diff --git a/api/src/dooris_api/deps.py b/api/src/dooris_api/deps.py
index 1d8dccf..0a5ded3 100644
--- a/api/src/dooris_api/deps.py
+++ b/api/src/dooris_api/deps.py
@@ -13,7 +13,13 @@ OpenidClient = Annotated[OpenidClient, Depends(get_oidc_client)]
 
 
 async def get_current_user(req: Request, oidc_client: OpenidClient) -> Optional[models.CurrentUser]:
-    return None
+    # for now we only handle the case of no expired tokens
+    # TODO: automatically use the refresh token to fetch new access tokens
+    if not all(i in req.cookies for i in ["access_token", "refresh_token", "id_token", "auth_nonce"]):
+        return None
+
+    id_token = oidc_client.decode_id_token(req.cookies["id_token"], nonce=req.cookies["auth_nonce"])
+    return models.CurrentUser(id_token=id_token)
 
 
 CurrentUser = Annotated[Optional[models.CurrentUser], Depends(get_current_user)]
diff --git a/api/src/dooris_api/models.py b/api/src/dooris_api/models.py
index 72791f7..7cf5940 100644
--- a/api/src/dooris_api/models.py
+++ b/api/src/dooris_api/models.py
@@ -1,14 +1,9 @@
 from typing import Optional
-from datetime import datetime
 from pydantic import BaseModel
 from simple_openid_connect.data import IdToken
 
 
 class CurrentUser(BaseModel):
-    access_token: str
-    access_token_expiry: datetime
-    refresh_token: Optional[str]
-    refresh_token_expiry: Optional[datetime]
     id_token: IdToken