res) => { }
-userController.readOwnProfile = (req, res) => { }
-userController.readProfile = (req, res) => { }
-userController.update = (req, res) => { }
-userController.delete = (req, res) => { }
 
-// Signup flow
-userController.signup = (req, res) => { }
-userController.confirmSignupEmail = (req, res) => { }
-userController.removeConfirmation = (req, res) => { }
-userController.resendActivationEmail = (req, res) => { }
-
-// Reset/recover/change email
-userController.recoverPassword = (req, res) => { }
-userController.resetPassword = (req, res) => { }
-userController.confirmChangedEmail = (req, res) => { }
-
-// Other
-userController.patronList = (req, res) => { }
-userController.exportData = (req, res) => { }
-
-
-userController.findOne = (req, res) => {
-  User.find({"username":"joost"})
-  .then( users => {
-    res.send(users);
-  }).catch(err => {
-    res.status(500).send({
-      message: err.message || "An error occurred."
-    });
+//  create (req, res) { }
+UserController.prototype.readAccount = function (req, res) {
+  if (!req.user._id) return res.sendStatus(400);
+  User.findById(req.user._id, (err, user) => {
+    log.info('ping', { user, req });
+    res.send({account: user.account()});
   });
 }
+//  readAccount (req, res) {
+//    //console.log('test', req);
+//    return res.sendStatus(200);//(req.user);
+//  }
+ // userController.readOwnProfile = (req, res) => { }
+ // userController.readProfile = (req, res) => { }
+ // userController.update = (req, res) => { }
+ // userController.delete = (req, res) => { }
+
+ // // Signup flow
+ // userController.signup = (req, res) => { }
+ // userController.confirmSignupEmail = (req, res) => { }
+ // userController.removeConfirmation = (req, res) => { }
+ // userController.resendActivationEmail = (req, res) => { }
+
+ // // Reset/recover/change email
+ // userController.recoverPassword = (req, res) => { }
+ // userController.resetPassword = (req, res) => { }
+ // userController.confirmChangedEmail = (req, res) => { }
+
+ // // Other
+ // userController.patronList = (req, res) => { }
+ // userController.exportData = (req, res) => { }
 
 
 const clean = (email) => email.toLowerCase().trim();
@@ -86,4 +87,4 @@ const passwordMatches = async (password, hash) => {
   return match;
 }
 
-export default userController;
+export default UserController;
diff --git a/packages/backend/src/index.js b/packages/backend/src/index.js
index 59edf37c8b7..05ba1b68db4 100644
--- a/packages/backend/src/index.js
+++ b/packages/backend/src/index.js
@@ -1,17 +1,22 @@
 import express from "express";
 import mongoose from "mongoose";
 import chalk from "chalk";
+import passport from "passport";
 import config from "./config";
-import middleware from "./middleware";
+import expressMiddleware from "./middleware/express";
+import passportMiddleware from "./middleware/passport";
 import routes from "./routes";
 
 const app = express();
 
-// Load middleware
-for (let type of Object.keys(middleware)) middleware[type](app);
+// Load Express middleware
+for (let type of Object.keys(expressMiddleware)) expressMiddleware[type](app);
+
+// Load Passport middleware
+for (let type of Object.keys(passportMiddleware)) passportMiddleware[type](passport);
 
 // Load routes
-for (let type of Object.keys(routes)) routes[type](app);
+for (let type of Object.keys(routes)) routes[type](app, passport);
 
 // Connecting to the database
 mongoose.Promise = global.Promise;
@@ -45,7 +50,7 @@ const port = process.env.PORT || 3000;
 
 app.listen(port, err => {
   if (err) {
-    console.error(err);
+    console.error('Error occured', err);
   }
 
   if (__DEV__) {
diff --git a/packages/backend/src/middleware/bodyParser.js b/packages/backend/src/middleware/express/bodyParser.js
similarity index 100%
rename from packages/backend/src/middleware/bodyParser.js
rename to packages/backend/src/middleware/express/bodyParser.js
diff --git a/packages/backend/src/middleware/cors.js b/packages/backend/src/middleware/express/cors.js
similarity index 100%
rename from packages/backend/src/middleware/cors.js
rename to packages/backend/src/middleware/express/cors.js
diff --git a/packages/backend/src/middleware/index.js b/packages/backend/src/middleware/express/index.js
similarity index 100%
rename from packages/backend/src/middleware/index.js
rename to packages/backend/src/middleware/express/index.js
diff --git a/packages/backend/src/middleware/passport.js b/packages/backend/src/middleware/passport.js
deleted file mode 100644
index 6955349f6bb..00000000000
--- a/packages/backend/src/middleware/passport.js
+++ /dev/null
@@ -1,11 +0,0 @@
-import jwt from "passport-jwt";
-import config from "../config";
-
-const options = {
-  jwtFromRequest: jwt.ExtractJwt.fromAuthHeaderAsBearerToken(),
-  ...config.jwt
-}
-
-export default (app) => {
-  app.use(new jwt.Strategy(options));
-}
diff --git a/packages/backend/src/middleware/passport/index.js b/packages/backend/src/middleware/passport/index.js
new file mode 100644
index 00000000000..3cb5a0133c4
--- /dev/null
+++ b/packages/backend/src/middleware/passport/index.js
@@ -0,0 +1,3 @@
+import jwt from "./jwt";
+
+export default { jwt }
diff --git a/packages/backend/src/middleware/passport/jwt.js b/packages/backend/src/middleware/passport/jwt.js
new file mode 100644
index 00000000000..9cf75a09c09
--- /dev/null
+++ b/packages/backend/src/middleware/passport/jwt.js
@@ -0,0 +1,13 @@
+import jwt from "passport-jwt";
+import config from "../../config";
+
+const options = {
+  jwtFromRequest: jwt.ExtractJwt.fromAuthHeaderAsBearerToken(),
+  ...config.jwt
+}
+
+export default (passport) => {
+  passport.use(new jwt.Strategy(options, (jwt_payload, done) => {
+    return done(null, jwt_payload);
+  }));
+}
diff --git a/packages/backend/src/routes/user.js b/packages/backend/src/routes/user.js
index fd0ac338c6e..6d36a132f56 100644
--- a/packages/backend/src/routes/user.js
+++ b/packages/backend/src/routes/user.js
@@ -1,7 +1,9 @@
-import userController from "../controllers/user";
+import Controller from "../controllers/user";
 
-export default (app) => {
-  app.get('/user', userController.findOne);
+const User = new Controller();
+
+export default (app, passport) => {
+  //app.get('/user', userController.findOne);
 
 /**********************************************
  *                                            *
@@ -12,43 +14,43 @@ export default (app) => {
   /*  Sign-up flow */
 
   // Sign up user
-  app.post('/signup', userController.signup);
+  //app.post('/signup', userController.signup);
 
   // Resend user activation email
-  app.post('/resend/activation/email', userController.resendActivationEmail);
+  //app.post('/resend/activation/email', userController.resendActivationEmail);
 
   // Create account from confirmation / Consent for data processing given
-  app.post('/user', userController.create);
+  //app.post('/user', userController.create);
 
   // Remove confirmation / No consent for data processing given
-  app.delete('/remove/confirmation/:token', userController.removeConfirmation);
+  //app.delete('/remove/confirmation/:token', userController.removeConfirmation);
 
 
   /* Login flow */
 
   // User login
-  app.post('/login', userController.login);
+  app.post('/login', User.login);
 
   // Recover user password
-  app.post('/recover/password', userController.recoverPassword);
+  //app.post('/recover/password', userController.recoverPassword);
 
   // Reset user password
-  app.post('/reset/password', userController.resetPassword);
+  //app.post('/reset/password', userController.resetPassword);
 
 
   /* Email confirmation endpoints */
   // (these are always GET because they are links in an email)
 
   // Confirm email address at signup
-  app.get('/confirm/signup/email/:token', userController.confirmSignupEmail);
+  //app.get('/confirm/signup/email/:token', userController.confirmSignupEmail);
 
   // Confirm user email change
-  app.get('/confirm/changed/email:handle/:token', userController.confirmChangedEmail);
+  //app.get('/confirm/changed/email:handle/:token', userController.confirmChangedEmail);
 
 
   /* Email confirmation endpoints */
   // Load patron list
-  app.get('/patrons/list', userController.patronList);
+  //app.get('/patrons/list', userController.patronList);
 
 
 /**********************************************
@@ -58,17 +60,22 @@ export default (app) => {
  *********************************************/
 
   /* CRUD endpoints */
-  app.get('/account', userController.readAccount); // Read account (own data)
-  app.get('/user', userController.readOwnProfile); // Read profile (own data)
-  app.get('/user/:handle', userController.readProfile); // Read profile (other user's data)
+  app.get('/account', passport.authenticate('jwt', { session: false }), User.readAccount); // Read account (own data)
+  //app.get('/account', function(req, res,next) {
+  //    passport.authenticate('jwt', function(err, user, info) {
+  //      console.log('In authenticate callback, arguments should be (err, user, info)', arguments);
+  //      return next(res.send({error: err, user: user, info: info}));
+  //    })(req, res, next)
+  //});
+
+  //app.get('/user', userController.readOwnProfile); // Read profile (own data)
+  //app.get('/user/:handle', userController.readProfile); // Read profile (other user's data)
   // Create is a non-authenticated route part of sign-up flow
-  app.put('/user', userController.update); // Update
-  app.delete('/user', userController.delete); // Delete
-
-
+  //app.put('/user', userController.update); // Update
+  //app.delete('/user', userController.delete); // Delete
 
   // Export data
-  app.get('/export', userController.exportData);
+  //app.get('/export', userController.exportData);
 }
 
 
diff --git a/packages/backend/src/utils/log/index.js b/packages/backend/src/utils/log/index.js
index d35b5e8e060..fdb960ab377 100644
--- a/packages/backend/src/utils/log/index.js
+++ b/packages/backend/src/utils/log/index.js
@@ -7,6 +7,7 @@ const now = () => dateFormat(new Date(), "yyyy-mm-dd hh:MM:ss");
 const logWorthy = (msg, data) => {
   let d = {at: now()};
   switch(msg) {
+    case 'ping':
     case 'login':
     case 'wrongPassword':
       d.user = data.user.handle;