diff --git a/README.md b/README.md
index ed15da8..9a862f9 100644
--- a/README.md
+++ b/README.md
@@ -8,11 +8,19 @@ The easiest way to get started is to use the docker image. This will give you a
 
 ```shell
 
+<<<<<<< Updated upstream
 docker-compose up -d
+=======
+docker compose up -d
+docker logs neptyne-spreadsheet-neptyne-1
+>>>>>>> Stashed changes
 
 ```
 
-Only need to build it once. After that, you can just run `docker-compose up`.
+The second statement will print out the shared secret you need to connect to the Neptyne server. 
+Open that url and you are in business.
+
+```shell
 
 ### Method 2: pip install
 
diff --git a/server/users.py b/server/users.py
index d764e96..06e5667 100644
--- a/server/users.py
+++ b/server/users.py
@@ -1,10 +1,12 @@
 from typing import Any, Literal
 
+from jwt import PyJWTError
 from sqlalchemy import func
 from sqlalchemy.orm import Session
 from tornado import web
 from tornado_sqlalchemy import SessionMixin
 
+from server.gsheet_auth import decode_gsheet_extension_token
 from server.models import (
     EmailShare,
     FirebaseUser,
@@ -19,7 +21,7 @@
 def token_from_headers(request_handler: web.RequestHandler) -> str | None:
     header = request_handler.request.headers.get("Authorization")
     if not header:
-        return None
+        return request_handler.request.headers.get("X-Neptyne-GSheet-Auth-Token")
 
     parts = header.split(" ")
     if len(parts) != 2 or parts[0].lower() != "bearer":
@@ -55,8 +57,11 @@ async def _authenticate_request(
         )
     if not token:
         raise web.HTTPError(401, "Missing token")
-    if not token == shared_secret:  # TODO: also check for a signed token
-        raise web.HTTPError(401, "Invalid token")
+    if not token == shared_secret:
+        try:
+            decode_gsheet_extension_token(token)
+        except PyJWTError:
+            raise web.HTTPError(401, "Invalid token")
     return await load_user(
         session,
         "<single-user-firebase-uid>",