diff --git a/server/http_handler.go b/server/http_handler.go
index 43eb64f..124b109 100644
--- a/server/http_handler.go
+++ b/server/http_handler.go
@@ -3,7 +3,6 @@ package server
 import (
 	"crypto/md5"
 	"encoding/hex"
-	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
@@ -173,37 +172,37 @@ func (h *houstonHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		r.Body.Close()
 	}()
 
-	var userinfo map[string]any
-	if !*noauth && (*authtype == "on" || *authtype == "both") {
-		authheader := r.Header.Get("Authorization")
-		if len(authheader) == 0 {
-			logger.Println("Authorization header is not valid :", authheader)
-			w.WriteHeader(http.StatusBadRequest)
-			return
-		}
+	// var userinfo map[string]any
+	// if !*noauth && (*authtype == "on" || *authtype == "both") {
+	// 	authheader := r.Header.Get("Authorization")
+	// 	if len(authheader) == 0 {
+	// 		logger.Println("Authorization header is not valid :", authheader)
+	// 		w.WriteHeader(http.StatusBadRequest)
+	// 		return
+	// 	}
 
-		req, _ := http.NewRequest("GET", "https://graph.microsoft.com/oidc/userinfo", nil)
-		req.Header.Add("Authorization", authheader)
-		client := &http.Client{}
+	// 	req, _ := http.NewRequest("GET", "https://graph.microsoft.com/oidc/userinfo", nil)
+	// 	req.Header.Add("Authorization", authheader)
+	// 	client := &http.Client{}
 
-		resp, err := client.Do(req)
-		if err != nil {
-			logger.Println("graph microsoft api call failed :", err)
-			w.WriteHeader(http.StatusBadRequest)
-			return
-		}
-		defer resp.Body.Close()
+	// 	resp, err := client.Do(req)
+	// 	if err != nil {
+	// 		logger.Println("graph microsoft api call failed :", err)
+	// 		w.WriteHeader(http.StatusBadRequest)
+	// 		return
+	// 	}
+	// 	defer resp.Body.Close()
 
-		raw, _ := io.ReadAll(resp.Body)
-		if err = json.Unmarshal(raw, &userinfo); err != nil {
-			return
-		}
+	// 	raw, _ := io.ReadAll(resp.Body)
+	// 	if err = json.Unmarshal(raw, &userinfo); err != nil {
+	// 		return
+	// 	}
 
-		if _, expired := userinfo["error"]; expired {
-			w.WriteHeader(http.StatusUnauthorized)
-			return
-		}
-	}
+	// 	if _, expired := userinfo["error"]; expired {
+	// 		w.WriteHeader(http.StatusUnauthorized)
+	// 		return
+	// 	}
+	// }
 
 	var operation string
 	if r.Method == "POST" {