diff --git a/server/marketserver/middleware/jwtauth.go b/server/marketserver/middleware/jwtauth.go
index 8203eb1e..4f6da7c6 100644
--- a/server/marketserver/middleware/jwtauth.go
+++ b/server/marketserver/middleware/jwtauth.go
@@ -1,10 +1,64 @@
 package middleware
 
 import (
+	"q5"
+	"f5"
+	"mt"
+	"fmt"
 	"github.com/gin-gonic/gin"
 )
 
+/*
+	'Authorization Bearer {JwtToken}'
+*/
 func JwtAuth(c *gin.Context) {
-	//tokenHeader := c.Request.Header.Get("Authorization")
+	tokenHeader := c.Request.Header.Get("Authorization")
+	jwtToken := ""
+	if len(tokenHeader) < 8 {
+		jwtToken = tokenHeader[8:len(tokenHeader)]
+	}
+
+	params := map[string]string{
+		"c": "Jwt",
+		"a": "verify",
+	}
+	jsonReqObj := &struct {
+		JwksUri string `json:"jwksUri"`
+		Data string `json:"data"`
+	}{
+		Data: jwtToken,
+	}
+	jsonRspObj := &struct {
+		ErrCode interface{} `json:"errcode"`
+		ErrMsg string `json:"errmsg"`
+		TransId string `json:"trans_id"`
+		Params []string `json:"params"`
+	}{
+		Params: []string{},
+	}
+	rspObj := &struct {
+		ErrCode interface{} `json:"errcode"`
+		ErrMsg string `json:"errmsg"`
+	}{}
+	paramsStr := q5.EncodeJson(jsonReqObj)
+	url := fmt.Sprintf("%s/webapp/index.php", mt.Table.Web3ServiceCluster.RandElement().GetUrl())
+	f5.GetHttpCliMgr().SendGoStyleJsonRspPost(
+		url,
+		params,
+		jsonRspObj,
+		q5.HTTP_HEADER_JSON,
+		paramsStr,
+		func(rsp f5.HttpCliResponse) {
+			if rsp.GetErr() != nil ||
+				!rsp.JsonParseOk() {
+				rspObj.ErrCode = 500
+				rspObj.ErrMsg = "server internal error"
+				c.JSON(200, rspObj)
+				return
+			}
+			rspObj.ErrCode = q5.SafeToInt32(jsonRspObj.ErrCode)
+			rspObj.ErrMsg = jsonRspObj.ErrMsg
+			c.JSON(200, rspObj)
+		})
 	c.Next()
 }