diff --git a/services/backup/src/http/handlers/log.rs b/services/backup/src/http/handlers/log.rs
--- a/services/backup/src/http/handlers/log.rs
+++ b/services/backup/src/http/handlers/log.rs
@@ -8,7 +8,7 @@
   Error, HttpRequest, HttpResponse,
 };
 use actix_web_actors::ws::{self, WebsocketContext};
-use comm_lib::auth::UserIdentity;
+use comm_lib::auth::{AuthService, AuthServiceError, UserIdentity};
 use comm_lib::{
   backup::{
     DownloadLogsRequest, LogWSRequest, LogWSResponse, UploadLogRequest,
@@ -20,6 +20,7 @@
   database::{self, blob::BlobOrDBContent},
 };
 use std::future::Future;
+use std::sync::{Arc, Mutex};
 use std::time::{Duration, Instant};
 use tracing::{error, info, instrument, warn};
 
@@ -28,12 +29,14 @@
   stream: web::Payload,
   blob_client: web::Data<BlobServiceClient>,
   db_client: web::Data<DatabaseClient>,
+  auth_service: AuthService,
 ) -> Result<HttpResponse, Error> {
   ws::WsResponseBuilder::new(
     LogWSActor {
-      user: None,
+      user: Arc::new(Mutex::new(None)),
       blob_client: blob_client.as_ref().clone(),
       db_client: db_client.as_ref().clone(),
+      auth_service,
       last_msg_time: Instant::now(),
       buffer: BytesMut::new(),
     },
@@ -51,13 +54,14 @@
   Bincode(bincode::Error),
   Blob(BlobServiceError),
   DB(database::Error),
+  Auth(AuthServiceError),
 }
 
 struct LogWSActor {
-  user: Option<UserIdentity>,
+  user: Arc<Mutex<Option<UserIdentity>>>,
   blob_client: BlobServiceClient,
   db_client: DatabaseClient,
-
+  auth_service: AuthService,
   last_msg_time: Instant,
   buffer: BytesMut,
 }
@@ -74,11 +78,19 @@
     match bincode::deserialize(&bytes) {
       Ok(request) => {
         if let LogWSRequest::Authenticate(user) = request {
-          self.user.replace(user);
+          Self::spawn_response_future(
+            ctx,
+            Self::handle_auth_msg(
+              self.auth_service.clone(),
+              Arc::clone(&self.user),
+              user,
+            ),
+          );
           return;
         }
 
-        let Some(user) = &self.user else {
+        let user_guard = self.user.lock().expect("user mutex poisoned");
+        let Some(user) = user_guard.as_ref() else {
           Self::spawn_response_future(
             ctx,
             ready(Ok(vec![LogWSResponse::Unauthenticated])),
@@ -139,6 +151,24 @@
     ctx.spawn(fut);
   }
 
+  async fn handle_auth_msg(
+    auth_service: AuthService,
+    current_user: Arc<Mutex<Option<UserIdentity>>>,
+    user_to_verify: UserIdentity,
+  ) -> Result<Vec<LogWSResponse>, LogWSError> {
+    use comm_lib::auth::AuthorizationCredential;
+    let credential = AuthorizationCredential::UserToken(user_to_verify.clone());
+    let user_valid = auth_service.verify_auth_credential(&credential).await?;
+
+    if user_valid {
+      *current_user.lock().expect("mutex poisoned") = Some(user_to_verify);
+      Ok(vec![LogWSResponse::AuthSuccess])
+    } else {
+      tracing::debug!("Invalid credentials");
+      Ok(vec![LogWSResponse::Unauthenticated])
+    }
+  }
+
   async fn handle_msg(
     user_id: String,
     blob_client: BlobServiceClient,
diff --git a/services/commtest/tests/backup_integration_test.rs b/services/commtest/tests/backup_integration_test.rs
--- a/services/commtest/tests/backup_integration_test.rs
+++ b/services/commtest/tests/backup_integration_test.rs
@@ -34,10 +34,7 @@
       .upload_backup(&user_identity, backup_data.clone())
       .await?;
 
-    let (tx, rx) = backup_client.upload_logs(&user_identity).await?;
-
-    tokio::pin!(tx);
-    tokio::pin!(rx);
+    let (mut tx, rx) = backup_client.upload_logs(&user_identity).await?;
 
     for log_data in log_datas {
       tx.send(log_data.clone()).await?;
diff --git a/shared/backup_client/src/lib.rs b/shared/backup_client/src/lib.rs
--- a/shared/backup_client/src/lib.rs
+++ b/shared/backup_client/src/lib.rs
@@ -203,10 +203,7 @@
     last_downloaded_log: &'stream mut Option<usize>,
   ) -> impl Stream<Item = Result<DownloadedLog, Error>> + 'stream {
     try_stream! {
-      let (tx, rx) = self.create_log_ws_connection(user_identity).await?;
-
-      let mut tx = Box::pin(tx);
-      let mut rx = Box::pin(rx);
+      let (mut tx, mut rx) = self.create_log_ws_connection(user_identity).await?;
 
       tx.send(DownloadLogsRequest {
         backup_id: backup_id.to_string(),
@@ -291,6 +288,17 @@
       }
     });
 
+    let tx = Box::pin(tx);
+    let mut rx = Box::pin(rx);
+
+    if let Some(response) = rx.try_next().await? {
+      match response {
+        LogWSResponse::AuthSuccess => {}
+        LogWSResponse::Unauthenticated => Err(Error::Unauthenticated)?,
+        msg => Err(Error::InvalidBackupMessage(msg))?,
+      }
+    }
+
     Ok((tx, rx))
   }
 
@@ -366,6 +374,7 @@
   ServerError,
   LogMissing,
   WSClosed,
+  Unauthenticated,
 }
 impl std::error::Error for Error {}
 
diff --git a/shared/comm-lib/src/backup/mod.rs b/shared/comm-lib/src/backup/mod.rs
--- a/shared/comm-lib/src/backup/mod.rs
+++ b/shared/comm-lib/src/backup/mod.rs
@@ -46,5 +46,6 @@
     last_log_id: Option<usize>,
   },
   ServerError,
+  AuthSuccess,
   Unauthenticated,
 }