diff --git a/packages/koa/package.json b/packages/koa/package.json
index 9d1f6ce2810e335e12625c84f4ca26f0817d9936..e8b16ad656a3bfe254ea5adcc9c169e504363577 100644
--- a/packages/koa/package.json
+++ b/packages/koa/package.json
@@ -72,12 +72,12 @@
     "esm": "^3.2.25",
     "fs-extra": "^8.1.0",
     "jsonql-constants": "^1.8.3",
-    "jsonql-contract": "^1.7.20",
+    "jsonql-contract": "^1.7.21",
     "jsonql-errors": "^1.1.3",
     "jsonql-jwt": "^1.3.2",
     "jsonql-node-client": "^1.1.9",
     "jsonql-params-validator": "^1.4.11",
-    "jsonql-resolver": "^0.9.2",
+    "jsonql-resolver": "^0.9.3",
     "jsonql-utils": "^0.6.12",
     "jsonql-web-console": "^0.4.3",
     "koa": "^2.8.2",
diff --git a/packages/koa/src/middlewares/auth-middleware.js b/packages/koa/src/middlewares/auth-middleware.js
index fea1cc12edf8c564c6f6d001a7c32b16066ecd6d..3ba9164d6a36299483ad9990d57ef2a97685594b 100644
--- a/packages/koa/src/middlewares/auth-middleware.js
+++ b/packages/koa/src/middlewares/auth-middleware.js
@@ -27,6 +27,7 @@ import {
   JsonqlValidationError,
   finalCatch
 } from 'jsonql-errors'
+// this method just search if the user provide their own validate token method
 import { getLocalValidator } from 'jsonql-resolver'
 import { trim } from 'lodash'
 
@@ -87,6 +88,7 @@ const createJwtValidatorChain = (config, validator = false) => {
  */
 const getValidator = (config, type, contract) => {
   if (validatorFn && typeof validatorFn === 'function') {
+    debug(`return the cache validatorFn`)
     return validatorFn;
   }
   let localValidator;
@@ -99,8 +101,10 @@ const getValidator = (config, type, contract) => {
     }
   }
   if (config.useJwt) {
+    debug(`return the jwt validation chain`)
     return createJwtValidatorChain(config, localValidator)
   }
+  debug(`return a local validator`)
   return localValidator;
 }
 
@@ -138,7 +142,7 @@ export default function authMiddleware(config) {
           }
         } else {
           debug('throw at headers not found', ctx.request.headers)
-          return forbiddenHandler(ctx, {message: 'header is not found!'})
+          return forbiddenHandler(ctx, {message: 'Auth header not found!'})
         }
       } catch(e) {
         if (e instanceof JsonqlResolverNotFoundError) {
diff --git a/packages/node-client/src/base/jsonql-base-cls.js b/packages/node-client/src/base/jsonql-base-cls.js
index decf4cd73bbecee4c91bef2ea1b3e7791ae8a221..497f23233c9e6c73e4e9f4d8e5ff21a38c7355f5 100755
--- a/packages/node-client/src/base/jsonql-base-cls.js
+++ b/packages/node-client/src/base/jsonql-base-cls.js
@@ -109,7 +109,10 @@ class JsonqlClient extends JsonqlCacheClass {
    */
   __createHeaders(header = {}) {
     const authHeader = this.__getAuthHeader()
-    return merge({}, this.baseHeader, header, authHeader)
+    let _header = merge({}, this.baseHeader, header, authHeader)
+    debug('sending header', _header)
+
+    return _header;
   }
 
   /**
@@ -198,6 +201,7 @@ class JsonqlClient extends JsonqlCacheClass {
    */
   __getAuthHeader() {
     let t = this.__getAuthToken()
+    debug(`[getAuthHeader] ${t}`)
     return t ? { [AUTH_HEADER]: `${BEARER} ${t}` } : {};
   }
 
diff --git a/packages/node-client/tests/auth.test.js b/packages/node-client/tests/auth.test.js
index a2a52d5538e5fc035db1dbf71b0cd899eebab2e5..9d7ec5a9b802b82b51fb1874e877d54df171ba70 100755
--- a/packages/node-client/tests/auth.test.js
+++ b/packages/node-client/tests/auth.test.js
@@ -6,7 +6,7 @@ const debug = require('debug')('jsonql-node-client:test:auth')
 const { PUBLIC_CONTRACT_FILE_NAME } = require('jsonql-constants')
 const server = require('./fixtures/server-with-auth')
 const nodeClient = require('../index')
-const contractDir =join(__dirname,'fixtures','contract','tmp' ,'client-with-auth')
+const contractDir =join(__dirname, 'fixtures','contract','tmp' ,'client-with-auth')
 const { contractKey, loginToken, token } = require('./fixtures/options')
 
 const { JsonqlAuthorisationError } = require('jsonql-errors')
@@ -21,8 +21,11 @@ test.before(async (t) => {
     contractDir,
     contractKey
   })
+  // we need to login here otherwise its hard to test the next call in sequence
+  let { login } = client;
+  // t.is(true, typeof login === 'function', 'check if the auth method generate correctly')
+  let result = await login(loginToken)
   t.context.client = client;
-
 })
 
 test.after(t => {
@@ -30,22 +33,28 @@ test.after(t => {
   fsx.removeSync(contractDir)
 })
 
-test('Testing the login function', async (t) => {
+test.cb("Try a wrong password and cause the server to throw error", t => {
+  t.plan(1)
   let client = t.context.client;
+  client.login('wrong-password')
+    .catch(err => {
+      t.is(err.className, 'JsonqlAuthorisationError')
+      t.end()
+    })
+})
+
+test('Testing the login function', async (t) => {
+  // let client = t.context.client;
   t.is(true, fs.existsSync(join(contractDir, PUBLIC_CONTRACT_FILE_NAME)), 'verify the public contract file is generated')
-  let { login } = client;
-  t.is(true, typeof login === 'function', 'check if the auth method generate correctly')
-  let result = await login(loginToken)
   // remove the compare because the token is not the same anymore
-  t.truthy(result, 'verify the return token is what we expected')
+  // t.truthy(result, 'verify the return token is what we expected')
 })
 
-test("Try a wrong password and cause the server to throw error", async t => {
+test.only(`Test if the loggin client token is persist`, async t => {
   let client = t.context.client;
-  client.login('wrong-password')
-    .catch(err => {
-      t.true(err.className === 'JsonqlAuthorisationError')
-    })
-})
+  let { getUser } = client.query;
 
-test.todo(`Test if the loggin client token is persist`)
+  let user = await getUser(1)
+
+  t.is(user, 'Davide')
+})
diff --git a/packages/node-client/tests/fixtures/resolvers/auth/login.js b/packages/node-client/tests/fixtures/resolvers/auth/login.js
index 55e16ded7b5fd0cdaf55d237221d3e72a0d5bcd5..6a5fadd359d42db7218f3f913378a4355c609456 100755
--- a/packages/node-client/tests/fixtures/resolvers/auth/login.js
+++ b/packages/node-client/tests/fixtures/resolvers/auth/login.js
@@ -1,10 +1,13 @@
-const debug = require('debug')('jsonql-node-client:test:login');
-const { loginToken, token } = require('../../options');
+const debug = require('debug')('jsonql-node-client:test:login')
+const { loginToken, token } = require('../../options')
+
 /**
+ * The login function
  * @param {string} credential to check
  * @return {boolean|string} string on ok
  */
-module.exports = function(credential) {
-  debug(`I got ${credential}`);
+module.exports = function login(credential) {
+  debug(`I got [${credential}] compare to ${loginToken}`)
+  // @NOTE we expect the return result is an object!
   return credential === loginToken ? token : false;
 }
diff --git a/packages/node-client/tests/fixtures/resolvers/auth/validator.js b/packages/node-client/tests/fixtures/resolvers/auth/validator.js
index 45150054e057e271e899cc74991f0f4f2e5df517..2d176152c796bfe6ad33258cb1d32bf1480ee3da 100755
--- a/packages/node-client/tests/fixtures/resolvers/auth/validator.js
+++ b/packages/node-client/tests/fixtures/resolvers/auth/validator.js
@@ -1,10 +1,11 @@
-const debug = require('debug')('jsonql-node-client:test:issuer');
-const { token } = require('../../options');
+const debug = require('debug')('jsonql-node-client:test:issuer')
+const { token } = require('../../options')
 
 /**
+ * This is secondary valdiator provide by the developer
  * @param {string} userToken
- * @return {boolean} true on ok
+ * @return {object} IT MUST RETURN AN OBJECT!!!
  */
 module.exports = function validator(userToken) {
-  return token === userToken ? 1 : 0;
+  return token === userToken ? {userId: 1} : 0;
 }