diff --git a/lib/extensions/index.js b/lib/extensions/index.js
index 9e6dc36..15a671e 100644
--- a/lib/extensions/index.js
+++ b/lib/extensions/index.js
@@ -234,14 +234,20 @@ module.exports.pairPin = function (opts) {
 
 // From a WS connection
 module.exports.authHelper = function (meta) {
+  console.log('[authHelper] 1');
   var state = meta.state;
+  console.log('[authHelper] 2');
   return state.Promise.resolve().then(function () {
+    console.log('[authHelper] 3');
     var auth = meta.session;
-    if ('string' !== typeof auth.authz || 'object' !== typeof auth.authzData) {
+    console.log('[authHelper] 4', auth);
+    if (!auth || 'string' !== typeof auth.authz || 'object' !== typeof auth.authzData) {
+      console.log('[authHelper] 5');
       console.error("[SANITY FAIL] should not complete auth without authz data and access_token");
       console.error(auth);
       return;
     }
+    console.log("[authHelper] passing authzData right along", auth.authzData);
     return auth.authzData;
   });
 };
@@ -311,22 +317,21 @@ module.exports.authenticate = function (opts) {
     console.log("[wss.ext.authenticate] [Error] could not parse token");
     decoded = null;
   }
-
   console.log("[wss.ext.authenticate] incoming token decoded:");
   console.log(decoded);
 
   if (!auth) {
-    console.log("[wss.ext.authenticate] missing auth object (incoming token stale?)");
+    console.log("[wss.ext.authenticate] no session / auth handshake. Pass to default auth");
+    return state.defaults.authenticate(opts.auth);
   }
 
   // TODO technically this could leak the token through a timing attack
   // but it would require already knowing the semi-secret id and having
   // completed the pair code
-  if (auth && (auth.authn === opts.auth || auth.authz === opts.auth)) {
+  if (auth.authn === opts.auth || auth.authz === opts.auth) {
     if (!auth.authz) {
       console.log("[wss.ext.authenticate] Create authz promise and passthru");
       return getPromise(auth);
-      //return state.defaults.authenticate(opts.auth);
     }
 
     // If they used authn but now authz is available, use authz
@@ -337,7 +342,7 @@ module.exports.authenticate = function (opts) {
     auth._claimed = true;
   }
 
-  console.log("[wss.ext.authenticate] Using authz");
+  console.log("[wss.ext.authenticate] Already using authz, skipping promise");
   return module.exports.authHelper({ state: state, session: auth });
 };