we should support:

• server auth via token
• each service can register with auth method