Set table name in store

Add store to options (#1600 )
Account for missing options database/table in cockroach store
2020-05-01 18:24:35 +01:00 · 2020-05-01 18:05:09 +01:00 · 2020-05-01 15:31:55 +01:00 · 2020-05-01 15:22:44 +01:00 · 2020-05-01 14:59:50 +01:00 · 2020-05-01 00:25:17 +01:00
260 changed files with 13278 additions and 9148 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,3 +1,3 @@
 # These are supported funding model platforms

-issuehunt: micro/development
+github: asim
--- a/.github/generate.sh
+++ b/.github/generate.sh
@@ -1,9 +1,15 @@
 #!/bin/bash -e

 find . -type f -name '*.pb.*.go' -o -name '*.pb.go' -a ! -name 'message.pb.go' -delete
-PROTOS=$(find . -type f -name '*.proto')
+PROTOS=$(find . -type f -name '*.proto' | grep -v proto/google/api)
+
+mkdir -p proto/google/api
+curl -s -o proto/google/api/annotations.proto -L https://raw.githubusercontent.com/googleapis/googleapis/master/google/api/annotations.proto
+curl -s -o proto/google/api/http.proto -L https://raw.githubusercontent.com/googleapis/googleapis/master/google/api/http.proto

 for PROTO in $PROTOS; do
  echo $PROTO
-  protoc -I./ -I$(dirname $PROTO) --go_out=plugins=grpc,paths=source_relative:. --micro_out=paths=source_relative:. $PROTO
+  protoc -I./proto -I. -I$(dirname $PROTO) --go_out=plugins=grpc,paths=source_relative:. --micro_out=paths=source_relative:. $PROTO
 done
+
+rm -r proto
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -4,7 +4,9 @@ on:
  push:
    branches:
    - master
-
+    tags:
+    - v2.*
+    - v3.*
 jobs:
  build:
     runs-on: ubuntu-latest
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Go Micro [![License](https://img.shields.io/:license-apache-blue.svg)](https://opensource.org/licenses/Apache-2.0) [![Go.Dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/github.com/micro/go-micro?tab=doc) [![Travis CI](https://api.travis-ci.org/micro/go-micro.svg?branch=master)](https://travis-ci.org/micro/go-micro) [![Go Report Card](https://goreportcard.com/badge/micro/go-micro)](https://goreportcard.com/report/github.com/micro/go-micro)

-Go Micro is a framework for microservice development.
+Go Micro is a framework for distributed systems development.

 ## Overview

@@ -35,8 +35,7 @@ communication. A request made to a service will be automatically resolved, load
 transport is [gRPC](https://grpc.io/).

 - **Async Messaging** - PubSub is built in as a first class citizen for asynchronous communication and event driven architectures. 
-Event notifications are a core pattern in micro service development. The default messaging system is an embedded [NATS](https://nats.io/) 
-server.
+Event notifications are a core pattern in micro service development. The default messaging system is a HTTP event message broker.

 - **Pluggable Interfaces** - Go Micro makes use of Go interfaces for each distributed system abstraction. Because of this these interfaces 
 are pluggable and allows Go Micro to be runtime agnostic. You can plugin any underlying technology. Find plugins in 
@@ -44,5 +43,15 @@ are pluggable and allows Go Micro to be runtime agnostic. You can plugin any und

 ## Getting Started

+To make use of Go Micro
+
+```golang
+import "github.com/micro/go-micro/v2"
+```
+
 See the [docs](https://micro.mu/docs/framework.html) for detailed information on the architecture, installation and use of go-micro.

+## License
+
+Go Micro is Apache 2.0 licensed.
+
--- a/agent/input/discord/discord.go
+++ b/agent/input/discord/discord.go
@@ -87,7 +87,7 @@ func (d *discordInput) Start() error {
 	}

 	var err error
-	d.session, err = discordgo.New(d.token)
+	d.session, err = discordgo.New("Bot " + d.token)
 	if err != nil {
 		return err
 	}
--- a/agent/proto/bot.pb.micro.go
+++ b/agent/proto/bot.pb.micro.go
@@ -11,6 +11,7 @@ import (

 import (
 	context "context"
+	api "github.com/micro/go-micro/v2/api"
 	client "github.com/micro/go-micro/v2/client"
 	server "github.com/micro/go-micro/v2/server"
 )
@@ -27,10 +28,17 @@ var _ = math.Inf
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package

 // Reference imports to suppress errors if they are not otherwise used.
+var _ api.Endpoint
 var _ context.Context
 var _ client.Option
 var _ server.Option

+// Api Endpoints for Command service
+
+func NewCommandEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
 // Client API for Command service

 type CommandService interface {
--- a/api/api.go
+++ b/api/api.go
@@ -10,19 +10,22 @@ import (
 )

 type Api interface {
+	// Initialise options
+	Init(...Option) error
+	// Get the options
+	Options() Options
 	// Register a http handler
 	Register(*Endpoint) error
 	// Register a route
 	Deregister(*Endpoint) error
-	// Init initialises the command line.
-	// It also parses further options.
-	//Init(...Option) error
-	// Options
-	//Options() Options
-	// String
+	// Implemenation of api
 	String() string
 }

+type Options struct{}
+
+type Option func(*Options) error
+
 // Endpoint is a mapping between an RPC method and HTTP endpoint
 type Endpoint struct {
 	// RPC Method e.g. Greeter.Hello
@@ -37,6 +40,10 @@ type Endpoint struct {
 	Method []string
 	// HTTP Path e.g /greeter. Expect POSIX regex
 	Path []string
+	// Body destination
+	// "*" or "" - top level message value
+	// "string" - inner message value
+	Body string
 	// Stream flag
 	Stream bool
 }
@@ -121,9 +128,18 @@ func Validate(e *Endpoint) error {
 	}

 	for _, p := range e.Path {
-		_, err := regexp.CompilePOSIX(p)
-		if err != nil {
-			return err
+		ps := p[0]
+		pe := p[len(p)-1]
+
+		if ps == '^' && pe == '$' {
+			_, err := regexp.CompilePOSIX(p)
+			if err != nil {
+				return err
+			}
+		} else if ps == '^' && pe != '$' {
+			return errors.New("invalid path")
+		} else if ps != '^' && pe == '$' {
+			return errors.New("invalid path")
 		}
 	}

--- a/api/api_test.go
+++ b/api/api_test.go
@@ -111,3 +111,42 @@ func TestEncoding(t *testing.T) {
 		}
 	}
 }
+
+func TestValidate(t *testing.T) {
+	epPcre := &Endpoint{
+		Name:        "Foo.Bar",
+		Description: "A test endpoint",
+		Handler:     "meta",
+		Host:        []string{"foo.com"},
+		Method:      []string{"GET"},
+		Path:        []string{"^/test/?$"},
+	}
+	if err := Validate(epPcre); err != nil {
+		t.Fatal(err)
+	}
+
+	epGpath := &Endpoint{
+		Name:        "Foo.Bar",
+		Description: "A test endpoint",
+		Handler:     "meta",
+		Host:        []string{"foo.com"},
+		Method:      []string{"GET"},
+		Path:        []string{"/test/{id}"},
+	}
+	if err := Validate(epGpath); err != nil {
+		t.Fatal(err)
+	}
+
+	epPcreInvalid := &Endpoint{
+		Name:        "Foo.Bar",
+		Description: "A test endpoint",
+		Handler:     "meta",
+		Host:        []string{"foo.com"},
+		Method:      []string{"GET"},
+		Path:        []string{"/test/?$"},
+	}
+	if err := Validate(epPcreInvalid); err == nil {
+		t.Fatalf("invalid pcre %v", epPcreInvalid.Path[0])
+	}
+
+}
--- a/api/grpc_test.go
+++ b/api/grpc_test.go
@@ -1,132 +0,0 @@
-package api_test
-
-import (
-	"context"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/micro/go-micro/v2"
-	"github.com/micro/go-micro/v2/api"
-	ahandler "github.com/micro/go-micro/v2/api/handler"
-	apirpc "github.com/micro/go-micro/v2/api/handler/rpc"
-	"github.com/micro/go-micro/v2/api/router"
-	rstatic "github.com/micro/go-micro/v2/api/router/static"
-	bmemory "github.com/micro/go-micro/v2/broker/memory"
-	"github.com/micro/go-micro/v2/client"
-	gcli "github.com/micro/go-micro/v2/client/grpc"
-	rmemory "github.com/micro/go-micro/v2/registry/memory"
-	"github.com/micro/go-micro/v2/server"
-	gsrv "github.com/micro/go-micro/v2/server/grpc"
-	tgrpc "github.com/micro/go-micro/v2/transport/grpc"
-
-	pb "github.com/micro/go-micro/v2/server/grpc/proto"
-)
-
-// server is used to implement helloworld.GreeterServer.
-type testServer struct {
-	msgCount int
-}
-
-// TestHello implements helloworld.GreeterServer
-func (s *testServer) Call(ctx context.Context, req *pb.Request, rsp *pb.Response) error {
-	rsp.Msg = "Hello " + req.Name
-	return nil
-}
-
-func TestApiAndGRPC(t *testing.T) {
-	r := rmemory.NewRegistry()
-	b := bmemory.NewBroker()
-	tr := tgrpc.NewTransport()
-	s := gsrv.NewServer(
-		server.Broker(b),
-		server.Name("foo"),
-		server.Registry(r),
-		server.Transport(tr),
-	)
-	c := gcli.NewClient(
-		client.Registry(r),
-		client.Broker(b),
-		client.Transport(tr),
-	)
-	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
-	defer cancel()
-
-	svc := micro.NewService(
-		micro.Server(s),
-		micro.Client(c),
-		micro.Broker(b),
-		micro.Registry(r),
-		micro.Transport(tr),
-		micro.Context(ctx))
-	h := &testServer{}
-	pb.RegisterTestHandler(s, h)
-
-	go func() {
-		if err := svc.Run(); err != nil {
-			t.Fatalf("failed to start: %v", err)
-		}
-	}()
-	time.Sleep(1 * time.Second)
-	// check registration
-	services, err := r.GetService("foo")
-	if err != nil || len(services) == 0 {
-		t.Fatalf("failed to get service: %v # %d", err, len(services))
-	}
-
-	router := rstatic.NewRouter(
-		router.WithHandler(apirpc.Handler),
-		router.WithRegistry(svc.Server().Options().Registry),
-	)
-	err = router.Register(&api.Endpoint{
-		Name:    "foo.Test.Call",
-		Method:  []string{"GET"},
-		Path:    []string{"/api/v0/test/call/{name}"},
-		Handler: "rpc",
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	hrpc := apirpc.NewHandler(
-		ahandler.WithService(svc),
-		ahandler.WithRouter(router),
-	)
-
-	hsrv := &http.Server{
-		Handler:        hrpc,
-		Addr:           "127.0.0.1:6543",
-		WriteTimeout:   15 * time.Second,
-		ReadTimeout:    15 * time.Second,
-		IdleTimeout:    20 * time.Second,
-		MaxHeaderBytes: 1024 * 1024 * 1, // 1Mb
-	}
-
-	go func() {
-		log.Println(hsrv.ListenAndServe())
-	}()
-
-	time.Sleep(1 * time.Second)
-	rsp, err := http.Get(fmt.Sprintf("http://%s/api/v0/test/call/TEST", hsrv.Addr))
-	if err != nil {
-		t.Fatalf("Failed to created http.Request: %v", err)
-	}
-	defer rsp.Body.Close()
-	buf, err := ioutil.ReadAll(rsp.Body)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	jsonMsg := `{"msg":"Hello TEST"}`
-	if string(buf) != jsonMsg {
-		t.Fatalf("invalid message received, parsing error %s != %s", buf, jsonMsg)
-	}
-	select {
-	case <-ctx.Done():
-		return
-	}
-
-}
--- a/api/handler/api/api.go
+++ b/api/handler/api/api.go
@@ -65,7 +65,7 @@ func (a *apiHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}

 	// create request and response
-	c := a.opts.Service.Client()
+	c := a.opts.Client
 	req := c.NewRequest(service.Name, service.Endpoint.Name, request)
 	rsp := &api.Response{}

--- a/api/handler/broker/broker.go
+++ b/api/handler/broker/broker.go
@@ -1,292 +0,0 @@
-// Package broker provides a go-micro/broker handler
-package broker
-
-import (
-	"encoding/json"
-	"net/http"
-	"net/url"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"time"
-
-	"github.com/gorilla/websocket"
-	"github.com/micro/go-micro/v2/api/handler"
-	"github.com/micro/go-micro/v2/broker"
-	"github.com/micro/go-micro/v2/logger"
-	"github.com/oxtoacart/bpool"
-)
-
-var (
-	bufferPool = bpool.NewSizedBufferPool(1024, 8)
-)
-
-const (
-	Handler = "broker"
-
-	pingTime      = (readDeadline * 9) / 10
-	readLimit     = 16384
-	readDeadline  = 60 * time.Second
-	writeDeadline = 10 * time.Second
-)
-
-type brokerHandler struct {
-	once atomic.Value
-	opts handler.Options
-	u    websocket.Upgrader
-}
-
-type conn struct {
-	b     broker.Broker
-	cType string
-	topic string
-	queue string
-	exit  chan bool
-
-	sync.Mutex
-	ws *websocket.Conn
-}
-
-var (
-	contentType = "text/plain"
-)
-
-func checkOrigin(r *http.Request) bool {
-	origin := r.Header["Origin"]
-	if len(origin) == 0 {
-		return true
-	}
-	u, err := url.Parse(origin[0])
-	if err != nil {
-		return false
-	}
-	return u.Host == r.Host
-}
-
-func (c *conn) close() {
-	select {
-	case <-c.exit:
-		return
-	default:
-		close(c.exit)
-	}
-}
-
-func (c *conn) readLoop() {
-	defer func() {
-		c.close()
-		c.ws.Close()
-	}()
-
-	// set read limit/deadline
-	c.ws.SetReadLimit(readLimit)
-	c.ws.SetReadDeadline(time.Now().Add(readDeadline))
-
-	// set close handler
-	ch := c.ws.CloseHandler()
-	c.ws.SetCloseHandler(func(code int, text string) error {
-		err := ch(code, text)
-		c.close()
-		return err
-	})
-
-	// set pong handler
-	c.ws.SetPongHandler(func(string) error {
-		c.ws.SetReadDeadline(time.Now().Add(readDeadline))
-		return nil
-	})
-
-	for {
-		_, message, err := c.ws.ReadMessage()
-		if err != nil {
-			return
-		}
-		c.b.Publish(c.topic, &broker.Message{
-			Header: map[string]string{"Content-Type": c.cType},
-			Body:   message,
-		})
-	}
-}
-
-func (c *conn) write(mType int, data []byte) error {
-	c.Lock()
-	c.ws.SetWriteDeadline(time.Now().Add(writeDeadline))
-	err := c.ws.WriteMessage(mType, data)
-	c.Unlock()
-	return err
-}
-
-func (c *conn) writeLoop() {
-	ticker := time.NewTicker(pingTime)
-
-	var opts []broker.SubscribeOption
-
-	if len(c.queue) > 0 {
-		opts = append(opts, broker.Queue(c.queue))
-	}
-
-	subscriber, err := c.b.Subscribe(c.topic, func(p broker.Event) error {
-		b, err := json.Marshal(p.Message())
-		if err != nil {
-			return nil
-		}
-		return c.write(websocket.TextMessage, b)
-	}, opts...)
-
-	defer func() {
-		subscriber.Unsubscribe()
-		ticker.Stop()
-		c.ws.Close()
-	}()
-
-	if err != nil {
-		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
-			logger.Error(err.Error())
-		}
-		return
-	}
-
-	for {
-		select {
-		case <-ticker.C:
-			if err := c.write(websocket.PingMessage, []byte{}); err != nil {
-				return
-			}
-		case <-c.exit:
-			return
-		}
-	}
-}
-
-func (b *brokerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	bsize := handler.DefaultMaxRecvSize
-	if b.opts.MaxRecvSize > 0 {
-		bsize = b.opts.MaxRecvSize
-	}
-
-	r.Body = http.MaxBytesReader(w, r.Body, bsize)
-
-	br := b.opts.Service.Client().Options().Broker
-
-	// Setup the broker
-	if !b.once.Load().(bool) {
-		if err := br.Init(); err != nil {
-			http.Error(w, err.Error(), 500)
-		}
-		if err := br.Connect(); err != nil {
-			http.Error(w, err.Error(), 500)
-		}
-		b.once.Store(true)
-	}
-
-	// Parse
-	r.ParseForm()
-	topic := r.Form.Get("topic")
-
-	// Can't do anything without a topic
-	if len(topic) == 0 {
-		http.Error(w, "Topic not specified", 400)
-		return
-	}
-
-	// Post assumed to be Publish
-	if r.Method == "POST" {
-		// Create a broker message
-		msg := &broker.Message{
-			Header: make(map[string]string),
-		}
-
-		// Set header
-		for k, v := range r.Header {
-			msg.Header[k] = strings.Join(v, ", ")
-		}
-
-		// Read body
-		buf := bufferPool.Get()
-		defer bufferPool.Put(buf)
-		if _, err := buf.ReadFrom(r.Body); err != nil {
-			http.Error(w, err.Error(), 500)
-			return
-		}
-		// Set body
-		msg.Body = buf.Bytes()
-		// Set body
-
-		// Publish
-		br.Publish(topic, msg)
-		return
-	}
-
-	// now back to our regularly scheduled programming
-
-	if r.Method != "GET" {
-		http.Error(w, "Method not allowed", 405)
-		return
-	}
-
-	queue := r.Form.Get("queue")
-
-	ws, err := b.u.Upgrade(w, r, nil)
-	if err != nil {
-		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
-			logger.Error(err.Error())
-		}
-		return
-	}
-
-	cType := r.Header.Get("Content-Type")
-	if len(cType) == 0 {
-		cType = contentType
-	}
-
-	c := &conn{
-		b:     br,
-		cType: cType,
-		topic: topic,
-		queue: queue,
-		exit:  make(chan bool),
-		ws:    ws,
-	}
-
-	go c.writeLoop()
-	c.readLoop()
-}
-
-func (b *brokerHandler) String() string {
-	return "broker"
-}
-
-func NewHandler(opts ...handler.Option) handler.Handler {
-	h := &brokerHandler{
-		u: websocket.Upgrader{
-			CheckOrigin: func(r *http.Request) bool {
-				return true
-			},
-			ReadBufferSize:  1024,
-			WriteBufferSize: 1024,
-		},
-		opts: handler.NewOptions(opts...),
-	}
-	h.once.Store(true)
-	return h
-}
-
-func WithCors(cors map[string]bool, opts ...handler.Option) handler.Handler {
-	return &brokerHandler{
-		u: websocket.Upgrader{
-			CheckOrigin: func(r *http.Request) bool {
-				if origin := r.Header.Get("Origin"); cors[origin] {
-					return true
-				} else if len(origin) > 0 && cors["*"] {
-					return true
-				} else if checkOrigin(r) {
-					return true
-				}
-				return false
-			},
-			ReadBufferSize:  1024,
-			WriteBufferSize: 1024,
-		},
-		opts: handler.NewOptions(opts...),
-	}
-}
--- a/api/handler/cloudevents/cloudevents.go
+++ b/api/handler/cloudevents/cloudevents.go
@@ -1,101 +0,0 @@
-// Package cloudevents provides a cloudevents handler publishing the event using the go-micro/client
-package cloudevents
-
-import (
-	"net/http"
-	"path"
-	"regexp"
-	"strings"
-
-	"github.com/micro/go-micro/v2/api/handler"
-	"github.com/micro/go-micro/v2/util/ctx"
-)
-
-type event struct {
-	opts handler.Options
-}
-
-var (
-	Handler   = "cloudevents"
-	versionRe = regexp.MustCompilePOSIX("^v[0-9]+$")
-)
-
-func eventName(parts []string) string {
-	return strings.Join(parts, ".")
-}
-
-func evRoute(ns, p string) (string, string) {
-	p = path.Clean(p)
-	p = strings.TrimPrefix(p, "/")
-
-	if len(p) == 0 {
-		return ns, "event"
-	}
-
-	parts := strings.Split(p, "/")
-
-	// no path
-	if len(parts) == 0 {
-		// topic: namespace
-		// action: event
-		return strings.Trim(ns, "."), "event"
-	}
-
-	// Treat /v[0-9]+ as versioning
-	// /v1/foo/bar => topic: v1.foo action: bar
-	if len(parts) >= 2 && versionRe.Match([]byte(parts[0])) {
-		topic := ns + "." + strings.Join(parts[:2], ".")
-		action := eventName(parts[1:])
-		return topic, action
-	}
-
-	// /foo => topic: ns.foo action: foo
-	// /foo/bar => topic: ns.foo action: bar
-	topic := ns + "." + strings.Join(parts[:1], ".")
-	action := eventName(parts[1:])
-
-	return topic, action
-}
-
-func (e *event) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	bsize := handler.DefaultMaxRecvSize
-	if e.opts.MaxRecvSize > 0 {
-		bsize = e.opts.MaxRecvSize
-	}
-
-	r.Body = http.MaxBytesReader(w, r.Body, bsize)
-
-	// request to topic:event
-	// create event
-	// publish to topic
-	topic, _ := evRoute(e.opts.Namespace, r.URL.Path)
-
-	// create event
-	ev, err := FromRequest(r)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	// get client
-	c := e.opts.Service.Client()
-
-	// create publication
-	p := c.NewMessage(topic, ev)
-
-	// publish event
-	if err := c.Publish(ctx.FromRequest(r), p); err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-}
-
-func (e *event) String() string {
-	return "cloudevents"
-}
-
-func NewHandler(opts ...handler.Option) handler.Handler {
-	return &event{
-		opts: handler.NewOptions(opts...),
-	}
-}
--- a/api/handler/cloudevents/event.go
+++ b/api/handler/cloudevents/event.go
@@ -1,288 +0,0 @@
-/*
- * From: https://github.com/serverless/event-gateway/blob/master/event/event.go
- * Modified: Strip to handler requirements
- *
- * Copyright 2017 Serverless, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package cloudevents
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"mime"
-	"net/http"
-	"strings"
-	"time"
-	"unicode"
-
-	"github.com/google/uuid"
-	"github.com/oxtoacart/bpool"
-	validator "gopkg.in/go-playground/validator.v9"
-)
-
-var (
-	bufferPool = bpool.NewSizedBufferPool(1024, 8)
-)
-
-const (
-	// TransformationVersion is indicative of the revision of how Event Gateway transforms a request into CloudEvents format.
-	TransformationVersion = "0.1"
-
-	// CloudEventsVersion currently supported by Event Gateway
-	CloudEventsVersion = "0.1"
-)
-
-// Event is a default event structure. All data that passes through the Event Gateway
-// is formatted to a format defined CloudEvents v0.1 spec.
-type Event struct {
-	EventType          string                 `json:"eventType" validate:"required"`
-	EventTypeVersion   string                 `json:"eventTypeVersion,omitempty"`
-	CloudEventsVersion string                 `json:"cloudEventsVersion" validate:"required"`
-	Source             string                 `json:"source" validate:"uri,required"`
-	EventID            string                 `json:"eventID" validate:"required"`
-	EventTime          *time.Time             `json:"eventTime,omitempty"`
-	SchemaURL          string                 `json:"schemaURL,omitempty"`
-	Extensions         map[string]interface{} `json:"extensions,omitempty"`
-	ContentType        string                 `json:"contentType,omitempty"`
-	Data               interface{}            `json:"data"`
-}
-
-// New return new instance of Event.
-func New(eventType string, mimeType string, payload interface{}) *Event {
-	now := time.Now()
-
-	event := &Event{
-		EventType:          eventType,
-		CloudEventsVersion: CloudEventsVersion,
-		Source:             "https://micro.mu",
-		EventID:            uuid.New().String(),
-		EventTime:          &now,
-		ContentType:        mimeType,
-		Data:               payload,
-		Extensions: map[string]interface{}{
-			"eventgateway": map[string]interface{}{
-				"transformed":            "true",
-				"transformation-version": TransformationVersion,
-			},
-		},
-	}
-
-	event.Data = normalizePayload(event.Data, event.ContentType)
-	return event
-}
-
-// FromRequest takes an HTTP request and returns an Event along with path. Most of the implementation
-// is based on https://github.com/cloudevents/spec/blob/master/http-transport-binding.md.
-// This function also supports legacy mode where event type is sent in Event header.
-func FromRequest(r *http.Request) (*Event, error) {
-	contentType := r.Header.Get("Content-Type")
-	mimeType, _, err := mime.ParseMediaType(contentType)
-	if err != nil {
-		if err.Error() != "mime: no media type" {
-			return nil, err
-		}
-		mimeType = "application/octet-stream"
-	}
-	// Read request body
-	body := []byte{}
-	if r.Body != nil {
-		buf := bufferPool.Get()
-		defer bufferPool.Put(buf)
-		if _, err := buf.ReadFrom(r.Body); err != nil {
-			return nil, err
-		}
-		body = buf.Bytes()
-	}
-
-	var event *Event
-	if mimeType == mimeCloudEventsJSON { // CloudEvents Structured Content Mode
-		return parseAsCloudEvent(mimeType, body)
-	} else if isCloudEventsBinaryContentMode(r.Header) { // CloudEvents Binary Content Mode
-		return parseAsCloudEventBinary(r.Header, body)
-	} else if isLegacyMode(r.Header) {
-		if mimeType == mimeJSON { // CloudEvent in Legacy Mode
-			event, err = parseAsCloudEvent(mimeType, body)
-			if err != nil {
-				return New(string(r.Header.Get("event")), mimeType, body), nil
-			}
-			return event, err
-		}
-
-		return New(string(r.Header.Get("event")), mimeType, body), nil
-	}
-
-	return New("http.request", mimeJSON, newHTTPRequestData(r, body)), nil
-}
-
-// Validate Event struct
-func (e *Event) Validate() error {
-	validate := validator.New()
-	err := validate.Struct(e)
-	if err != nil {
-		return fmt.Errorf("CloudEvent not valid: %v", err)
-	}
-	return nil
-}
-
-func isLegacyMode(headers http.Header) bool {
-	if headers.Get("Event") != "" {
-		return true
-	}
-
-	return false
-}
-
-func isCloudEventsBinaryContentMode(headers http.Header) bool {
-	if headers.Get("CE-EventType") != "" &&
-		headers.Get("CE-CloudEventsVersion") != "" &&
-		headers.Get("CE-Source") != "" &&
-		headers.Get("CE-EventID") != "" {
-		return true
-	}
-
-	return false
-}
-
-func parseAsCloudEventBinary(headers http.Header, payload interface{}) (*Event, error) {
-	event := &Event{
-		EventType:          headers.Get("CE-EventType"),
-		EventTypeVersion:   headers.Get("CE-EventTypeVersion"),
-		CloudEventsVersion: headers.Get("CE-CloudEventsVersion"),
-		Source:             headers.Get("CE-Source"),
-		EventID:            headers.Get("CE-EventID"),
-		ContentType:        headers.Get("Content-Type"),
-		Data:               payload,
-	}
-
-	err := event.Validate()
-	if err != nil {
-		return nil, err
-	}
-
-	if headers.Get("CE-EventTime") != "" {
-		val, err := time.Parse(time.RFC3339, headers.Get("CE-EventTime"))
-		if err != nil {
-			return nil, err
-		}
-		event.EventTime = &val
-	}
-
-	if val := headers.Get("CE-SchemaURL"); len(val) > 0 {
-		event.SchemaURL = val
-	}
-
-	event.Extensions = map[string]interface{}{}
-	for key, val := range flatten(headers) {
-		if strings.HasPrefix(key, "Ce-X-") {
-			key = strings.TrimLeft(key, "Ce-X-")
-			// Make first character lowercase
-			runes := []rune(key)
-			runes[0] = unicode.ToLower(runes[0])
-			event.Extensions[string(runes)] = val
-		}
-	}
-
-	event.Data = normalizePayload(event.Data, event.ContentType)
-	return event, nil
-}
-
-func flatten(h http.Header) map[string]string {
-	headers := map[string]string{}
-	for key, header := range h {
-		headers[key] = header[0]
-		if len(header) > 1 {
-			headers[key] = strings.Join(header, ", ")
-		}
-	}
-	return headers
-}
-
-func parseAsCloudEvent(mime string, payload interface{}) (*Event, error) {
-	body, ok := payload.([]byte)
-	if ok {
-		event := &Event{}
-		err := json.Unmarshal(body, event)
-		if err != nil {
-			return nil, err
-		}
-
-		err = event.Validate()
-		if err != nil {
-			return nil, err
-		}
-
-		event.Data = normalizePayload(event.Data, event.ContentType)
-		return event, nil
-	}
-
-	return nil, errors.New("couldn't cast to []byte")
-}
-
-const (
-	mimeJSON            = "application/json"
-	mimeFormMultipart   = "multipart/form-data"
-	mimeFormURLEncoded  = "application/x-www-form-urlencoded"
-	mimeCloudEventsJSON = "application/cloudevents+json"
-)
-
-// normalizePayload takes anything, checks if it's []byte array and depending on provided mime
-// type converts it to either string or map[string]interface to avoid having base64 string after
-// JSON marshaling.
-func normalizePayload(payload interface{}, mime string) interface{} {
-	if bytePayload, ok := payload.([]byte); ok && len(bytePayload) > 0 {
-		switch {
-		case mime == mimeJSON || strings.HasSuffix(mime, "+json"):
-			var result map[string]interface{}
-			err := json.Unmarshal(bytePayload, &result)
-			if err != nil {
-				return payload
-			}
-			return result
-		case strings.HasPrefix(mime, mimeFormMultipart), mime == mimeFormURLEncoded:
-			return string(bytePayload)
-		}
-	}
-
-	return payload
-}
-
-// HTTPRequestData is a event schema used for sending events to HTTP subscriptions.
-type HTTPRequestData struct {
-	Headers map[string]string   `json:"headers"`
-	Query   map[string][]string `json:"query"`
-	Body    interface{}         `json:"body"`
-	Host    string              `json:"host"`
-	Path    string              `json:"path"`
-	Method  string              `json:"method"`
-	Params  map[string]string   `json:"params"`
-}
-
-// NewHTTPRequestData returns a new instance of HTTPRequestData
-func newHTTPRequestData(r *http.Request, eventData interface{}) *HTTPRequestData {
-	req := &HTTPRequestData{
-		Headers: flatten(r.Header),
-		Query:   r.URL.Query(),
-		Body:    eventData,
-		Host:    r.Host,
-		Path:    r.URL.Path,
-		Method:  r.Method,
-	}
-
-	req.Body = normalizePayload(req.Body, r.Header.Get("content-type"))
-	return req
-}
--- a/api/handler/event/event.go
+++ b/api/handler/event/event.go
@@ -118,7 +118,7 @@ func (e *event) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}

 	// get client
-	c := e.opts.Service.Client()
+	c := e.opts.Client

 	// create publication
 	p := c.NewMessage(topic, ev)
--- a/api/handler/file/file.go
+++ b/api/handler/file/file.go
@@ -1,16 +0,0 @@
-// Package file serves file relative to the current directory
-package file
-
-import (
-	"net/http"
-)
-
-type Handler struct{}
-
-func (h *Handler) Serve(w http.ResponseWriter, r *http.Request) {
-	http.ServeFile(w, r, "."+r.URL.Path)
-}
-
-func (h *Handler) String() string {
-	return "file"
-}
--- a/api/handler/http/http_test.go
+++ b/api/handler/http/http_test.go
@@ -7,6 +7,8 @@ import (
 	"testing"

 	"github.com/micro/go-micro/v2/api/handler"
+	"github.com/micro/go-micro/v2/api/resolver"
+	"github.com/micro/go-micro/v2/api/resolver/vpath"
 	"github.com/micro/go-micro/v2/api/router"
 	regRouter "github.com/micro/go-micro/v2/api/router/registry"
 	"github.com/micro/go-micro/v2/registry"
@@ -54,8 +56,10 @@ func testHttp(t *testing.T, path, service, ns string) {
 	// initialise the handler
 	rt := regRouter.NewRouter(
 		router.WithHandler("http"),
-		router.WithNamespace(ns),
 		router.WithRegistry(r),
+		router.WithResolver(vpath.NewResolver(
+			resolver.WithNamespace(resolver.StaticNamespace(ns)),
+		)),
 	)

 	p := NewHandler(handler.WithRouter(rt))
@@ -116,6 +120,8 @@ func TestHttpHandler(t *testing.T) {
 	}

 	for _, d := range testData {
-		testHttp(t, d.path, d.service, d.namespace)
+		t.Run(d.service, func(t *testing.T) {
+			testHttp(t, d.path, d.service, d.namespace)
+		})
 	}
 }
--- a/api/handler/options.go
+++ b/api/handler/options.go
@@ -1,8 +1,9 @@
 package handler

 import (
-	"github.com/micro/go-micro/v2"
 	"github.com/micro/go-micro/v2/api/router"
+	"github.com/micro/go-micro/v2/client"
+	"github.com/micro/go-micro/v2/client/grpc"
 )

 var (
@@ -13,7 +14,7 @@ type Options struct {
 	MaxRecvSize int64
 	Namespace   string
 	Router      router.Router
-	Service     micro.Service
+	Client      client.Client
 }

 type Option func(o *Options)
@@ -25,9 +26,8 @@ func NewOptions(opts ...Option) Options {
 		o(&options)
 	}

-	// create service if its blank
-	if options.Service == nil {
-		WithService(micro.NewService())(&options)
+	if options.Client == nil {
+		WithClient(grpc.NewClient())(&options)
 	}

 	// set namespace if blank
@@ -56,10 +56,9 @@ func WithRouter(r router.Router) Option {
 	}
 }

-// WithService specifies a micro.Service
-func WithService(s micro.Service) Option {
+func WithClient(c client.Client) Option {
 	return func(o *Options) {
-		o.Service = s
+		o.Client = c
 	}
 }

--- a/api/handler/registry/registry.go
+++ b/api/handler/registry/registry.go
@@ -1,224 +0,0 @@
-// Package registry is a go-micro/registry handler
-package registry
-
-import (
-	"encoding/json"
-	"net/http"
-	"strconv"
-	"time"
-
-	"github.com/gorilla/websocket"
-	"github.com/micro/go-micro/v2/api/handler"
-	"github.com/micro/go-micro/v2/registry"
-	"github.com/oxtoacart/bpool"
-)
-
-var (
-	bufferPool = bpool.NewSizedBufferPool(1024, 8)
-)
-
-const (
-	Handler = "registry"
-
-	pingTime      = (readDeadline * 9) / 10
-	readLimit     = 16384
-	readDeadline  = 60 * time.Second
-	writeDeadline = 10 * time.Second
-)
-
-type registryHandler struct {
-	opts handler.Options
-	reg  registry.Registry
-}
-
-func (rh *registryHandler) add(w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
-	defer r.Body.Close()
-
-	// Read body
-	buf := bufferPool.Get()
-	defer bufferPool.Put(buf)
-	if _, err := buf.ReadFrom(r.Body); err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	var opts []registry.RegisterOption
-
-	// parse ttl
-	if ttl := r.Form.Get("ttl"); len(ttl) > 0 {
-		d, err := time.ParseDuration(ttl)
-		if err == nil {
-			opts = append(opts, registry.RegisterTTL(d))
-		}
-	}
-
-	var service *registry.Service
-	if err := json.NewDecoder(buf).Decode(&service); err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	if err := rh.reg.Register(service, opts...); err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-}
-
-func (rh *registryHandler) del(w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
-	defer r.Body.Close()
-
-	// Read body
-	buf := bufferPool.Get()
-	defer bufferPool.Put(buf)
-	if _, err := buf.ReadFrom(r.Body); err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	var service *registry.Service
-	if err := json.NewDecoder(buf).Decode(&service); err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	if err := rh.reg.Deregister(service); err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-}
-
-func (rh *registryHandler) get(w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
-	service := r.Form.Get("service")
-
-	var s []*registry.Service
-	var err error
-
-	if len(service) == 0 {
-		//
-		upgrade := r.Header.Get("Upgrade")
-		connect := r.Header.Get("Connection")
-
-		// watch if websockets
-		if upgrade == "websocket" && connect == "Upgrade" {
-			rw, err := rh.reg.Watch()
-			if err != nil {
-				http.Error(w, err.Error(), 500)
-				return
-			}
-			watch(rw, w, r)
-			return
-		}
-
-		// otherwise list services
-		s, err = rh.reg.ListServices()
-	} else {
-		s, err = rh.reg.GetService(service)
-	}
-
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	if s == nil || (len(service) > 0 && (len(s) == 0 || len(s[0].Name) == 0)) {
-		http.Error(w, "Service not found", 404)
-		return
-	}
-
-	b, err := json.Marshal(s)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	w.Header().Set("Content-Type", "application/json")
-	w.Header().Set("Content-Length", strconv.Itoa(len(b)))
-	w.Write(b)
-}
-
-func ping(ws *websocket.Conn, exit chan bool) {
-	ticker := time.NewTicker(pingTime)
-
-	for {
-		select {
-		case <-ticker.C:
-			ws.SetWriteDeadline(time.Now().Add(writeDeadline))
-			err := ws.WriteMessage(websocket.PingMessage, []byte{})
-			if err != nil {
-				return
-			}
-		case <-exit:
-			return
-		}
-	}
-}
-
-func watch(rw registry.Watcher, w http.ResponseWriter, r *http.Request) {
-	upgrader := websocket.Upgrader{
-		ReadBufferSize:  1024,
-		WriteBufferSize: 1024,
-	}
-
-	ws, err := upgrader.Upgrade(w, r, nil)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	// we need an exit chan
-	exit := make(chan bool)
-
-	defer func() {
-		close(exit)
-	}()
-
-	// ping the socket
-	go ping(ws, exit)
-
-	for {
-		// get next result
-		r, err := rw.Next()
-		if err != nil {
-			http.Error(w, err.Error(), 500)
-			return
-		}
-
-		// write to client
-		ws.SetWriteDeadline(time.Now().Add(writeDeadline))
-		if err := ws.WriteJSON(r); err != nil {
-			return
-		}
-	}
-}
-
-func (rh *registryHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	bsize := handler.DefaultMaxRecvSize
-	if rh.opts.MaxRecvSize > 0 {
-		bsize = rh.opts.MaxRecvSize
-	}
-
-	r.Body = http.MaxBytesReader(w, r.Body, bsize)
-
-	switch r.Method {
-	case "GET":
-		rh.get(w, r)
-	case "POST":
-		rh.add(w, r)
-	case "DELETE":
-		rh.del(w, r)
-	}
-}
-
-func (rh *registryHandler) String() string {
-	return "registry"
-}
-
-func NewHandler(opts ...handler.Option) handler.Handler {
-	options := handler.NewOptions(opts...)
-
-	return &registryHandler{
-		opts: options,
-		reg:  options.Service.Client().Options().Registry,
-	}
-}
--- a/api/handler/rpc/rpc.go
+++ b/api/handler/rpc/rpc.go
@@ -5,11 +5,11 @@ import (
 	"encoding/json"
 	"io"
 	"net/http"
+	"net/textproto"
 	"strconv"
 	"strings"

 	jsonpatch "github.com/evanphx/json-patch/v5"
-	"github.com/joncalhoun/qson"
 	"github.com/micro/go-micro/v2/api"
 	"github.com/micro/go-micro/v2/api/handler"
 	"github.com/micro/go-micro/v2/api/internal/proto"
@@ -23,6 +23,7 @@ import (
 	"github.com/micro/go-micro/v2/metadata"
 	"github.com/micro/go-micro/v2/registry"
 	"github.com/micro/go-micro/v2/util/ctx"
+	"github.com/micro/go-micro/v2/util/qson"
 	"github.com/oxtoacart/bpool"
 )

@@ -100,12 +101,6 @@ func (h *rpcHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	// only allow post when we have the router
-	if r.Method != "GET" && (h.opts.Router != nil && r.Method != "POST") {
-		writeError(w, r, errors.MethodNotAllowed("go.micro.api", "method not allowed"))
-		return
-	}
-
 	ct := r.Header.Get("Content-Type")

 	// Strip charset from Content-Type (like `application/json; charset=UTF-8`)
@@ -114,13 +109,34 @@ func (h *rpcHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}

 	// micro client
-	c := h.opts.Service.Client()
+	c := h.opts.Client

 	// create context
 	cx := ctx.FromRequest(r)
+	// get context from http handler wrappers
+	md, ok := metadata.FromContext(r.Context())
+	if !ok {
+		md = make(metadata.Metadata)
+	}
+	// fill contex with http headers
+	md["Host"] = r.Host
+	md["Method"] = r.Method
+	// get canonical headers
+	for k, _ := range r.Header {
+		// may be need to get all values for key like r.Header.Values() provide in go 1.14
+		md[textproto.CanonicalMIMEHeaderKey(k)] = r.Header.Get(k)
+	}

+	// merge context with overwrite
+	cx = metadata.MergeContext(cx, md, true)
+
+	// set merged context to request
+	*r = *r.Clone(cx)
 	// if stream we currently only support json
 	if isStream(r, service) {
+		// drop older context as it can have timeouts and create new
+		//		md, _ := metadata.FromContext(cx)
+		//serveWebsocket(context.TODO(), w, r, service, c)
 		serveWebsocket(cx, w, r, service, c)
 		return
 	}
@@ -192,7 +208,6 @@ func (h *rpcHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			&request,
 			client.WithContentType(ct),
 		)
-
 		// make the call
 		if err := c.Call(cx, req, &response, client.WithSelectOption(so)); err != nil {
 			writeError(w, r, err)
@@ -280,30 +295,52 @@ func requestPayload(r *http.Request) ([]byte, error) {
 	// otherwise as per usual
 	ctx := r.Context()
 	// dont user meadata.FromContext as it mangles names
-	md, ok := ctx.Value(metadata.MetadataKey{}).(metadata.Metadata)
+	md, ok := metadata.FromContext(ctx)
 	if !ok {
 		md = make(map[string]string)
 	}
+
 	// allocate maximum
-	matches := make(map[string]string, len(md))
+	matches := make(map[string]interface{}, len(md))
+	bodydst := ""
+
+	// get fields from url path
 	for k, v := range md {
+		k = strings.ToLower(k)
+		// filter own keys
 		if strings.HasPrefix(k, "x-api-field-") {
 			matches[strings.TrimPrefix(k, "x-api-field-")] = v
+			delete(md, k)
+		} else if k == "x-api-body" {
+			bodydst = v
+			delete(md, k)
+		}
+	}
+
+	// map of all fields
+	req := make(map[string]interface{}, len(md))
+
+	// get fields from url values
+	if len(r.URL.RawQuery) > 0 {
+		umd := make(map[string]interface{})
+		err = qson.Unmarshal(&umd, r.URL.RawQuery)
+		if err != nil {
+			return nil, err
+		}
+		for k, v := range umd {
+			matches[k] = v
 		}
-		delete(md, k)
 	}

 	// restore context without fields
-	ctx = metadata.NewContext(ctx, md)
-	*r = *r.WithContext(ctx)
-	req := make(map[string]interface{}, len(md))
+	*r = *r.Clone(metadata.NewContext(ctx, md))
+
 	for k, v := range matches {
 		ps := strings.Split(k, ".")
 		if len(ps) == 1 {
 			req[k] = v
 			continue
 		}
-
 		em := make(map[string]interface{})
 		em[ps[len(ps)-1]] = v
 		for i := len(ps) - 2; i > 0; i-- {
@@ -311,7 +348,16 @@ func requestPayload(r *http.Request) ([]byte, error) {
 			nm[ps[i]] = em
 			em = nm
 		}
-		req[ps[0]] = em
+		if vm, ok := req[ps[0]]; ok {
+			// nested map
+			nm := vm.(map[string]interface{})
+			for vk, vv := range em {
+				nm[vk] = vv
+			}
+			req[ps[0]] = nm
+		} else {
+			req[ps[0]] = em
+		}
 	}
 	pathbuf := []byte("{}")
 	if len(req) > 0 {
@@ -320,14 +366,8 @@ func requestPayload(r *http.Request) ([]byte, error) {
 			return nil, err
 		}
 	}
-	urlbuf := []byte("{}")
-	if len(r.URL.RawQuery) > 0 {
-		urlbuf, err = qson.ToJSON(r.URL.RawQuery)
-		if err != nil {
-			return nil, err
-		}
-	}

+	urlbuf := []byte("{}")
 	out, err := jsonpatch.MergeMergePatches(urlbuf, pathbuf)
 	if err != nil {
 		return nil, err
@@ -351,11 +391,33 @@ func requestPayload(r *http.Request) ([]byte, error) {
 		}
 		if b := buf.Bytes(); len(b) > 0 {
 			bodybuf = b
+		}
+		if bodydst == "" || bodydst == "*" {
+			if out, err = jsonpatch.MergeMergePatches(out, bodybuf); err == nil {
+				return out, nil
+			}
+		}
+		dstmap := make(map[string]interface{})
+		ps := strings.Split(bodydst, ".")
+		if len(ps) == 1 {
+			dstmap[ps[0]] = bodybuf
 		} else {
-			return []byte{}, nil
+			em := make(map[string]interface{})
+			em[ps[len(ps)-1]] = bodybuf
+			for i := len(ps) - 2; i > 0; i-- {
+				nm := make(map[string]interface{})
+				nm[ps[i]] = em
+				em = nm
+			}
+			dstmap[ps[0]] = em
 		}

-		if out, err = jsonpatch.MergeMergePatches(out, bodybuf); err == nil {
+		bodyout, err := json.Marshal(dstmap)
+		if err != nil {
+			return nil, err
+		}
+
+		if out, err = jsonpatch.MergeMergePatches(out, bodyout); err == nil {
 			return out, nil
 		}

--- a/api/handler/rpc/stream.go
+++ b/api/handler/rpc/stream.go
@@ -1,108 +1,216 @@
 package rpc

 import (
+	"bytes"
 	"context"
 	"encoding/json"
+	"io"
 	"net/http"
 	"strings"
+	"time"

-	"github.com/gorilla/websocket"
+	"github.com/gobwas/httphead"
+	"github.com/gobwas/ws"
+	"github.com/gobwas/ws/wsutil"
 	"github.com/micro/go-micro/v2/api"
 	"github.com/micro/go-micro/v2/client"
 	"github.com/micro/go-micro/v2/client/selector"
+	raw "github.com/micro/go-micro/v2/codec/bytes"
+	"github.com/micro/go-micro/v2/logger"
 )

-var upgrader = websocket.Upgrader{
-	ReadBufferSize:  1024,
-	WriteBufferSize: 1024,
-}
-
 // serveWebsocket will stream rpc back over websockets assuming json
 func serveWebsocket(ctx context.Context, w http.ResponseWriter, r *http.Request, service *api.Service, c client.Client) {
-	// upgrade the connection
-	conn, err := upgrader.Upgrade(w, r, nil)
-	if err != nil {
-		return
-	}
-	// close on exit
-	defer conn.Close()
+	var op ws.OpCode

-	// wait for the first request so we know
-	_, p, err := conn.ReadMessage()
+	ct := r.Header.Get("Content-Type")
+	// Strip charset from Content-Type (like `application/json; charset=UTF-8`)
+	if idx := strings.IndexRune(ct, ';'); idx >= 0 {
+		ct = ct[:idx]
+	}
+
+	// check proto from request
+	switch ct {
+	case "application/json":
+		op = ws.OpText
+	default:
+		op = ws.OpBinary
+	}
+
+	hdr := make(http.Header)
+	if proto, ok := r.Header["Sec-WebSocket-Protocol"]; ok {
+		for _, p := range proto {
+			switch p {
+			case "binary":
+				hdr["Sec-WebSocket-Protocol"] = []string{"binary"}
+				op = ws.OpBinary
+			}
+		}
+	}
+	payload, err := requestPayload(r)
 	if err != nil {
+		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+			logger.Error(err)
+		}
 		return
 	}

-	// send to backend
-	// default to trying json
-	var request json.RawMessage
-	// if the extracted payload isn't empty lets use it
-	if len(p) > 0 {
-		request = json.RawMessage(p)
+	upgrader := ws.HTTPUpgrader{Timeout: 5 * time.Second,
+		Protocol: func(proto string) bool {
+			if strings.Contains(proto, "binary") {
+				return true
+			}
+			// fallback to support all protocols now
+			return true
+		},
+		Extension: func(httphead.Option) bool {
+			// disable extensions for compatibility
+			return false
+		},
+		Header: hdr,
 	}

-	// create a request to the backend
+	conn, rw, _, err := upgrader.Upgrade(r, w)
+	if err != nil {
+		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+			logger.Error(err)
+		}
+		return
+	}
+
+	defer func() {
+		if err := conn.Close(); err != nil {
+			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+				logger.Error(err)
+			}
+			return
+		}
+	}()
+
+	var request interface{}
+	if !bytes.Equal(payload, []byte(`{}`)) {
+		switch ct {
+		case "application/json", "":
+			m := json.RawMessage(payload)
+			request = &m
+		default:
+			request = &raw.Frame{Data: payload}
+		}
+	}
+
+	// we always need to set content type for message
+	if ct == "" {
+		ct = "application/json"
+	}
 	req := c.NewRequest(
 		service.Name,
 		service.Endpoint.Name,
-		&request,
-		client.WithContentType("application/json"),
+		request,
+		client.WithContentType(ct),
+		client.StreamingRequest(),
 	)

 	so := selector.WithStrategy(strategy(service.Services))
-
 	// create a new stream
 	stream, err := c.Stream(ctx, req, client.WithSelectOption(so))
 	if err != nil {
+		if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+			logger.Error(err)
+		}
 		return
 	}

-	// send the first request for the client
-	// since
-	if err := stream.Send(request); err != nil {
-		return
+	if request != nil {
+		if err = stream.Send(request); err != nil {
+			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+				logger.Error(err)
+			}
+			return
+		}
 	}

-	go writeLoop(conn, stream)
+	go writeLoop(rw, stream)

-	resp := stream.Response()
+	rsp := stream.Response()

 	// receive from stream and send to client
 	for {
-		// read backend response body
-		body, err := resp.Read()
-		if err != nil {
+		select {
+		case <-ctx.Done():
 			return
-		}
+		case <-stream.Context().Done():
+			return
+		default:
+			// read backend response body
+			buf, err := rsp.Read()
+			if err != nil {
+				// wants to avoid import  grpc/status.Status
+				if strings.Contains(err.Error(), "context canceled") {
+					return
+				}
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Error(err)
+				}
+				return
+			}

-		// write the response
-		if err := conn.WriteMessage(websocket.TextMessage, body); err != nil {
-			return
+			// write the response
+			if err := wsutil.WriteServerMessage(rw, op, buf); err != nil {
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Error(err)
+				}
+				return
+			}
+			if err = rw.Flush(); err != nil {
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Error(err)
+				}
+				return
+			}
 		}
 	}
 }

 // writeLoop
-func writeLoop(conn *websocket.Conn, stream client.Stream) {
+func writeLoop(rw io.ReadWriter, stream client.Stream) {
 	// close stream when done
 	defer stream.Close()

 	for {
-		_, p, err := conn.ReadMessage()
-		if err != nil {
-			return
-		}
-
-		// send to backend
-		// default to trying json
-		var request json.RawMessage
-		// if the extracted payload isn't empty lets use it
-		if len(p) > 0 {
-			request = json.RawMessage(p)
-		}
-
-		if err := stream.Send(request); err != nil {
+		select {
+		case <-stream.Context().Done():
 			return
+		default:
+			buf, op, err := wsutil.ReadClientData(rw)
+			if err != nil {
+				if wserr, ok := err.(wsutil.ClosedError); ok {
+					switch wserr.Code {
+					case ws.StatusNormalClosure, ws.StatusNoStatusRcvd:
+						return
+					}
+				}
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Error(err)
+				}
+				return
+			}
+			switch op {
+			default:
+				// not relevant
+				continue
+			case ws.OpText, ws.OpBinary:
+				break
+			}
+			// send to backend
+			// default to trying json
+			// if the extracted payload isn't empty lets use it
+			request := &raw.Frame{Data: buf}
+			if err := stream.Send(request); err != nil {
+				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
+					logger.Error(err)
+				}
+				return
+			}
 		}
 	}
 }
@@ -112,7 +220,6 @@ func isStream(r *http.Request, srv *api.Service) bool {
 	if !isWebSocket(r) {
 		return false
 	}
-
 	// check if the endpoint supports streaming
 	for _, service := range srv.Services {
 		for _, ep := range service.Endpoints {
@@ -120,14 +227,12 @@ func isStream(r *http.Request, srv *api.Service) bool {
 			if ep.Name != srv.Endpoint.Name {
 				continue
 			}
-
 			// matched if the name
 			if v := ep.Metadata["stream"]; v == "true" {
 				return true
 			}
 		}
 	}
-
 	return false
 }

--- a/api/handler/udp/udp.go
+++ b/api/handler/udp/udp.go
@@ -1,25 +0,0 @@
-// Package udp reads and write from a udp connection
-package udp
-
-import (
-	"io"
-	"net"
-	"net/http"
-)
-
-type Handler struct{}
-
-func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	c, err := net.Dial("udp", r.Host)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	go io.Copy(c, r.Body)
-	// write response
-	io.Copy(w, c)
-}
-
-func (h *Handler) String() string {
-	return "udp"
-}
--- a/api/handler/unix/unix.go
+++ b/api/handler/unix/unix.go
@@ -1,30 +0,0 @@
-// Package unix reads from a unix socket expecting it to be in /tmp/path
-package unix
-
-import (
-	"fmt"
-	"io"
-	"net"
-	"net/http"
-	"path/filepath"
-)
-
-type Handler struct{}
-
-func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	sock := fmt.Sprintf("%s.sock", filepath.Clean(r.URL.Path))
-	path := filepath.Join("/tmp", sock)
-
-	c, err := net.Dial("unix", path)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	go io.Copy(c, r.Body)
-	// write response
-	io.Copy(w, c)
-}
-
-func (h *Handler) String() string {
-	return "unix"
-}
--- a/api/resolver/host/host.go
+++ b/api/resolver/host/host.go
@@ -7,7 +7,9 @@ import (
 	"github.com/micro/go-micro/v2/api/resolver"
 )

-type Resolver struct{}
+type Resolver struct {
+	opts resolver.Options
+}

 func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
 	return &resolver.Endpoint{
@@ -23,5 +25,5 @@ func (r *Resolver) String() string {
 }

 func NewResolver(opts ...resolver.Option) resolver.Resolver {
-	return &Resolver{}
+	return &Resolver{opts: resolver.NewOptions(opts...)}
 }
--- a/api/resolver/micro/micro.go
+++ b/api/resolver/micro/micro.go
@@ -1,45 +0,0 @@
-// Package micro provides a micro rpc resolver which prefixes a namespace
-package micro
-
-import (
-	"net/http"
-
-	"github.com/micro/go-micro/v2/api/resolver"
-)
-
-// default resolver for legacy purposes
-// it uses proxy routing to resolve names
-// /foo becomes namespace.foo
-// /v1/foo becomes namespace.v1.foo
-type Resolver struct {
-	Options resolver.Options
-}
-
-func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
-	var name, method string
-
-	switch r.Options.Handler {
-	// internal handlers
-	case "meta", "api", "rpc", "micro":
-		name, method = apiRoute(req.URL.Path)
-	default:
-		method = req.Method
-		name = proxyRoute(req.URL.Path)
-	}
-
-	return &resolver.Endpoint{
-		Name:   name,
-		Method: method,
-	}, nil
-}
-
-func (r *Resolver) String() string {
-	return "micro"
-}
-
-// NewResolver creates a new micro resolver
-func NewResolver(opts ...resolver.Option) resolver.Resolver {
-	return &Resolver{
-		Options: resolver.NewOptions(opts...),
-	}
-}
--- a/api/resolver/micro/route.go
+++ b/api/resolver/micro/route.go
@@ -1,95 +0,0 @@
-package micro
-
-import (
-	"path"
-	"regexp"
-	"strings"
-)
-
-var (
-	proxyRe   = regexp.MustCompile("^[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*$")
-	versionRe = regexp.MustCompilePOSIX("^v[0-9]+$")
-)
-
-// Translates /foo/bar/zool into api service go.micro.api.foo method Bar.Zool
-// Translates /foo/bar into api service go.micro.api.foo method Foo.Bar
-func apiRoute(p string) (string, string) {
-	p = path.Clean(p)
-	p = strings.TrimPrefix(p, "/")
-	parts := strings.Split(p, "/")
-
-	// if we have 1 part assume name Name.Call
-	if len(parts) == 1 && len(parts[0]) > 0 {
-		return parts[0], methodName(append(parts, "Call"))
-	}
-
-	// If we've got two or less parts
-	// Use first part as service
-	// Use all parts as method
-	if len(parts) <= 2 {
-		name := parts[0]
-		return name, methodName(parts)
-	}
-
-	// Treat /v[0-9]+ as versioning where we have 3 parts
-	// /v1/foo/bar => service: v1.foo method: Foo.bar
-	if len(parts) == 3 && versionRe.Match([]byte(parts[0])) {
-		name := strings.Join(parts[:len(parts)-1], ".")
-		return name, methodName(parts[len(parts)-2:])
-	}
-
-	// Service is everything minus last two parts
-	// Method is the last two parts
-	name := strings.Join(parts[:len(parts)-2], ".")
-	return name, methodName(parts[len(parts)-2:])
-}
-
-func proxyRoute(p string) string {
-	parts := strings.Split(p, "/")
-	if len(parts) < 2 {
-		return ""
-	}
-
-	var service string
-	var alias string
-
-	// /[service]/methods
-	if len(parts) > 2 {
-		// /v1/[service]
-		if versionRe.MatchString(parts[1]) {
-			service = parts[1] + "." + parts[2]
-			alias = parts[2]
-		} else {
-			service = parts[1]
-			alias = parts[1]
-		}
-		// /[service]
-	} else {
-		service = parts[1]
-		alias = parts[1]
-	}
-
-	// check service name is valid
-	if !proxyRe.MatchString(alias) {
-		return ""
-	}
-
-	return service
-}
-
-func methodName(parts []string) string {
-	for i, part := range parts {
-		parts[i] = toCamel(part)
-	}
-
-	return strings.Join(parts, ".")
-}
-
-func toCamel(s string) string {
-	words := strings.Split(s, "-")
-	var out string
-	for _, word := range words {
-		out += strings.Title(word)
-	}
-	return out
-}
--- a/api/resolver/micro/route_test.go
+++ b/api/resolver/micro/route_test.go
@@ -1,130 +0,0 @@
-package micro
-
-import (
-	"testing"
-)
-
-func TestApiRoute(t *testing.T) {
-	testData := []struct {
-		path    string
-		service string
-		method  string
-	}{
-		{
-			"/foo/bar",
-			"foo",
-			"Foo.Bar",
-		},
-		{
-			"/foo/foo/bar",
-			"foo",
-			"Foo.Bar",
-		},
-		{
-			"/foo/bar/baz",
-			"foo",
-			"Bar.Baz",
-		},
-		{
-			"/foo/bar/baz-xyz",
-			"foo",
-			"Bar.BazXyz",
-		},
-		{
-			"/foo/bar/baz/cat",
-			"foo.bar",
-			"Baz.Cat",
-		},
-		{
-			"/foo/bar/baz/cat/car",
-			"foo.bar.baz",
-			"Cat.Car",
-		},
-		{
-			"/foo/fooBar/bazCat",
-			"foo",
-			"FooBar.BazCat",
-		},
-		{
-			"/v1/foo/bar",
-			"v1.foo",
-			"Foo.Bar",
-		},
-		{
-			"/v1/foo/bar/baz",
-			"v1.foo",
-			"Bar.Baz",
-		},
-		{
-			"/v1/foo/bar/baz/cat",
-			"v1.foo.bar",
-			"Baz.Cat",
-		},
-	}
-
-	for _, d := range testData {
-		s, m := apiRoute(d.path)
-		if d.service != s {
-			t.Fatalf("Expected service: %s for path: %s got: %s %s", d.service, d.path, s, m)
-		}
-		if d.method != m {
-			t.Fatalf("Expected service: %s for path: %s got: %s", d.method, d.path, m)
-		}
-	}
-}
-
-func TestProxyRoute(t *testing.T) {
-	testData := []struct {
-		path    string
-		service string
-	}{
-		// no namespace
-		{
-			"/f",
-			"f",
-		},
-		{
-			"/f",
-			"f",
-		},
-		{
-			"/f-b",
-			"f-b",
-		},
-		{
-			"/foo/bar",
-			"foo",
-		},
-		{
-			"/foo-bar",
-			"foo-bar",
-		},
-		{
-			"/foo-bar-baz",
-			"foo-bar-baz",
-		},
-		{
-			"/foo/bar/bar",
-			"foo",
-		},
-		{
-			"/v1/foo/bar",
-			"v1.foo",
-		},
-		{
-			"/v1/foo/bar/baz",
-			"v1.foo",
-		},
-		{
-			"/v1/foo/bar/baz/cat",
-			"v1.foo",
-		},
-	}
-
-	for _, d := range testData {
-		s := proxyRoute(d.path)
-		if d.service != s {
-			t.Fatalf("Expected service: %s for path: %s got: %s", d.service, d.path, s)
-		}
-	}
-}
--- a/api/resolver/options.go
+++ b/api/resolver/options.go
@@ -1,11 +1,22 @@
 package resolver

+import (
+	"net/http"
+
+	"github.com/micro/go-micro/v2/auth"
+)
+
 // NewOptions returns new initialised options
 func NewOptions(opts ...Option) Options {
 	var options Options
 	for _, o := range opts {
 		o(&options)
 	}
+
+	if options.Namespace == nil {
+		options.Namespace = StaticNamespace(auth.DefaultNamespace)
+	}
+
 	return options
 }

@@ -16,8 +27,8 @@ func WithHandler(h string) Option {
 	}
 }

-// WithNamespace sets the namespace being used
-func WithNamespace(n string) Option {
+// WithNamespace sets the function which determines the namespace for a request
+func WithNamespace(n func(*http.Request) string) Option {
 	return func(o *Options) {
 		o.Namespace = n
 	}
--- a/api/resolver/path/path.go
+++ b/api/resolver/path/path.go
@@ -2,22 +2,26 @@
 package path

 import (
-	"errors"
 	"net/http"
 	"strings"

 	"github.com/micro/go-micro/v2/api/resolver"
 )

-type Resolver struct{}
+type Resolver struct {
+	opts resolver.Options
+}

 func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
 	if req.URL.Path == "/" {
-		return nil, errors.New("unknown name")
+		return nil, resolver.ErrNotFound
 	}
+
 	parts := strings.Split(req.URL.Path[1:], "/")
+	ns := r.opts.Namespace(req)
+
 	return &resolver.Endpoint{
-		Name:   parts[0],
+		Name:   ns + "." + parts[0],
 		Host:   req.Host,
 		Method: req.Method,
 		Path:   req.URL.Path,
@@ -29,5 +33,5 @@ func (r *Resolver) String() string {
 }

 func NewResolver(opts ...resolver.Option) resolver.Resolver {
-	return &Resolver{}
+	return &Resolver{opts: resolver.NewOptions(opts...)}
 }
--- a/api/resolver/resolver.go
+++ b/api/resolver/resolver.go
@@ -2,9 +2,15 @@
 package resolver

 import (
+	"errors"
 	"net/http"
 )

+var (
+	ErrNotFound    = errors.New("not found")
+	ErrInvalidPath = errors.New("invalid path")
+)
+
 // Resolver resolves requests to endpoints
 type Resolver interface {
 	Resolve(r *http.Request) (*Endpoint, error)
@@ -25,7 +31,14 @@ type Endpoint struct {

 type Options struct {
 	Handler   string
-	Namespace string
+	Namespace func(*http.Request) string
 }

 type Option func(o *Options)
+
+// StaticNamespace returns the same namespace for each request
+func StaticNamespace(ns string) func(*http.Request) string {
+	return func(*http.Request) string {
+		return ns
+	}
+}
--- a/api/resolver/vpath/vpath.go
+++ b/api/resolver/vpath/vpath.go
@@ -3,6 +3,7 @@ package vpath

 import (
 	"errors"
+	"fmt"
 	"net/http"
 	"regexp"
 	"strings"
@@ -10,7 +11,13 @@ import (
 	"github.com/micro/go-micro/v2/api/resolver"
 )

-type Resolver struct{}
+func NewResolver(opts ...resolver.Option) resolver.Resolver {
+	return &Resolver{opts: resolver.NewOptions(opts...)}
+}
+
+type Resolver struct {
+	opts resolver.Options
+}

 var (
 	re = regexp.MustCompile("^v[0-9]+$")
@@ -21,11 +28,12 @@ func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
 		return nil, errors.New("unknown name")
 	}

-	parts := strings.Split(req.URL.Path[1:], "/")
+	fmt.Println(req.URL.Path)

+	parts := strings.Split(req.URL.Path[1:], "/")
 	if len(parts) == 1 {
 		return &resolver.Endpoint{
-			Name:   parts[0],
+			Name:   r.withNamespace(req, parts...),
 			Host:   req.Host,
 			Method: req.Method,
 			Path:   req.URL.Path,
@@ -35,7 +43,7 @@ func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
 	// /v1/foo
 	if re.MatchString(parts[0]) {
 		return &resolver.Endpoint{
-			Name:   parts[1],
+			Name:   r.withNamespace(req, parts[0:2]...),
 			Host:   req.Host,
 			Method: req.Method,
 			Path:   req.URL.Path,
@@ -43,7 +51,7 @@ func (r *Resolver) Resolve(req *http.Request) (*resolver.Endpoint, error) {
 	}

 	return &resolver.Endpoint{
-		Name:   parts[0],
+		Name:   r.withNamespace(req, parts[0]),
 		Host:   req.Host,
 		Method: req.Method,
 		Path:   req.URL.Path,
@@ -54,6 +62,11 @@ func (r *Resolver) String() string {
 	return "path"
 }

-func NewResolver(opts ...resolver.Option) resolver.Resolver {
-	return &Resolver{}
+func (r *Resolver) withNamespace(req *http.Request, parts ...string) string {
+	ns := r.opts.Namespace(req)
+	if len(ns) == 0 {
+		return strings.Join(parts, ".")
+	}
+
+	return strings.Join(append([]string{ns}, parts...), ".")
 }
--- a/api/router/options.go
+++ b/api/router/options.go
@@ -2,15 +2,14 @@ package router

 import (
 	"github.com/micro/go-micro/v2/api/resolver"
-	"github.com/micro/go-micro/v2/api/resolver/micro"
+	"github.com/micro/go-micro/v2/api/resolver/vpath"
 	"github.com/micro/go-micro/v2/registry"
 )

 type Options struct {
-	Namespace string
-	Handler   string
-	Registry  registry.Registry
-	Resolver  resolver.Resolver
+	Handler  string
+	Registry registry.Registry
+	Resolver resolver.Resolver
 }

 type Option func(o *Options)
@@ -26,9 +25,8 @@ func NewOptions(opts ...Option) Options {
 	}

 	if options.Resolver == nil {
-		options.Resolver = micro.NewResolver(
+		options.Resolver = vpath.NewResolver(
 			resolver.WithHandler(options.Handler),
-			resolver.WithNamespace(options.Namespace),
 		)
 	}

@@ -41,12 +39,6 @@ func WithHandler(h string) Option {
 	}
 }

-func WithNamespace(ns string) Option {
-	return func(o *Options) {
-		o.Namespace = ns
-	}
-}
-
 func WithRegistry(r registry.Registry) Option {
 	return func(o *Options) {
 		o.Registry = r
--- a/api/router/registry/registry.go
+++ b/api/router/registry/registry.go
@@ -12,11 +12,20 @@ import (

 	"github.com/micro/go-micro/v2/api"
 	"github.com/micro/go-micro/v2/api/router"
+	"github.com/micro/go-micro/v2/api/router/util"
 	"github.com/micro/go-micro/v2/logger"
+	"github.com/micro/go-micro/v2/metadata"
 	"github.com/micro/go-micro/v2/registry"
 	"github.com/micro/go-micro/v2/registry/cache"
 )

+// endpoint struct, that holds compiled pcre
+type endpoint struct {
+	hostregs []*regexp.Regexp
+	pathregs []util.Pattern
+	pcreregs []*regexp.Regexp
+}
+
 // router is the default router
 type registryRouter struct {
 	exit chan bool
@@ -27,28 +36,8 @@ type registryRouter struct {

 	sync.RWMutex
 	eps map[string]*api.Service
-}
-
-func setNamespace(ns, name string) string {
-	ns = strings.TrimSpace(ns)
-	name = strings.TrimSpace(name)
-
-	// no namespace
-	if len(ns) == 0 {
-		return name
-	}
-
-	switch {
-	// has - suffix
-	case strings.HasSuffix(ns, "-"):
-		return strings.Replace(ns+name, ".", "-", -1)
-	// has . suffix
-	case strings.HasSuffix(ns, "."):
-		return ns + name
-	}
-
-	// default join .
-	return strings.Join([]string{ns, name}, ".")
+	// compiled regexp for host and path
+	ceps map[string]*endpoint
 }

 func (r *registryRouter) isClosed() bool {
@@ -79,10 +68,6 @@ func (r *registryRouter) refresh() {

 		// for each service, get service and store endpoints
 		for _, s := range services {
-			// only get services for this namespace
-			if !strings.HasPrefix(s.Name, r.opts.Namespace) {
-				continue
-			}
 			service, err := r.rc.GetService(s.Name)
 			if err != nil {
 				if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
@@ -94,6 +79,7 @@ func (r *registryRouter) refresh() {
 		}

 		// refresh list in 10 minutes... cruft
+		// use registry watching
 		select {
 		case <-time.After(time.Minute * 10):
 		case <-r.exit:
@@ -105,7 +91,7 @@ func (r *registryRouter) refresh() {
 // process watch event
 func (r *registryRouter) process(res *registry.Result) {
 	// skip these things
-	if res == nil || res.Service == nil || !strings.HasPrefix(res.Service.Name, r.opts.Namespace) {
+	if res == nil || res.Service == nil {
 		return
 	}

@@ -136,11 +122,11 @@ func (r *registryRouter) store(services []*registry.Service) {
 		names[service.Name] = true

 		// map per endpoint
-		for _, endpoint := range service.Endpoints {
+		for _, sep := range service.Endpoints {
 			// create a key service:endpoint_name
-			key := fmt.Sprintf("%s:%s", service.Name, endpoint.Name)
+			key := fmt.Sprintf("%s.%s", service.Name, sep.Name)
 			// decode endpoint
-			end := api.Decode(endpoint.Metadata)
+			end := api.Decode(sep.Metadata)

 			// if we got nothing skip
 			if err := api.Validate(end); err != nil {
@@ -181,8 +167,57 @@ func (r *registryRouter) store(services []*registry.Service) {
 	}

 	// now set the eps we have
-	for name, endpoint := range eps {
-		r.eps[name] = endpoint
+	for name, ep := range eps {
+		r.eps[name] = ep
+		cep := &endpoint{}
+
+		for _, h := range ep.Endpoint.Host {
+			if h == "" || h == "*" {
+				continue
+			}
+			hostreg, err := regexp.CompilePOSIX(h)
+			if err != nil {
+				if logger.V(logger.TraceLevel, logger.DefaultLogger) {
+					logger.Tracef("endpoint have invalid host regexp: %v", err)
+				}
+				continue
+			}
+			cep.hostregs = append(cep.hostregs, hostreg)
+		}
+
+		for _, p := range ep.Endpoint.Path {
+			var pcreok bool
+
+			if p[0] == '^' && p[len(p)-1] != '$' {
+				pcrereg, err := regexp.CompilePOSIX(p)
+				if err == nil {
+					cep.pcreregs = append(cep.pcreregs, pcrereg)
+					pcreok = true
+				}
+			}
+
+			rule, err := util.Parse(p)
+			if err != nil && !pcreok {
+				if logger.V(logger.TraceLevel, logger.DefaultLogger) {
+					logger.Tracef("endpoint have invalid path pattern: %v", err)
+				}
+				continue
+			} else if err != nil && pcreok {
+				continue
+			}
+
+			tpl := rule.Compile()
+			pathreg, err := util.NewPattern(tpl.Version, tpl.OpCodes, tpl.Pool, "")
+			if err != nil {
+				if logger.V(logger.TraceLevel, logger.DefaultLogger) {
+					logger.Tracef("endpoint have invalid path pattern: %v", err)
+				}
+				continue
+			}
+			cep.pathregs = append(cep.pathregs, pathreg)
+		}
+
+		r.ceps[name] = cep
 	}
 }

@@ -266,60 +301,106 @@ func (r *registryRouter) Endpoint(req *http.Request) (*api.Service, error) {
 	r.RLock()
 	defer r.RUnlock()

+	var idx int
+	if len(req.URL.Path) > 0 && req.URL.Path != "/" {
+		idx = 1
+	}
+	path := strings.Split(req.URL.Path[idx:], "/")
+
 	// use the first match
 	// TODO: weighted matching
-	for _, e := range r.eps {
+	for n, e := range r.eps {
+		cep, ok := r.ceps[n]
+		if !ok {
+			continue
+		}
 		ep := e.Endpoint
-
-		// match
-		var pathMatch, hostMatch, methodMatch bool
-
-		// 1. try method GET, POST, PUT, etc
-		// 2. try host example.com, foobar.com, etc
-		// 3. try path /foo/bar, /bar/baz, etc
-
-		// 1. try match method
+		var mMatch, hMatch, pMatch bool
+		// 1. try method
 		for _, m := range ep.Method {
-			if req.Method == m {
-				methodMatch = true
+			if m == req.Method {
+				mMatch = true
 				break
 			}
 		}
-
-		// no match on method pass
-		if len(ep.Method) > 0 && !methodMatch {
+		if !mMatch {
 			continue
 		}
-
-		// 2. try match host
-		for _, h := range ep.Host {
-			if req.Host == h {
-				hostMatch = true
-				break
-			}
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("api method match %s", req.Method)
 		}

-		// no match on host pass
-		if len(ep.Host) > 0 && !hostMatch {
+		// 2. try host
+		if len(ep.Host) == 0 {
+			hMatch = true
+		} else {
+			for idx, h := range ep.Host {
+				if h == "" || h == "*" {
+					hMatch = true
+					break
+				} else {
+					if cep.hostregs[idx].MatchString(req.URL.Host) {
+						hMatch = true
+						break
+					}
+				}
+			}
+		}
+		if !hMatch {
 			continue
 		}
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("api host match %s", req.URL.Host)
+		}

-		// 3. try match paths
-		for _, p := range ep.Path {
-			re, err := regexp.CompilePOSIX(p)
-			if err == nil && re.MatchString(req.URL.Path) {
-				pathMatch = true
+		// 3. try path via google.api path matching
+		for _, pathreg := range cep.pathregs {
+			matches, err := pathreg.Match(path, "")
+			if err != nil {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("api gpath not match %s != %v", path, pathreg)
+				}
+				continue
+			}
+			if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+				logger.Debugf("api gpath match %s = %v", path, pathreg)
+			}
+			pMatch = true
+			ctx := req.Context()
+			md, ok := metadata.FromContext(ctx)
+			if !ok {
+				md = make(metadata.Metadata)
+			}
+			for k, v := range matches {
+				md[fmt.Sprintf("x-api-field-%s", k)] = v
+			}
+			md["x-api-body"] = ep.Body
+			*req = *req.Clone(metadata.NewContext(ctx, md))
+			break
+		}
+
+		if !pMatch {
+			// 4. try path via pcre path matching
+			for _, pathreg := range cep.pcreregs {
+				if !pathreg.MatchString(req.URL.Path) {
+					if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+						logger.Debugf("api pcre path not match %s != %v", path, pathreg)
+					}
+					continue
+				}
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("api pcre path match %s != %v", path, pathreg)
+				}
+				pMatch = true
 				break
 			}
 		}

-		// no match pass
-		if len(ep.Path) > 0 && !pathMatch {
+		if !pMatch {
 			continue
 		}

 		// TODO: Percentage traffic
-
 		// we got here, so its a match
 		return e, nil
 	}
@@ -350,7 +431,7 @@ func (r *registryRouter) Route(req *http.Request) (*api.Service, error) {
 	}

 	// service name
-	name := setNamespace(r.opts.Namespace, rp.Name)
+	name := rp.Name

 	// get service
 	services, err := r.rc.GetService(name)
@@ -404,6 +485,7 @@ func newRouter(opts ...router.Option) *registryRouter {
 		opts: options,
 		rc:   cache.New(options.Registry),
 		eps:  make(map[string]*api.Service),
+		ceps: make(map[string]*endpoint),
 	}
 	go r.watch()
 	go r.refresh()
--- a/api/router/registry/registry_test.go
+++ b/api/router/registry/registry_test.go
@@ -1,181 +0,0 @@
-package registry
-
-import (
-	"fmt"
-	"net/http"
-	"net/url"
-	"testing"
-
-	"github.com/micro/go-micro/v2/api"
-)
-
-func TestSetNamespace(t *testing.T) {
-	testCases := []struct {
-		namespace string
-		name      string
-		expected  string
-	}{
-		// default dotted path
-		{
-			"go.micro.api",
-			"foo",
-			"go.micro.api.foo",
-		},
-		// dotted end
-		{
-			"go.micro.api.",
-			"foo",
-			"go.micro.api.foo",
-		},
-		// dashed end
-		{
-			"go-micro-api-",
-			"foo",
-			"go-micro-api-foo",
-		},
-		// no namespace
-		{
-			"",
-			"foo",
-			"foo",
-		},
-		{
-			"go-micro-api-",
-			"v2.foo",
-			"go-micro-api-v2-foo",
-		},
-	}
-
-	for _, test := range testCases {
-		name := setNamespace(test.namespace, test.name)
-		if name != test.expected {
-			t.Fatalf("expected name %s got %s", test.expected, name)
-		}
-	}
-}
-
-func TestRouter(t *testing.T) {
-	r := newRouter()
-
-	compare := func(expect, got []string) bool {
-		// no data to compare, return true
-		if len(expect) == 0 && len(got) == 0 {
-			return true
-		}
-		// no data expected but got some return false
-		if len(expect) == 0 && len(got) > 0 {
-			return false
-		}
-
-		// compare expected with what we got
-		for _, e := range expect {
-			var seen bool
-			for _, g := range got {
-				if e == g {
-					seen = true
-					break
-				}
-			}
-			if !seen {
-				return false
-			}
-		}
-
-		// we're done, return true
-		return true
-	}
-
-	testData := []struct {
-		e *api.Endpoint
-		r *http.Request
-		m bool
-	}{
-		{
-			e: &api.Endpoint{
-				Name:   "Foo.Bar",
-				Host:   []string{"example.com"},
-				Method: []string{"GET"},
-				Path:   []string{"/foo"},
-			},
-			r: &http.Request{
-				Host:   "example.com",
-				Method: "GET",
-				URL: &url.URL{
-					Path: "/foo",
-				},
-			},
-			m: true,
-		},
-		{
-			e: &api.Endpoint{
-				Name:   "Bar.Baz",
-				Host:   []string{"example.com", "foo.com"},
-				Method: []string{"GET", "POST"},
-				Path:   []string{"/foo/bar"},
-			},
-			r: &http.Request{
-				Host:   "foo.com",
-				Method: "POST",
-				URL: &url.URL{
-					Path: "/foo/bar",
-				},
-			},
-			m: true,
-		},
-		{
-			e: &api.Endpoint{
-				Name:   "Test.Cruft",
-				Host:   []string{"example.com", "foo.com"},
-				Method: []string{"GET", "POST"},
-				Path:   []string{"/xyz"},
-			},
-			r: &http.Request{
-				Host:   "fail.com",
-				Method: "DELETE",
-				URL: &url.URL{
-					Path: "/test/fail",
-				},
-			},
-			m: false,
-		},
-	}
-
-	for _, d := range testData {
-		key := fmt.Sprintf("%s:%s", "test.service", d.e.Name)
-		r.eps[key] = &api.Service{
-			Endpoint: d.e,
-		}
-	}
-
-	for _, d := range testData {
-		e, err := r.Endpoint(d.r)
-		if d.m && err != nil {
-			t.Fatalf("expected match, got %v", err)
-		}
-		if !d.m && err == nil {
-			t.Fatal("expected error got match")
-		}
-		// skip testing the non match
-		if !d.m {
-			continue
-		}
-
-		ep := e.Endpoint
-
-		// test the match
-		if d.e.Name != ep.Name {
-			t.Fatalf("expected %v got %v", d.e.Name, ep.Name)
-		}
-		if ok := compare(d.e.Method, ep.Method); !ok {
-			t.Fatalf("expected %v got %v", d.e.Method, ep.Method)
-		}
-		if ok := compare(d.e.Path, ep.Path); !ok {
-			t.Fatalf("expected %v got %v", d.e.Path, ep.Path)
-		}
-		if ok := compare(d.e.Host, ep.Host); !ok {
-			t.Fatalf("expected %v got %v", d.e.Host, ep.Host)
-		}
-
-	}
-
-}
--- a/api/router/router_test.go
+++ b/api/router/router_test.go
@@ -0,0 +1,245 @@
+package router_test
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/micro/go-micro/v2/api"
+	"github.com/micro/go-micro/v2/api/handler"
+	"github.com/micro/go-micro/v2/api/handler/rpc"
+	"github.com/micro/go-micro/v2/api/router"
+	rregistry "github.com/micro/go-micro/v2/api/router/registry"
+	rstatic "github.com/micro/go-micro/v2/api/router/static"
+	"github.com/micro/go-micro/v2/client"
+	gcli "github.com/micro/go-micro/v2/client/grpc"
+	rmemory "github.com/micro/go-micro/v2/registry/memory"
+	"github.com/micro/go-micro/v2/server"
+	gsrv "github.com/micro/go-micro/v2/server/grpc"
+	pb "github.com/micro/go-micro/v2/server/grpc/proto"
+)
+
+// server is used to implement helloworld.GreeterServer.
+type testServer struct {
+	msgCount int
+}
+
+// TestHello implements helloworld.GreeterServer
+func (s *testServer) Call(ctx context.Context, req *pb.Request, rsp *pb.Response) error {
+	rsp.Msg = "Hello " + req.Uuid
+	return nil
+}
+
+// TestHello implements helloworld.GreeterServer
+func (s *testServer) CallPcre(ctx context.Context, req *pb.Request, rsp *pb.Response) error {
+	rsp.Msg = "Hello " + req.Uuid
+	return nil
+}
+
+// TestHello implements helloworld.GreeterServer
+func (s *testServer) CallPcreInvalid(ctx context.Context, req *pb.Request, rsp *pb.Response) error {
+	rsp.Msg = "Hello " + req.Uuid
+	return nil
+}
+
+func initial(t *testing.T) (server.Server, client.Client) {
+	r := rmemory.NewRegistry()
+
+	// create a new client
+	s := gsrv.NewServer(
+		server.Name("foo"),
+		server.Registry(r),
+	)
+
+	// create a new server
+	c := gcli.NewClient(
+		client.Registry(r),
+	)
+
+	h := &testServer{}
+	pb.RegisterTestHandler(s, h)
+
+	if err := s.Start(); err != nil {
+		t.Fatalf("failed to start: %v", err)
+	}
+
+	return s, c
+}
+
+func check(t *testing.T, addr string, path string, expected string) {
+	req, err := http.NewRequest("POST", fmt.Sprintf(path, addr), nil)
+	if err != nil {
+		t.Fatalf("Failed to created http.Request: %v", err)
+	}
+	req.Header.Set("Content-Type", "application/json")
+	rsp, err := (&http.Client{}).Do(req)
+	if err != nil {
+		t.Fatalf("Failed to created http.Request: %v", err)
+	}
+	defer rsp.Body.Close()
+
+	buf, err := ioutil.ReadAll(rsp.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	jsonMsg := expected
+	if string(buf) != jsonMsg {
+		t.Fatalf("invalid message received, parsing error %s != %s", buf, jsonMsg)
+	}
+}
+
+func TestRouterRegistryPcre(t *testing.T) {
+	s, c := initial(t)
+	defer s.Stop()
+
+	router := rregistry.NewRouter(
+		router.WithHandler(rpc.Handler),
+		router.WithRegistry(s.Options().Registry),
+	)
+	hrpc := rpc.NewHandler(
+		handler.WithClient(c),
+		handler.WithRouter(router),
+	)
+	hsrv := &http.Server{
+		Handler:        hrpc,
+		Addr:           "127.0.0.1:6543",
+		WriteTimeout:   15 * time.Second,
+		ReadTimeout:    15 * time.Second,
+		IdleTimeout:    20 * time.Second,
+		MaxHeaderBytes: 1024 * 1024 * 1, // 1Mb
+	}
+
+	go func() {
+		log.Println(hsrv.ListenAndServe())
+	}()
+
+	defer hsrv.Close()
+	time.Sleep(1 * time.Second)
+	check(t, hsrv.Addr, "http://%s/api/v0/test/call/TEST", `{"msg":"Hello TEST"}`)
+}
+
+func TestRouterStaticPcre(t *testing.T) {
+	s, c := initial(t)
+	defer s.Stop()
+
+	router := rstatic.NewRouter(
+		router.WithHandler(rpc.Handler),
+		router.WithRegistry(s.Options().Registry),
+	)
+
+	err := router.Register(&api.Endpoint{
+		Name:    "foo.Test.Call",
+		Method:  []string{"POST"},
+		Path:    []string{"^/api/v0/test/call/?$"},
+		Handler: "rpc",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	hrpc := rpc.NewHandler(
+		handler.WithClient(c),
+		handler.WithRouter(router),
+	)
+	hsrv := &http.Server{
+		Handler:        hrpc,
+		Addr:           "127.0.0.1:6543",
+		WriteTimeout:   15 * time.Second,
+		ReadTimeout:    15 * time.Second,
+		IdleTimeout:    20 * time.Second,
+		MaxHeaderBytes: 1024 * 1024 * 1, // 1Mb
+	}
+
+	go func() {
+		log.Println(hsrv.ListenAndServe())
+	}()
+	defer hsrv.Close()
+
+	time.Sleep(1 * time.Second)
+	check(t, hsrv.Addr, "http://%s/api/v0/test/call", `{"msg":"Hello "}`)
+}
+
+func TestRouterStaticGpath(t *testing.T) {
+	s, c := initial(t)
+	defer s.Stop()
+
+	router := rstatic.NewRouter(
+		router.WithHandler(rpc.Handler),
+		router.WithRegistry(s.Options().Registry),
+	)
+
+	err := router.Register(&api.Endpoint{
+		Name:    "foo.Test.Call",
+		Method:  []string{"POST"},
+		Path:    []string{"/api/v0/test/call/{uuid}"},
+		Handler: "rpc",
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	hrpc := rpc.NewHandler(
+		handler.WithClient(c),
+		handler.WithRouter(router),
+	)
+	hsrv := &http.Server{
+		Handler:        hrpc,
+		Addr:           "127.0.0.1:6543",
+		WriteTimeout:   15 * time.Second,
+		ReadTimeout:    15 * time.Second,
+		IdleTimeout:    20 * time.Second,
+		MaxHeaderBytes: 1024 * 1024 * 1, // 1Mb
+	}
+
+	go func() {
+		log.Println(hsrv.ListenAndServe())
+	}()
+	defer hsrv.Close()
+
+	time.Sleep(1 * time.Second)
+	check(t, hsrv.Addr, "http://%s/api/v0/test/call/TEST", `{"msg":"Hello TEST"}`)
+}
+
+func TestRouterStaticPcreInvalid(t *testing.T) {
+	var ep *api.Endpoint
+	var err error
+
+	s, c := initial(t)
+	defer s.Stop()
+
+	router := rstatic.NewRouter(
+		router.WithHandler(rpc.Handler),
+		router.WithRegistry(s.Options().Registry),
+	)
+
+	ep = &api.Endpoint{
+		Name:    "foo.Test.Call",
+		Method:  []string{"POST"},
+		Path:    []string{"^/api/v0/test/call/?"},
+		Handler: "rpc",
+	}
+
+	err = router.Register(ep)
+	if err == nil {
+		t.Fatalf("invalid endpoint %v", ep)
+	}
+
+	ep = &api.Endpoint{
+		Name:    "foo.Test.Call",
+		Method:  []string{"POST"},
+		Path:    []string{"/api/v0/test/call/?$"},
+		Handler: "rpc",
+	}
+
+	err = router.Register(ep)
+	if err == nil {
+		t.Fatalf("invalid endpoint %v", ep)
+	}
+
+	_ = c
+}
--- a/api/router/static/static.go
+++ b/api/router/static/static.go
@@ -1,7 +1,6 @@
 package static

 import (
-	"context"
 	"errors"
 	"fmt"
 	"net/http"
@@ -9,18 +8,20 @@ import (
 	"strings"
 	"sync"

-	"github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway/httprule"
-	"github.com/grpc-ecosystem/grpc-gateway/runtime"
 	"github.com/micro/go-micro/v2/api"
 	"github.com/micro/go-micro/v2/api/router"
+	"github.com/micro/go-micro/v2/api/router/util"
 	"github.com/micro/go-micro/v2/logger"
 	"github.com/micro/go-micro/v2/metadata"
+	"github.com/micro/go-micro/v2/registry"
+	rutil "github.com/micro/go-micro/v2/util/registry"
 )

 type endpoint struct {
 	apiep    *api.Endpoint
 	hostregs []*regexp.Regexp
-	pathregs []runtime.Pattern
+	pathregs []util.Pattern
+	pcreregs []*regexp.Regexp
 }

 // router is the default router
@@ -92,8 +93,9 @@ func (r *staticRouter) Register(ep *api.Endpoint) error {
 		return err
 	}

-	var pathregs []runtime.Pattern
+	var pathregs []util.Pattern
 	var hostregs []*regexp.Regexp
+	var pcreregs []*regexp.Regexp

 	for _, h := range ep.Host {
 		if h == "" || h == "*" {
@@ -107,12 +109,26 @@ func (r *staticRouter) Register(ep *api.Endpoint) error {
 	}

 	for _, p := range ep.Path {
-		rule, err := httprule.Parse(p)
-		if err != nil {
-			return err
+		var pcreok bool
+
+		// pcre only when we have start and end markers
+		if p[0] == '^' && p[len(p)-1] == '$' {
+			pcrereg, err := regexp.CompilePOSIX(p)
+			if err == nil {
+				pcreregs = append(pcreregs, pcrereg)
+				pcreok = true
+			}
 		}
+
+		rule, err := util.Parse(p)
+		if err != nil && !pcreok {
+			return err
+		} else if err != nil && pcreok {
+			continue
+		}
+
 		tpl := rule.Compile()
-		pathreg, err := runtime.NewPattern(tpl.Version, tpl.OpCodes, tpl.Pool, "")
+		pathreg, err := util.NewPattern(tpl.Version, tpl.OpCodes, tpl.Pool, "")
 		if err != nil {
 			return err
 		}
@@ -120,7 +136,12 @@ func (r *staticRouter) Register(ep *api.Endpoint) error {
 	}

 	r.Lock()
-	r.eps[ep.Name] = &endpoint{apiep: ep, pathregs: pathregs, hostregs: hostregs}
+	r.eps[ep.Name] = &endpoint{
+		apiep:    ep,
+		pcreregs: pcreregs,
+		pathregs: pathregs,
+		hostregs: hostregs,
+	}
 	r.Unlock()
 	return nil
 }
@@ -163,13 +184,23 @@ func (r *staticRouter) Endpoint(req *http.Request) (*api.Service, error) {

 	// hack for stream endpoint
 	if ep.apiep.Stream {
-		for _, svc := range services {
+		svcs := rutil.Copy(services)
+		for _, svc := range svcs {
+			if len(svc.Endpoints) == 0 {
+				e := &registry.Endpoint{}
+				e.Name = strings.Join(epf[1:], ".")
+				e.Metadata = make(map[string]string)
+				e.Metadata["stream"] = "true"
+				svc.Endpoints = append(svc.Endpoints, e)
+			}
 			for _, e := range svc.Endpoints {
 				e.Name = strings.Join(epf[1:], ".")
 				e.Metadata = make(map[string]string)
 				e.Metadata["stream"] = "true"
 			}
 		}
+
+		services = svcs
 	}

 	svc := &api.Service{
@@ -180,6 +211,8 @@ func (r *staticRouter) Endpoint(req *http.Request) (*api.Service, error) {
 			Host:    ep.apiep.Host,
 			Method:  ep.apiep.Method,
 			Path:    ep.apiep.Path,
+			Body:    ep.apiep.Body,
+			Stream:  ep.apiep.Stream,
 		},
 		Services: services,
 	}
@@ -207,11 +240,10 @@ func (r *staticRouter) endpoint(req *http.Request) (*endpoint, error) {
 		var mMatch, hMatch, pMatch bool

 		// 1. try method
-	methodLoop:
 		for _, m := range ep.apiep.Method {
 			if m == req.Method {
 				mMatch = true
-				break methodLoop
+				break
 			}
 		}
 		if !mMatch {
@@ -225,15 +257,14 @@ func (r *staticRouter) endpoint(req *http.Request) (*endpoint, error) {
 		if len(ep.apiep.Host) == 0 {
 			hMatch = true
 		} else {
-		hostLoop:
 			for idx, h := range ep.apiep.Host {
 				if h == "" || h == "*" {
 					hMatch = true
-					break hostLoop
+					break
 				} else {
 					if ep.hostregs[idx].MatchString(req.URL.Host) {
 						hMatch = true
-						break hostLoop
+						break
 					}
 				}
 			}
@@ -245,14 +276,18 @@ func (r *staticRouter) endpoint(req *http.Request) (*endpoint, error) {
 			logger.Debugf("api host match %s", req.URL.Host)
 		}

-		// 3. try path
-	pathLoop:
+		// 3. try google.api path
 		for _, pathreg := range ep.pathregs {
 			matches, err := pathreg.Match(path, "")
 			if err != nil {
-				// TODO: log error
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("api gpath not match %s != %v", path, pathreg)
+				}
 				continue
 			}
+			if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+				logger.Debugf("api gpath match %s = %v", path, pathreg)
+			}
 			pMatch = true
 			ctx := req.Context()
 			md, ok := metadata.FromContext(ctx)
@@ -262,9 +297,25 @@ func (r *staticRouter) endpoint(req *http.Request) (*endpoint, error) {
 			for k, v := range matches {
 				md[fmt.Sprintf("x-api-field-%s", k)] = v
 			}
-			*req = *req.WithContext(context.WithValue(ctx, metadata.MetadataKey{}, md))
-			break pathLoop
+			md["x-api-body"] = ep.apiep.Body
+			*req = *req.Clone(metadata.NewContext(ctx, md))
+			break
 		}
+
+		if !pMatch {
+			// 4. try path via pcre path matching
+			for _, pathreg := range ep.pcreregs {
+				if !pathreg.MatchString(req.URL.Path) {
+					if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+						logger.Debugf("api pcre path not match %s != %v", req.URL.Path, pathreg)
+					}
+					continue
+				}
+				pMatch = true
+				break
+			}
+		}
+
 		if !pMatch {
 			continue
 		}
@@ -273,8 +324,9 @@ func (r *staticRouter) endpoint(req *http.Request) (*endpoint, error) {
 		// we got here, so its a match
 		return ep, nil
 	}
+
 	// no match
-	return nil, fmt.Errorf("endpoint not found for %v", req)
+	return nil, fmt.Errorf("endpoint not found for %v", req.URL)
 }

 func (r *staticRouter) Route(req *http.Request) (*api.Service, error) {
--- a/api/router/util/LICENSE.txt
+++ b/api/router/util/LICENSE.txt
@@ -0,0 +1,27 @@
+Copyright (c) 2015, Gengo, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+
+    * Neither the name of Gengo, Inc. nor the names of its
+      contributors may be used to endorse or promote products derived from this
+      software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/api/router/util/compile.go
+++ b/api/router/util/compile.go
@@ -0,0 +1,115 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/compile.go
+
+const (
+	opcodeVersion = 1
+)
+
+// Template is a compiled representation of path templates.
+type Template struct {
+	// Version is the version number of the format.
+	Version int
+	// OpCodes is a sequence of operations.
+	OpCodes []int
+	// Pool is a constant pool
+	Pool []string
+	// Verb is a VERB part in the template.
+	Verb string
+	// Fields is a list of field paths bound in this template.
+	Fields []string
+	// Original template (example: /v1/a_bit_of_everything)
+	Template string
+}
+
+// Compiler compiles utilities representation of path templates into marshallable operations.
+// They can be unmarshalled by runtime.NewPattern.
+type Compiler interface {
+	Compile() Template
+}
+
+type op struct {
+	// code is the opcode of the operation
+	code OpCode
+
+	// str is a string operand of the code.
+	// operand is ignored if str is not empty.
+	str string
+
+	// operand is a numeric operand of the code.
+	operand int
+}
+
+func (w wildcard) compile() []op {
+	return []op{
+		{code: OpPush},
+	}
+}
+
+func (w deepWildcard) compile() []op {
+	return []op{
+		{code: OpPushM},
+	}
+}
+
+func (l literal) compile() []op {
+	return []op{
+		{
+			code: OpLitPush,
+			str:  string(l),
+		},
+	}
+}
+
+func (v variable) compile() []op {
+	var ops []op
+	for _, s := range v.segments {
+		ops = append(ops, s.compile()...)
+	}
+	ops = append(ops, op{
+		code:    OpConcatN,
+		operand: len(v.segments),
+	}, op{
+		code: OpCapture,
+		str:  v.path,
+	})
+
+	return ops
+}
+
+func (t template) Compile() Template {
+	var rawOps []op
+	for _, s := range t.segments {
+		rawOps = append(rawOps, s.compile()...)
+	}
+
+	var (
+		ops    []int
+		pool   []string
+		fields []string
+	)
+	consts := make(map[string]int)
+	for _, op := range rawOps {
+		ops = append(ops, int(op.code))
+		if op.str == "" {
+			ops = append(ops, op.operand)
+		} else {
+			if _, ok := consts[op.str]; !ok {
+				consts[op.str] = len(pool)
+				pool = append(pool, op.str)
+			}
+			ops = append(ops, consts[op.str])
+		}
+		if op.code == OpCapture {
+			fields = append(fields, op.str)
+		}
+	}
+	return Template{
+		Version:  opcodeVersion,
+		OpCodes:  ops,
+		Pool:     pool,
+		Verb:     t.verb,
+		Fields:   fields,
+		Template: t.template,
+	}
+}
--- a/api/router/util/compile_test.go
+++ b/api/router/util/compile_test.go
@@ -0,0 +1,122 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/compile_test.go
+
+import (
+	"reflect"
+	"testing"
+)
+
+const (
+	operandFiller = 0
+)
+
+func TestCompile(t *testing.T) {
+	for _, spec := range []struct {
+		segs []segment
+		verb string
+
+		ops    []int
+		pool   []string
+		fields []string
+	}{
+		{},
+		{
+			segs: []segment{
+				wildcard{},
+			},
+			ops: []int{int(OpPush), operandFiller},
+		},
+		{
+			segs: []segment{
+				deepWildcard{},
+			},
+			ops: []int{int(OpPushM), operandFiller},
+		},
+		{
+			segs: []segment{
+				literal("v1"),
+			},
+			ops:  []int{int(OpLitPush), 0},
+			pool: []string{"v1"},
+		},
+		{
+			segs: []segment{
+				literal("v1"),
+			},
+			verb: "LOCK",
+			ops:  []int{int(OpLitPush), 0},
+			pool: []string{"v1"},
+		},
+		{
+			segs: []segment{
+				variable{
+					path: "name.nested",
+					segments: []segment{
+						wildcard{},
+					},
+				},
+			},
+			ops: []int{
+				int(OpPush), operandFiller,
+				int(OpConcatN), 1,
+				int(OpCapture), 0,
+			},
+			pool:   []string{"name.nested"},
+			fields: []string{"name.nested"},
+		},
+		{
+			segs: []segment{
+				literal("obj"),
+				variable{
+					path: "name.nested",
+					segments: []segment{
+						literal("a"),
+						wildcard{},
+						literal("b"),
+					},
+				},
+				variable{
+					path: "obj",
+					segments: []segment{
+						deepWildcard{},
+					},
+				},
+			},
+			ops: []int{
+				int(OpLitPush), 0,
+				int(OpLitPush), 1,
+				int(OpPush), operandFiller,
+				int(OpLitPush), 2,
+				int(OpConcatN), 3,
+				int(OpCapture), 3,
+				int(OpPushM), operandFiller,
+				int(OpConcatN), 1,
+				int(OpCapture), 0,
+			},
+			pool:   []string{"obj", "a", "b", "name.nested"},
+			fields: []string{"name.nested", "obj"},
+		},
+	} {
+		tmpl := template{
+			segments: spec.segs,
+			verb:     spec.verb,
+		}
+		compiled := tmpl.Compile()
+		if got, want := compiled.Version, opcodeVersion; got != want {
+			t.Errorf("tmpl.Compile().Version = %d; want %d; segs=%#v, verb=%q", got, want, spec.segs, spec.verb)
+		}
+		if got, want := compiled.OpCodes, spec.ops; !reflect.DeepEqual(got, want) {
+			t.Errorf("tmpl.Compile().OpCodes = %v; want %v; segs=%#v, verb=%q", got, want, spec.segs, spec.verb)
+		}
+		if got, want := compiled.Pool, spec.pool; !reflect.DeepEqual(got, want) {
+			t.Errorf("tmpl.Compile().Pool = %q; want %q; segs=%#v, verb=%q", got, want, spec.segs, spec.verb)
+		}
+		if got, want := compiled.Verb, spec.verb; got != want {
+			t.Errorf("tmpl.Compile().Verb = %q; want %q; segs=%#v, verb=%q", got, want, spec.segs, spec.verb)
+		}
+		if got, want := compiled.Fields, spec.fields; !reflect.DeepEqual(got, want) {
+			t.Errorf("tmpl.Compile().Fields = %q; want %q; segs=%#v, verb=%q", got, want, spec.segs, spec.verb)
+		}
+	}
+}
--- a/api/router/util/parse.go
+++ b/api/router/util/parse.go
@@ -0,0 +1,363 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/parse.go
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/micro/go-micro/v2/logger"
+)
+
+// InvalidTemplateError indicates that the path template is not valid.
+type InvalidTemplateError struct {
+	tmpl string
+	msg  string
+}
+
+func (e InvalidTemplateError) Error() string {
+	return fmt.Sprintf("%s: %s", e.msg, e.tmpl)
+}
+
+// Parse parses the string representation of path template
+func Parse(tmpl string) (Compiler, error) {
+	if !strings.HasPrefix(tmpl, "/") {
+		return template{}, InvalidTemplateError{tmpl: tmpl, msg: "no leading /"}
+	}
+	tokens, verb := tokenize(tmpl[1:])
+
+	p := parser{tokens: tokens}
+	segs, err := p.topLevelSegments()
+	if err != nil {
+		return template{}, InvalidTemplateError{tmpl: tmpl, msg: err.Error()}
+	}
+
+	return template{
+		segments: segs,
+		verb:     verb,
+		template: tmpl,
+	}, nil
+}
+
+func tokenize(path string) (tokens []string, verb string) {
+	if path == "" {
+		return []string{eof}, ""
+	}
+
+	const (
+		init = iota
+		field
+		nested
+	)
+	var (
+		st = init
+	)
+	for path != "" {
+		var idx int
+		switch st {
+		case init:
+			idx = strings.IndexAny(path, "/{")
+		case field:
+			idx = strings.IndexAny(path, ".=}")
+		case nested:
+			idx = strings.IndexAny(path, "/}")
+		}
+		if idx < 0 {
+			tokens = append(tokens, path)
+			break
+		}
+		switch r := path[idx]; r {
+		case '/', '.':
+		case '{':
+			st = field
+		case '=':
+			st = nested
+		case '}':
+			st = init
+		}
+		if idx == 0 {
+			tokens = append(tokens, path[idx:idx+1])
+		} else {
+			tokens = append(tokens, path[:idx], path[idx:idx+1])
+		}
+		path = path[idx+1:]
+	}
+
+	l := len(tokens)
+	t := tokens[l-1]
+	if idx := strings.LastIndex(t, ":"); idx == 0 {
+		tokens, verb = tokens[:l-1], t[1:]
+	} else if idx > 0 {
+		tokens[l-1], verb = t[:idx], t[idx+1:]
+	}
+	tokens = append(tokens, eof)
+	return tokens, verb
+}
+
+// parser is a parser of the template syntax defined in github.com/googleapis/googleapis/google/api/http.proto.
+type parser struct {
+	tokens   []string
+	accepted []string
+}
+
+// topLevelSegments is the target of this parser.
+func (p *parser) topLevelSegments() ([]segment, error) {
+	if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+		logger.Debugf("Parsing %q", p.tokens)
+	}
+	segs, err := p.segments()
+	if err != nil {
+		return nil, err
+	}
+	if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+		logger.Debugf("accept segments: %q; %q", p.accepted, p.tokens)
+	}
+	if _, err := p.accept(typeEOF); err != nil {
+		return nil, fmt.Errorf("unexpected token %q after segments %q", p.tokens[0], strings.Join(p.accepted, ""))
+	}
+	if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+		logger.Debugf("accept eof: %q; %q", p.accepted, p.tokens)
+	}
+	return segs, nil
+}
+
+func (p *parser) segments() ([]segment, error) {
+	s, err := p.segment()
+	if err != nil {
+		return nil, err
+	}
+
+	if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+		logger.Debugf("accept segment: %q; %q", p.accepted, p.tokens)
+	}
+	segs := []segment{s}
+	for {
+		if _, err := p.accept("/"); err != nil {
+			return segs, nil
+		}
+		s, err := p.segment()
+		if err != nil {
+			return segs, err
+		}
+		segs = append(segs, s)
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("accept segment: %q; %q", p.accepted, p.tokens)
+		}
+	}
+}
+
+func (p *parser) segment() (segment, error) {
+	if _, err := p.accept("*"); err == nil {
+		return wildcard{}, nil
+	}
+	if _, err := p.accept("**"); err == nil {
+		return deepWildcard{}, nil
+	}
+	if l, err := p.literal(); err == nil {
+		return l, nil
+	}
+
+	v, err := p.variable()
+	if err != nil {
+		return nil, fmt.Errorf("segment neither wildcards, literal or variable: %v", err)
+	}
+	return v, err
+}
+
+func (p *parser) literal() (segment, error) {
+	lit, err := p.accept(typeLiteral)
+	if err != nil {
+		return nil, err
+	}
+	return literal(lit), nil
+}
+
+func (p *parser) variable() (segment, error) {
+	if _, err := p.accept("{"); err != nil {
+		return nil, err
+	}
+
+	path, err := p.fieldPath()
+	if err != nil {
+		return nil, err
+	}
+
+	var segs []segment
+	if _, err := p.accept("="); err == nil {
+		segs, err = p.segments()
+		if err != nil {
+			return nil, fmt.Errorf("invalid segment in variable %q: %v", path, err)
+		}
+	} else {
+		segs = []segment{wildcard{}}
+	}
+
+	if _, err := p.accept("}"); err != nil {
+		return nil, fmt.Errorf("unterminated variable segment: %s", path)
+	}
+	return variable{
+		path:     path,
+		segments: segs,
+	}, nil
+}
+
+func (p *parser) fieldPath() (string, error) {
+	c, err := p.accept(typeIdent)
+	if err != nil {
+		return "", err
+	}
+	components := []string{c}
+	for {
+		if _, err = p.accept("."); err != nil {
+			return strings.Join(components, "."), nil
+		}
+		c, err := p.accept(typeIdent)
+		if err != nil {
+			return "", fmt.Errorf("invalid field path component: %v", err)
+		}
+		components = append(components, c)
+	}
+}
+
+// A termType is a type of terminal symbols.
+type termType string
+
+// These constants define some of valid values of termType.
+// They improve readability of parse functions.
+//
+// You can also use "/", "*", "**", "." or "=" as valid values.
+const (
+	typeIdent   = termType("ident")
+	typeLiteral = termType("literal")
+	typeEOF     = termType("$")
+)
+
+const (
+	// eof is the terminal symbol which always appears at the end of token sequence.
+	eof = "\u0000"
+)
+
+// accept tries to accept a token in "p".
+// This function consumes a token and returns it if it matches to the specified "term".
+// If it doesn't match, the function does not consume any tokens and return an error.
+func (p *parser) accept(term termType) (string, error) {
+	t := p.tokens[0]
+	switch term {
+	case "/", "*", "**", ".", "=", "{", "}":
+		if t != string(term) && t != "/" {
+			return "", fmt.Errorf("expected %q but got %q", term, t)
+		}
+	case typeEOF:
+		if t != eof {
+			return "", fmt.Errorf("expected EOF but got %q", t)
+		}
+	case typeIdent:
+		if err := expectIdent(t); err != nil {
+			return "", err
+		}
+	case typeLiteral:
+		if err := expectPChars(t); err != nil {
+			return "", err
+		}
+	default:
+		return "", fmt.Errorf("unknown termType %q", term)
+	}
+	p.tokens = p.tokens[1:]
+	p.accepted = append(p.accepted, t)
+	return t, nil
+}
+
+// expectPChars determines if "t" consists of only pchars defined in RFC3986.
+//
+// https://www.ietf.org/rfc/rfc3986.txt, P.49
+//   pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
+//   unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
+//   sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
+//                 / "*" / "+" / "," / ";" / "="
+//   pct-encoded   = "%" HEXDIG HEXDIG
+func expectPChars(t string) error {
+	const (
+		init = iota
+		pct1
+		pct2
+	)
+	st := init
+	for _, r := range t {
+		if st != init {
+			if !isHexDigit(r) {
+				return fmt.Errorf("invalid hexdigit: %c(%U)", r, r)
+			}
+			switch st {
+			case pct1:
+				st = pct2
+			case pct2:
+				st = init
+			}
+			continue
+		}
+
+		// unreserved
+		switch {
+		case 'A' <= r && r <= 'Z':
+			continue
+		case 'a' <= r && r <= 'z':
+			continue
+		case '0' <= r && r <= '9':
+			continue
+		}
+		switch r {
+		case '-', '.', '_', '~':
+			// unreserved
+		case '!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '=':
+			// sub-delims
+		case ':', '@':
+			// rest of pchar
+		case '%':
+			// pct-encoded
+			st = pct1
+		default:
+			return fmt.Errorf("invalid character in path segment: %q(%U)", r, r)
+		}
+	}
+	if st != init {
+		return fmt.Errorf("invalid percent-encoding in %q", t)
+	}
+	return nil
+}
+
+// expectIdent determines if "ident" is a valid identifier in .proto schema ([[:alpha:]_][[:alphanum:]_]*).
+func expectIdent(ident string) error {
+	if ident == "" {
+		return fmt.Errorf("empty identifier")
+	}
+	for pos, r := range ident {
+		switch {
+		case '0' <= r && r <= '9':
+			if pos == 0 {
+				return fmt.Errorf("identifier starting with digit: %s", ident)
+			}
+			continue
+		case 'A' <= r && r <= 'Z':
+			continue
+		case 'a' <= r && r <= 'z':
+			continue
+		case r == '_':
+			continue
+		default:
+			return fmt.Errorf("invalid character %q(%U) in identifier: %s", r, r, ident)
+		}
+	}
+	return nil
+}
+
+func isHexDigit(r rune) bool {
+	switch {
+	case '0' <= r && r <= '9':
+		return true
+	case 'A' <= r && r <= 'F':
+		return true
+	case 'a' <= r && r <= 'f':
+		return true
+	}
+	return false
+}
--- a/api/router/util/parse_test.go
+++ b/api/router/util/parse_test.go
@@ -0,0 +1,321 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/parse_test.go
+
+import (
+	"flag"
+	"fmt"
+	"reflect"
+	"testing"
+
+	"github.com/micro/go-micro/v2/logger"
+)
+
+func TestTokenize(t *testing.T) {
+	for _, spec := range []struct {
+		src    string
+		tokens []string
+	}{
+		{
+			src:    "",
+			tokens: []string{eof},
+		},
+		{
+			src:    "v1",
+			tokens: []string{"v1", eof},
+		},
+		{
+			src:    "v1/b",
+			tokens: []string{"v1", "/", "b", eof},
+		},
+		{
+			src:    "v1/endpoint/*",
+			tokens: []string{"v1", "/", "endpoint", "/", "*", eof},
+		},
+		{
+			src:    "v1/endpoint/**",
+			tokens: []string{"v1", "/", "endpoint", "/", "**", eof},
+		},
+		{
+			src: "v1/b/{bucket_name=*}",
+			tokens: []string{
+				"v1", "/",
+				"b", "/",
+				"{", "bucket_name", "=", "*", "}",
+				eof,
+			},
+		},
+		{
+			src: "v1/b/{bucket_name=buckets/*}",
+			tokens: []string{
+				"v1", "/",
+				"b", "/",
+				"{", "bucket_name", "=", "buckets", "/", "*", "}",
+				eof,
+			},
+		},
+		{
+			src: "v1/b/{bucket_name=buckets/*}/o",
+			tokens: []string{
+				"v1", "/",
+				"b", "/",
+				"{", "bucket_name", "=", "buckets", "/", "*", "}", "/",
+				"o",
+				eof,
+			},
+		},
+		{
+			src: "v1/b/{bucket_name=buckets/*}/o/{name}",
+			tokens: []string{
+				"v1", "/",
+				"b", "/",
+				"{", "bucket_name", "=", "buckets", "/", "*", "}", "/",
+				"o", "/", "{", "name", "}",
+				eof,
+			},
+		},
+		{
+			src: "v1/a=b&c=d;e=f:g/endpoint.rdf",
+			tokens: []string{
+				"v1", "/",
+				"a=b&c=d;e=f:g", "/",
+				"endpoint.rdf",
+				eof,
+			},
+		},
+	} {
+		tokens, verb := tokenize(spec.src)
+		if got, want := tokens, spec.tokens; !reflect.DeepEqual(got, want) {
+			t.Errorf("tokenize(%q) = %q, _; want %q, _", spec.src, got, want)
+		}
+		if got, want := verb, ""; got != want {
+			t.Errorf("tokenize(%q) = _, %q; want _, %q", spec.src, got, want)
+		}
+
+		src := fmt.Sprintf("%s:%s", spec.src, "LOCK")
+		tokens, verb = tokenize(src)
+		if got, want := tokens, spec.tokens; !reflect.DeepEqual(got, want) {
+			t.Errorf("tokenize(%q) = %q, _; want %q, _", src, got, want)
+		}
+		if got, want := verb, "LOCK"; got != want {
+			t.Errorf("tokenize(%q) = _, %q; want _, %q", src, got, want)
+		}
+	}
+}
+
+func TestParseSegments(t *testing.T) {
+	flag.Set("v", "3")
+	for _, spec := range []struct {
+		tokens []string
+		want   []segment
+	}{
+		{
+			tokens: []string{"v1", eof},
+			want: []segment{
+				literal("v1"),
+			},
+		},
+		{
+			tokens: []string{"/", eof},
+			want: []segment{
+				wildcard{},
+			},
+		},
+		{
+			tokens: []string{"-._~!$&'()*+,;=:@", eof},
+			want: []segment{
+				literal("-._~!$&'()*+,;=:@"),
+			},
+		},
+		{
+			tokens: []string{"%e7%ac%ac%e4%b8%80%e7%89%88", eof},
+			want: []segment{
+				literal("%e7%ac%ac%e4%b8%80%e7%89%88"),
+			},
+		},
+		{
+			tokens: []string{"v1", "/", "*", eof},
+			want: []segment{
+				literal("v1"),
+				wildcard{},
+			},
+		},
+		{
+			tokens: []string{"v1", "/", "**", eof},
+			want: []segment{
+				literal("v1"),
+				deepWildcard{},
+			},
+		},
+		{
+			tokens: []string{"{", "name", "}", eof},
+			want: []segment{
+				variable{
+					path: "name",
+					segments: []segment{
+						wildcard{},
+					},
+				},
+			},
+		},
+		{
+			tokens: []string{"{", "name", "=", "*", "}", eof},
+			want: []segment{
+				variable{
+					path: "name",
+					segments: []segment{
+						wildcard{},
+					},
+				},
+			},
+		},
+		{
+			tokens: []string{"{", "field", ".", "nested", ".", "nested2", "=", "*", "}", eof},
+			want: []segment{
+				variable{
+					path: "field.nested.nested2",
+					segments: []segment{
+						wildcard{},
+					},
+				},
+			},
+		},
+		{
+			tokens: []string{"{", "name", "=", "a", "/", "b", "/", "*", "}", eof},
+			want: []segment{
+				variable{
+					path: "name",
+					segments: []segment{
+						literal("a"),
+						literal("b"),
+						wildcard{},
+					},
+				},
+			},
+		},
+		{
+			tokens: []string{
+				"v1", "/",
+				"{",
+				"name", ".", "nested", ".", "nested2",
+				"=",
+				"a", "/", "b", "/", "*",
+				"}", "/",
+				"o", "/",
+				"{",
+				"another_name",
+				"=",
+				"a", "/", "b", "/", "*", "/", "c",
+				"}", "/",
+				"**",
+				eof},
+			want: []segment{
+				literal("v1"),
+				variable{
+					path: "name.nested.nested2",
+					segments: []segment{
+						literal("a"),
+						literal("b"),
+						wildcard{},
+					},
+				},
+				literal("o"),
+				variable{
+					path: "another_name",
+					segments: []segment{
+						literal("a"),
+						literal("b"),
+						wildcard{},
+						literal("c"),
+					},
+				},
+				deepWildcard{},
+			},
+		},
+	} {
+		p := parser{tokens: spec.tokens}
+		segs, err := p.topLevelSegments()
+		if err != nil {
+			t.Errorf("parser{%q}.segments() failed with %v; want success", spec.tokens, err)
+			continue
+		}
+		if got, want := segs, spec.want; !reflect.DeepEqual(got, want) {
+			t.Errorf("parser{%q}.segments() = %#v; want %#v", spec.tokens, got, want)
+		}
+		if got := p.tokens; len(got) > 0 {
+			t.Errorf("p.tokens = %q; want []; spec.tokens=%q", got, spec.tokens)
+		}
+	}
+}
+
+func TestParseSegmentsWithErrors(t *testing.T) {
+	flag.Set("v", "3")
+	for _, spec := range []struct {
+		tokens []string
+	}{
+		{
+			// double slash
+			tokens: []string{"//", eof},
+		},
+		{
+			// invalid literal
+			tokens: []string{"a?b", eof},
+		},
+		{
+			// invalid percent-encoding
+			tokens: []string{"%", eof},
+		},
+		{
+			// invalid percent-encoding
+			tokens: []string{"%2", eof},
+		},
+		{
+			// invalid percent-encoding
+			tokens: []string{"a%2z", eof},
+		},
+		{
+			// empty segments
+			tokens: []string{eof},
+		},
+		{
+			// unterminated variable
+			tokens: []string{"{", "name", eof},
+		},
+		{
+			// unterminated variable
+			tokens: []string{"{", "name", "=", eof},
+		},
+		{
+			// unterminated variable
+			tokens: []string{"{", "name", "=", "*", eof},
+		},
+		{
+			// empty component in field path
+			tokens: []string{"{", "name", ".", "}", eof},
+		},
+		{
+			// empty component in field path
+			tokens: []string{"{", "name", ".", ".", "nested", "}", eof},
+		},
+		{
+			// invalid character in identifier
+			tokens: []string{"{", "field-name", "}", eof},
+		},
+		{
+			// no slash between segments
+			tokens: []string{"v1", "endpoint", eof},
+		},
+		{
+			// no slash between segments
+			tokens: []string{"v1", "{", "name", "}", eof},
+		},
+	} {
+		p := parser{tokens: spec.tokens}
+		segs, err := p.topLevelSegments()
+		if err == nil {
+			t.Errorf("parser{%q}.segments() succeeded; want InvalidTemplateError; accepted %#v", spec.tokens, segs)
+			continue
+		}
+		logger.Info(err)
+	}
+}
--- a/api/router/util/pattern.go
+++ b/api/router/util/pattern.go
@@ -0,0 +1,24 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/utilities/pattern.go
+
+// An OpCode is a opcode of compiled path patterns.
+type OpCode int
+
+// These constants are the valid values of OpCode.
+const (
+	// OpNop does nothing
+	OpNop = OpCode(iota)
+	// OpPush pushes a component to stack
+	OpPush
+	// OpLitPush pushes a component to stack if it matches to the literal
+	OpLitPush
+	// OpPushM concatenates the remaining components and pushes it to stack
+	OpPushM
+	// OpConcatN pops N items from stack, concatenates them and pushes it back to stack
+	OpConcatN
+	// OpCapture pops an item and binds it to the variable
+	OpCapture
+	// OpEnd is the least positive invalid opcode.
+	OpEnd
+)
--- a/api/router/util/runtime.go
+++ b/api/router/util/runtime.go
@@ -0,0 +1,283 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/runtime/pattern.go
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/micro/go-micro/v2/logger"
+)
+
+var (
+	// ErrNotMatch indicates that the given HTTP request path does not match to the pattern.
+	ErrNotMatch = errors.New("not match to the path pattern")
+	// ErrInvalidPattern indicates that the given definition of Pattern is not valid.
+	ErrInvalidPattern = errors.New("invalid pattern")
+)
+
+type rop struct {
+	code    OpCode
+	operand int
+}
+
+// Pattern is a template pattern of http request paths defined in github.com/googleapis/googleapis/google/api/http.proto.
+type Pattern struct {
+	// ops is a list of operations
+	ops []rop
+	// pool is a constant pool indexed by the operands or vars.
+	pool []string
+	// vars is a list of variables names to be bound by this pattern
+	vars []string
+	// stacksize is the max depth of the stack
+	stacksize int
+	// tailLen is the length of the fixed-size segments after a deep wildcard
+	tailLen int
+	// verb is the VERB part of the path pattern. It is empty if the pattern does not have VERB part.
+	verb string
+	// assumeColonVerb indicates whether a path suffix after a final
+	// colon may only be interpreted as a verb.
+	assumeColonVerb bool
+}
+
+type patternOptions struct {
+	assumeColonVerb bool
+}
+
+// PatternOpt is an option for creating Patterns.
+type PatternOpt func(*patternOptions)
+
+// NewPattern returns a new Pattern from the given definition values.
+// "ops" is a sequence of op codes. "pool" is a constant pool.
+// "verb" is the verb part of the pattern. It is empty if the pattern does not have the part.
+// "version" must be 1 for now.
+// It returns an error if the given definition is invalid.
+func NewPattern(version int, ops []int, pool []string, verb string, opts ...PatternOpt) (Pattern, error) {
+	options := patternOptions{
+		assumeColonVerb: true,
+	}
+	for _, o := range opts {
+		o(&options)
+	}
+
+	if version != 1 {
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("unsupported version: %d", version)
+		}
+		return Pattern{}, ErrInvalidPattern
+	}
+
+	l := len(ops)
+	if l%2 != 0 {
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Debugf("odd number of ops codes: %d", l)
+		}
+		return Pattern{}, ErrInvalidPattern
+	}
+
+	var (
+		typedOps        []rop
+		stack, maxstack int
+		tailLen         int
+		pushMSeen       bool
+		vars            []string
+	)
+	for i := 0; i < l; i += 2 {
+		op := rop{code: OpCode(ops[i]), operand: ops[i+1]}
+		switch op.code {
+		case OpNop:
+			continue
+		case OpPush:
+			if pushMSeen {
+				tailLen++
+			}
+			stack++
+		case OpPushM:
+			if pushMSeen {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debug("pushM appears twice")
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+			pushMSeen = true
+			stack++
+		case OpLitPush:
+			if op.operand < 0 || len(pool) <= op.operand {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("negative literal index: %d", op.operand)
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+			if pushMSeen {
+				tailLen++
+			}
+			stack++
+		case OpConcatN:
+			if op.operand <= 0 {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("negative concat size: %d", op.operand)
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+			stack -= op.operand
+			if stack < 0 {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debug("stack underflow")
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+			stack++
+		case OpCapture:
+			if op.operand < 0 || len(pool) <= op.operand {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debugf("variable name index out of bound: %d", op.operand)
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+			v := pool[op.operand]
+			op.operand = len(vars)
+			vars = append(vars, v)
+			stack--
+			if stack < 0 {
+				if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+					logger.Debug("stack underflow")
+				}
+				return Pattern{}, ErrInvalidPattern
+			}
+		default:
+			if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+				logger.Debugf("invalid opcode: %d", op.code)
+			}
+			return Pattern{}, ErrInvalidPattern
+		}
+
+		if maxstack < stack {
+			maxstack = stack
+		}
+		typedOps = append(typedOps, op)
+	}
+	return Pattern{
+		ops:             typedOps,
+		pool:            pool,
+		vars:            vars,
+		stacksize:       maxstack,
+		tailLen:         tailLen,
+		verb:            verb,
+		assumeColonVerb: options.assumeColonVerb,
+	}, nil
+}
+
+// MustPattern is a helper function which makes it easier to call NewPattern in variable initialization.
+func MustPattern(p Pattern, err error) Pattern {
+	if err != nil {
+		if logger.V(logger.DebugLevel, logger.DefaultLogger) {
+			logger.Fatalf("Pattern initialization failed: %v", err)
+		}
+	}
+	return p
+}
+
+// Match examines components if it matches to the Pattern.
+// If it matches, the function returns a mapping from field paths to their captured values.
+// If otherwise, the function returns an error.
+func (p Pattern) Match(components []string, verb string) (map[string]string, error) {
+	if p.verb != verb {
+		if p.assumeColonVerb || p.verb != "" {
+			return nil, ErrNotMatch
+		}
+		if len(components) == 0 {
+			components = []string{":" + verb}
+		} else {
+			components = append([]string{}, components...)
+			components[len(components)-1] += ":" + verb
+		}
+		verb = ""
+	}
+
+	var pos int
+	stack := make([]string, 0, p.stacksize)
+	captured := make([]string, len(p.vars))
+	l := len(components)
+	for _, op := range p.ops {
+		switch op.code {
+		case OpNop:
+			continue
+		case OpPush, OpLitPush:
+			if pos >= l {
+				return nil, ErrNotMatch
+			}
+			c := components[pos]
+			if op.code == OpLitPush {
+				if lit := p.pool[op.operand]; c != lit {
+					return nil, ErrNotMatch
+				}
+			}
+			stack = append(stack, c)
+			pos++
+		case OpPushM:
+			end := len(components)
+			if end < pos+p.tailLen {
+				return nil, ErrNotMatch
+			}
+			end -= p.tailLen
+			stack = append(stack, strings.Join(components[pos:end], "/"))
+			pos = end
+		case OpConcatN:
+			n := op.operand
+			l := len(stack) - n
+			stack = append(stack[:l], strings.Join(stack[l:], "/"))
+		case OpCapture:
+			n := len(stack) - 1
+			captured[op.operand] = stack[n]
+			stack = stack[:n]
+		}
+	}
+	if pos < l {
+		return nil, ErrNotMatch
+	}
+	bindings := make(map[string]string)
+	for i, val := range captured {
+		bindings[p.vars[i]] = val
+	}
+	return bindings, nil
+}
+
+// Verb returns the verb part of the Pattern.
+func (p Pattern) Verb() string { return p.verb }
+
+func (p Pattern) String() string {
+	var stack []string
+	for _, op := range p.ops {
+		switch op.code {
+		case OpNop:
+			continue
+		case OpPush:
+			stack = append(stack, "*")
+		case OpLitPush:
+			stack = append(stack, p.pool[op.operand])
+		case OpPushM:
+			stack = append(stack, "**")
+		case OpConcatN:
+			n := op.operand
+			l := len(stack) - n
+			stack = append(stack[:l], strings.Join(stack[l:], "/"))
+		case OpCapture:
+			n := len(stack) - 1
+			stack[n] = fmt.Sprintf("{%s=%s}", p.vars[op.operand], stack[n])
+		}
+	}
+	segs := strings.Join(stack, "/")
+	if p.verb != "" {
+		return fmt.Sprintf("/%s:%s", segs, p.verb)
+	}
+	return "/" + segs
+}
+
+// AssumeColonVerbOpt indicates whether a path suffix after a final
+// colon may only be interpreted as a verb.
+func AssumeColonVerbOpt(val bool) PatternOpt {
+	return PatternOpt(func(o *patternOptions) {
+		o.assumeColonVerb = val
+	})
+}
--- a/api/router/util/types.go
+++ b/api/router/util/types.go
@@ -0,0 +1,62 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/types.go
+
+import (
+	"fmt"
+	"strings"
+)
+
+type template struct {
+	segments []segment
+	verb     string
+	template string
+}
+
+type segment interface {
+	fmt.Stringer
+	compile() (ops []op)
+}
+
+type wildcard struct{}
+
+type deepWildcard struct{}
+
+type literal string
+
+type variable struct {
+	path     string
+	segments []segment
+}
+
+func (wildcard) String() string {
+	return "*"
+}
+
+func (deepWildcard) String() string {
+	return "**"
+}
+
+func (l literal) String() string {
+	return string(l)
+}
+
+func (v variable) String() string {
+	var segs []string
+	for _, s := range v.segments {
+		segs = append(segs, s.String())
+	}
+	return fmt.Sprintf("{%s=%s}", v.path, strings.Join(segs, "/"))
+}
+
+func (t template) String() string {
+	var segs []string
+	for _, s := range t.segments {
+		segs = append(segs, s.String())
+	}
+	str := strings.Join(segs, "/")
+	if t.verb != "" {
+		str = fmt.Sprintf("%s:%s", str, t.verb)
+	}
+	return "/" + str
+}
--- a/api/router/util/types_test.go
+++ b/api/router/util/types_test.go
@@ -0,0 +1,93 @@
+package util
+
+// download from https://raw.githubusercontent.com/grpc-ecosystem/grpc-gateway/master/protoc-gen-grpc-gateway/httprule/types_test.go
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestTemplateStringer(t *testing.T) {
+	for _, spec := range []struct {
+		segs []segment
+		want string
+	}{
+		{
+			segs: []segment{
+				literal("v1"),
+			},
+			want: "/v1",
+		},
+		{
+			segs: []segment{
+				wildcard{},
+			},
+			want: "/*",
+		},
+		{
+			segs: []segment{
+				deepWildcard{},
+			},
+			want: "/**",
+		},
+		{
+			segs: []segment{
+				variable{
+					path: "name",
+					segments: []segment{
+						literal("a"),
+					},
+				},
+			},
+			want: "/{name=a}",
+		},
+		{
+			segs: []segment{
+				variable{
+					path: "name",
+					segments: []segment{
+						literal("a"),
+						wildcard{},
+						literal("b"),
+					},
+				},
+			},
+			want: "/{name=a/*/b}",
+		},
+		{
+			segs: []segment{
+				literal("v1"),
+				variable{
+					path: "name",
+					segments: []segment{
+						literal("a"),
+						wildcard{},
+						literal("b"),
+					},
+				},
+				literal("c"),
+				variable{
+					path: "field.nested",
+					segments: []segment{
+						wildcard{},
+						literal("d"),
+					},
+				},
+				wildcard{},
+				literal("e"),
+				deepWildcard{},
+			},
+			want: "/v1/{name=a/*/b}/c/{field.nested=*/d}/*/e/**",
+		},
+	} {
+		tmpl := template{segments: spec.segs}
+		if got, want := tmpl.String(), spec.want; got != want {
+			t.Errorf("%#v.String() = %q; want %q", tmpl, got, want)
+		}
+
+		tmpl.verb = "LOCK"
+		if got, want := tmpl.String(), fmt.Sprintf("%s:LOCK", spec.want); got != want {
+			t.Errorf("%#v.String() = %q; want %q", tmpl, got, want)
+		}
+	}
+}
--- a/api/server/acme/certmagic/certmagic_test.go
+++ b/api/server/acme/certmagic/certmagic_test.go
@@ -1,228 +0,0 @@
-package certmagic
-
-import (
-	"net"
-	"net/http"
-	"os"
-	"reflect"
-	"sort"
-	"testing"
-	"time"
-
-	"github.com/go-acme/lego/v3/providers/dns/cloudflare"
-	"github.com/mholt/certmagic"
-	"github.com/micro/go-micro/v2/api/server/acme"
-	cfstore "github.com/micro/go-micro/v2/store/cloudflare"
-	"github.com/micro/go-micro/v2/sync/lock/memory"
-)
-
-func TestCertMagic(t *testing.T) {
-	if len(os.Getenv("IN_TRAVIS_CI")) != 0 {
-		t.Skip("Travis doesn't let us bind :443")
-	}
-	l, err := NewProvider().Listen()
-	if err != nil {
-		if _, ok := err.(*net.OpError); ok {
-			t.Skip("Run under non privileged user")
-		}
-		t.Fatal(err.Error())
-	}
-	l.Close()
-
-	c := cloudflare.NewDefaultConfig()
-	c.AuthEmail = ""
-	c.AuthKey = ""
-	c.AuthToken = "test"
-	c.ZoneToken = "test"
-
-	p, err := cloudflare.NewDNSProviderConfig(c)
-	if err != nil {
-		t.Fatal(err.Error())
-	}
-
-	l, err = NewProvider(acme.AcceptToS(true),
-		acme.CA(acme.LetsEncryptStagingCA),
-		acme.ChallengeProvider(p),
-	).Listen()
-
-	if err != nil {
-		t.Fatal(err.Error())
-	}
-	l.Close()
-}
-
-func TestStorageImplementation(t *testing.T) {
-	apiToken, accountID := os.Getenv("CF_API_TOKEN"), os.Getenv("CF_ACCOUNT_ID")
-	kvID := os.Getenv("KV_NAMESPACE_ID")
-	if len(apiToken) == 0 || len(accountID) == 0 || len(kvID) == 0 {
-		t.Skip("No Cloudflare API keys available, skipping test")
-	}
-
-	var s certmagic.Storage
-	st := cfstore.NewStore(
-		cfstore.Token(apiToken),
-		cfstore.Account(accountID),
-		cfstore.Namespace(kvID),
-	)
-	s = &storage{
-		lock:  memory.NewLock(),
-		store: st,
-	}
-
-	// Test Lock
-	if err := s.Lock("test"); err != nil {
-		t.Fatal(err)
-	}
-
-	// Test Unlock
-	if err := s.Unlock("test"); err != nil {
-		t.Fatal(err)
-	}
-
-	// Test data
-	testdata := []struct {
-		key   string
-		value []byte
-	}{
-		{key: "/foo/a", value: []byte("lorem")},
-		{key: "/foo/b", value: []byte("ipsum")},
-		{key: "/foo/c", value: []byte("dolor")},
-		{key: "/foo/d", value: []byte("sit")},
-		{key: "/bar/a", value: []byte("amet")},
-		{key: "/bar/b", value: []byte("consectetur")},
-		{key: "/bar/c", value: []byte("adipiscing")},
-		{key: "/bar/d", value: []byte("elit")},
-		{key: "/foo/bar/a", value: []byte("sed")},
-		{key: "/foo/bar/b", value: []byte("do")},
-		{key: "/foo/bar/c", value: []byte("eiusmod")},
-		{key: "/foo/bar/d", value: []byte("tempor")},
-		{key: "/foo/bar/baz/a", value: []byte("incididunt")},
-		{key: "/foo/bar/baz/b", value: []byte("ut")},
-		{key: "/foo/bar/baz/c", value: []byte("labore")},
-		{key: "/foo/bar/baz/d", value: []byte("et")},
-		// a duplicate just in case there's any edge cases
-		{key: "/foo/a", value: []byte("lorem")},
-	}
-
-	// Test Store
-	for _, d := range testdata {
-		if err := s.Store(d.key, d.value); err != nil {
-			t.Fatal(err.Error())
-		}
-	}
-
-	// Test Load
-	for _, d := range testdata {
-		if value, err := s.Load(d.key); err != nil {
-			t.Fatal(err.Error())
-		} else {
-			if !reflect.DeepEqual(value, d.value) {
-				t.Fatalf("Load %s: expected %v, got %v", d.key, d.value, value)
-			}
-		}
-	}
-
-	// Test Exists
-	for _, d := range testdata {
-		if !s.Exists(d.key) {
-			t.Fatalf("%s should exist, but doesn't\n", d.key)
-		}
-	}
-
-	// Test List
-	if list, err := s.List("/", true); err != nil {
-		t.Fatal(err.Error())
-	} else {
-		var expected []string
-		for i, d := range testdata {
-			if i != len(testdata)-1 {
-				// Don't store the intentionally duplicated key
-				expected = append(expected, d.key)
-			}
-		}
-		sort.Strings(expected)
-		sort.Strings(list)
-		if !reflect.DeepEqual(expected, list) {
-			t.Fatalf("List: Expected %v, got %v\n", expected, list)
-		}
-	}
-	if list, err := s.List("/foo", false); err != nil {
-		t.Fatal(err.Error())
-	} else {
-		sort.Strings(list)
-		expected := []string{"/foo/a", "/foo/b", "/foo/bar", "/foo/c", "/foo/d"}
-		if !reflect.DeepEqual(expected, list) {
-			t.Fatalf("List: expected %s, got %s\n", expected, list)
-		}
-	}
-
-	// Test Stat
-	for _, d := range testdata {
-		info, err := s.Stat(d.key)
-		if err != nil {
-			t.Fatal(err.Error())
-		} else {
-			if info.Key != d.key {
-				t.Fatalf("Stat().Key: expected %s, got %s\n", d.key, info.Key)
-			}
-			if info.Size != int64(len(d.value)) {
-				t.Fatalf("Stat().Size: expected %d, got %d\n", len(d.value), info.Size)
-			}
-			if time.Since(info.Modified) > time.Minute {
-				t.Fatalf("Stat().Modified: expected time since last modified to be < 1 minute, got %v\n", time.Since(info.Modified))
-			}
-		}
-
-	}
-
-	// Test Delete
-	for _, d := range testdata {
-		if err := s.Delete(d.key); err != nil {
-			t.Fatal(err.Error())
-		}
-	}
-
-	// New interface doesn't return an error, so call it in case any log.Fatal
-	// happens
-	NewProvider(acme.Cache(s))
-}
-
-// Full test with a real zone, with  against LE staging
-func TestE2e(t *testing.T) {
-	apiToken, accountID := os.Getenv("CF_API_TOKEN"), os.Getenv("CF_ACCOUNT_ID")
-	kvID := os.Getenv("KV_NAMESPACE_ID")
-	if len(apiToken) == 0 || len(accountID) == 0 || len(kvID) == 0 {
-		t.Skip("No Cloudflare API keys available, skipping test")
-	}
-
-	testLock := memory.NewLock()
-	testStore := cfstore.NewStore(
-		cfstore.Token(apiToken),
-		cfstore.Account(accountID),
-		cfstore.Namespace(kvID),
-	)
-	testStorage := NewStorage(testLock, testStore)
-
-	conf := cloudflare.NewDefaultConfig()
-	conf.AuthToken = apiToken
-	conf.ZoneToken = apiToken
-	testChallengeProvider, err := cloudflare.NewDNSProviderConfig(conf)
-	if err != nil {
-		t.Fatal(err.Error())
-	}
-
-	testProvider := NewProvider(
-		acme.AcceptToS(true),
-		acme.Cache(testStorage),
-		acme.CA(acme.LetsEncryptStagingCA),
-		acme.ChallengeProvider(testChallengeProvider),
-		acme.OnDemand(false),
-	)
-
-	listener, err := testProvider.Listen("*.micro.mu", "micro.mu")
-	if err != nil {
-		t.Fatal(err.Error())
-	}
-	go http.Serve(listener, http.NotFoundHandler())
-	time.Sleep(10 * time.Minute)
-}
--- a/api/server/acme/certmagic/storage.go
+++ b/api/server/acme/certmagic/storage.go
@@ -11,7 +11,7 @@ import (

 	"github.com/mholt/certmagic"
 	"github.com/micro/go-micro/v2/store"
-	"github.com/micro/go-micro/v2/sync/lock"
+	"github.com/micro/go-micro/v2/sync"
 )

 // File represents a "File" that will be stored in store.Store - the contents and last modified time
@@ -26,16 +26,16 @@ type File struct {
 // As certmagic storage expects a filesystem (with stat() abilities) we have to implement
 // the bare minimum of metadata.
 type storage struct {
-	lock  lock.Lock
+	lock  sync.Sync
 	store store.Store
 }

 func (s *storage) Lock(key string) error {
-	return s.lock.Acquire(key, lock.TTL(10*time.Minute))
+	return s.lock.Lock(key, sync.LockTTL(10*time.Minute))
 }

 func (s *storage) Unlock(key string) error {
-	return s.lock.Release(key)
+	return s.lock.Unlock(key)
 }

 func (s *storage) Store(key string, value []byte) error {
@@ -139,7 +139,7 @@ func (s *storage) Stat(key string) (certmagic.KeyInfo, error) {
 }

 // NewStorage returns a certmagic.Storage backed by a go-micro/lock and go-micro/store
-func NewStorage(lock lock.Lock, store store.Store) certmagic.Storage {
+func NewStorage(lock sync.Sync, store store.Store) certmagic.Storage {
 	return &storage{
 		lock:  lock,
 		store: store,
--- a/api/server/auth/auth.go
+++ b/api/server/auth/auth.go
@@ -1,79 +0,0 @@
-package auth
-
-import (
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
-
-	"github.com/micro/go-micro/v2/auth"
-)
-
-// CombinedAuthHandler wraps a server and authenticates requests
-func CombinedAuthHandler(h http.Handler) http.Handler {
-	return authHandler{
-		handler: h,
-		auth:    auth.DefaultAuth,
-	}
-}
-
-type authHandler struct {
-	handler http.Handler
-	auth    auth.Auth
-}
-
-func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	// Extract the token from the request
-	var token string
-	if header := req.Header.Get("Authorization"); len(header) > 0 {
-		// Extract the auth token from the request
-		if strings.HasPrefix(header, auth.BearerScheme) {
-			token = header[len(auth.BearerScheme):]
-		}
-	} else {
-		// Get the token out the cookies if not provided in headers
-		if c, err := req.Cookie("micro-token"); err == nil && c != nil {
-			token = strings.TrimPrefix(c.Value, auth.TokenCookieName+"=")
-			req.Header.Set("Authorization", auth.BearerScheme+token)
-		}
-	}
-
-	// Get the account using the token, fallback to a blank account
-	// since some endpoints can be unauthenticated, so the lack of an
-	// account doesn't necesserially mean a forbidden request
-	acc, err := h.auth.Inspect(token)
-	if err != nil {
-		acc = &auth.Account{}
-	}
-	err = h.auth.Verify(acc, &auth.Resource{
-		Type:     "service",
-		Name:     "go.micro.web",
-		Endpoint: req.URL.Path,
-	})
-
-	// The account has the necessary permissions to access the
-	// resource
-	if err == nil {
-		h.handler.ServeHTTP(w, req)
-		return
-	}
-
-	// The account is set, but they don't have enough permissions,
-	// hence we 403.
-	if len(acc.ID) > 0 {
-		w.WriteHeader(http.StatusForbidden)
-		return
-	}
-
-	// If there is no auth login url set, 401
-	loginURL := h.auth.Options().LoginURL
-	if loginURL == "" {
-		w.WriteHeader(http.StatusUnauthorized)
-		return
-	}
-
-	// Redirect to the login path
-	params := url.Values{"redirect_to": {req.URL.Path}}
-	loginWithRedirect := fmt.Sprintf("%v?%v", loginURL, params.Encode())
-	http.Redirect(w, req, loginWithRedirect, http.StatusTemporaryRedirect)
-}
--- a/api/server/http/http.go
+++ b/api/server/http/http.go
@@ -8,8 +8,6 @@ import (
 	"os"
 	"sync"

-	"github.com/micro/go-micro/v2/api/server/auth"
-
 	"github.com/gorilla/handlers"
 	"github.com/micro/go-micro/v2/api/server"
 	"github.com/micro/go-micro/v2/api/server/cors"
@@ -25,9 +23,14 @@ type httpServer struct {
 	exit    chan chan error
 }

-func NewServer(address string) server.Server {
+func NewServer(address string, opts ...server.Option) server.Server {
+	var options server.Options
+	for _, o := range opts {
+		o(&options)
+	}
+
 	return &httpServer{
-		opts:    server.Options{},
+		opts:    options,
 		mux:     http.NewServeMux(),
 		address: address,
 		exit:    make(chan chan error),
@@ -48,14 +51,22 @@ func (s *httpServer) Init(opts ...server.Option) error {
 }

 func (s *httpServer) Handle(path string, handler http.Handler) {
-	h := handlers.CombinedLoggingHandler(os.Stdout, handler)
-	h = auth.CombinedAuthHandler(handler)
+	// TODO: move this stuff out to one place with ServeHTTP

-	if s.opts.EnableCORS {
-		h = cors.CombinedCORSHandler(h)
+	// apply the wrappers, e.g. auth
+	for _, wrapper := range s.opts.Wrappers {
+		handler = wrapper(handler)
 	}

-	s.mux.Handle(path, h)
+	// wrap with cors
+	if s.opts.EnableCORS {
+		handler = cors.CombinedCORSHandler(handler)
+	}
+
+	// wrap with logger
+	handler = handlers.CombinedLoggingHandler(os.Stdout, handler)
+
+	s.mux.Handle(path, handler)
 }

 func (s *httpServer) Start() error {
--- a/api/server/options.go
+++ b/api/server/options.go
@@ -2,7 +2,9 @@ package server

 import (
 	"crypto/tls"
+	"net/http"

+	"github.com/micro/go-micro/v2/api/resolver"
 	"github.com/micro/go-micro/v2/api/server/acme"
 )

@@ -15,6 +17,16 @@ type Options struct {
 	EnableTLS    bool
 	ACMEHosts    []string
 	TLSConfig    *tls.Config
+	Resolver     resolver.Resolver
+	Wrappers     []Wrapper
+}
+
+type Wrapper func(h http.Handler) http.Handler
+
+func WrapHandler(w Wrapper) Option {
+	return func(o *Options) {
+		o.Wrappers = append(o.Wrappers, w)
+	}
 }

 func EnableCORS(b bool) Option {
@@ -52,3 +64,9 @@ func TLSConfig(t *tls.Config) Option {
 		o.TLSConfig = t
 	}
 }
+
+func Resolver(r resolver.Resolver) Option {
+	return func(o *Options) {
+		o.Resolver = r
+	}
+}
--- a/api/service/proto/api.pb.micro.go
+++ b/api/service/proto/api.pb.micro.go
@@ -11,6 +11,7 @@ import (

 import (
 	context "context"
+	api "github.com/micro/go-micro/v2/api"
 	client "github.com/micro/go-micro/v2/client"
 	server "github.com/micro/go-micro/v2/server"
 )
@@ -27,10 +28,17 @@ var _ = math.Inf
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package

 // Reference imports to suppress errors if they are not otherwise used.
+var _ api.Endpoint
 var _ context.Context
 var _ client.Option
 var _ server.Option

+// Api Endpoints for Api service
+
+func NewApiEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
 // Client API for Api service

 type ApiService interface {
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -3,12 +3,8 @@ package auth

 import (
 	"context"
-	"encoding/json"
 	"errors"
-	"fmt"
 	"time"
-
-	"github.com/micro/go-micro/v2/metadata"
 )

 var (
@@ -22,8 +18,6 @@ var (
 	ErrInvalidRole = errors.New("invalid role")
 	// ErrForbidden is returned when a user does not have the necessary roles to access a resource
 	ErrForbidden = errors.New("resource forbidden")
-	// BearerScheme used for Authorization header
-	BearerScheme = "Bearer "
 )

 // Auth providers authentication and authorization
@@ -42,8 +36,8 @@ type Auth interface {
 	Verify(acc *Account, res *Resource) error
 	// Inspect a token
 	Inspect(token string) (*Account, error)
-	// Token generated using an account ID and secret
-	Token(id, secret string, opts ...TokenOption) (*Token, error)
+	// Token generated using refresh token
+	Token(opts ...TokenOption) (*Token, error)
 	// String returns the name of the implementation
 	String() string
 }
@@ -51,89 +45,66 @@ type Auth interface {
 // Resource is an entity such as a user or
 type Resource struct {
 	// Name of the resource
-	Name string
+	Name string `json:"name"`
 	// Type of resource, e.g.
-	Type string
+	Type string `json:"type"`
 	// Endpoint resource e.g NotesService.Create
-	Endpoint string
+	Endpoint string `json:"endpoint"`
+	// Namespace the resource belongs to
+	Namespace string `json:"namespace"`
 }

 // Account provided by an auth provider
 type Account struct {
-	// ID of the account (UUIDV4, email or username)
+	// ID of the account e.g. email
 	ID string `json:"id"`
-	// Secret used to renew the account
-	Secret string `json:"secret"`
+	// Type of the account, e.g. service
+	Type string `json:"type"`
+	// Provider who issued the account
+	Provider string `json:"provider"`
 	// Roles associated with the Account
 	Roles []string `json:"roles"`
 	// Any other associated metadata
 	Metadata map[string]string `json:"metadata"`
-	// Namespace the account belongs to, default blank
+	// Namespace the account belongs to
 	Namespace string `json:"namespace"`
+	// Secret for the account, e.g. the password
+	Secret string `json:"secret"`
 }

 // Token can be short or long lived
 type Token struct {
-	// The token itself
-	Token string `json:"token"`
-	// Type of token, e.g. JWT
-	Type string `json:"type"`
+	// The token to be used for accessing resources
+	AccessToken string `json:"access_token"`
+	// RefreshToken to be used to generate a new token
+	RefreshToken string `json:"refresh_token"`
 	// Time of token creation
 	Created time.Time `json:"created"`
 	// Time of token expiry
 	Expiry time.Time `json:"expiry"`
-	// Subject of the token, e.g. the account ID
-	Subject string `json:"subject"`
-	// Roles granted to the token
-	Roles []string `json:"roles"`
-	// Metadata embedded in the token
-	Metadata map[string]string `json:"metadata"`
-	// Namespace the token belongs to
-	Namespace string `json:"namespace"`
 }

 const (
-	// MetadataKey is the key used when storing the account in metadata
-	MetadataKey = "auth-account"
+	// DefaultNamespace used for auth
+	DefaultNamespace = "go.micro"
 	// TokenCookieName is the name of the cookie which stores the auth token
 	TokenCookieName = "micro-token"
-	// SecretCookieName is the name of the cookie which stores the auth secret
-	SecretCookieName = "micro-secret"
+	// BearerScheme used for Authorization header
+	BearerScheme = "Bearer "
 )

+type accountKey struct{}
+
 // AccountFromContext gets the account from the context, which
 // is set by the auth wrapper at the start of a call. If the account
 // is not set, a nil account will be returned. The error is only returned
 // when there was a problem retrieving an account
-func AccountFromContext(ctx context.Context) (*Account, error) {
-	str, ok := metadata.Get(ctx, MetadataKey)
-	// there was no account set
-	if !ok {
-		return nil, nil
-	}
-
-	var acc *Account
-	// metadata is stored as a string, so unmarshal to an account
-	if err := json.Unmarshal([]byte(str), &acc); err != nil {
-		return nil, err
-	}
-
-	return acc, nil
+func AccountFromContext(ctx context.Context) (*Account, bool) {
+	acc, ok := ctx.Value(accountKey{}).(*Account)
+	return acc, ok
 }

 // ContextWithAccount sets the account in the context
-func ContextWithAccount(ctx context.Context, account *Account) (context.Context, error) {
-	// metadata is stored as a string, so marshal to bytes
-	bytes, err := json.Marshal(account)
-	if err != nil {
-		return ctx, err
-	}
-
-	// generate a new context with the MetadataKey set
-	return metadata.Set(ctx, MetadataKey, string(bytes)), nil
-}
-
-// ContextWithToken sets the auth token in the context
-func ContextWithToken(ctx context.Context, token string) context.Context {
-	return metadata.Set(ctx, "Authorization", fmt.Sprintf("%v%v", BearerScheme, token))
+func ContextWithAccount(ctx context.Context, account *Account) context.Context {
+	return context.WithValue(ctx, accountKey{}, account)
 }
--- a/auth/default.go
+++ b/auth/default.go
@@ -2,6 +2,7 @@ package auth

 import (
 	"github.com/google/uuid"
+	"github.com/micro/go-micro/v2/auth/provider/basic"
 )

 var (
@@ -9,7 +10,17 @@ var (
 )

 func NewAuth(opts ...Option) Auth {
-	return &noop{}
+	options := Options{
+		Provider: basic.NewProvider(),
+	}
+
+	for _, o := range opts {
+		o(&options)
+	}
+
+	return &noop{
+		opts: options,
+	}
 }

 type noop struct {
@@ -38,10 +49,11 @@ func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
 	options := NewGenerateOptions(opts...)

 	return &Account{
-		ID:       id,
-		Roles:    options.Roles,
-		Metadata: options.Metadata,
-		Secret:   uuid.New().String(),
+		ID:        id,
+		Roles:     options.Roles,
+		Secret:    options.Secret,
+		Metadata:  options.Metadata,
+		Namespace: DefaultNamespace,
 	}, nil
 }

@@ -63,11 +75,12 @@ func (n *noop) Verify(acc *Account, res *Resource) error {
 // Inspect a token
 func (n *noop) Inspect(token string) (*Account, error) {
 	return &Account{
-		ID: uuid.New().String(),
+		ID:        uuid.New().String(),
+		Namespace: DefaultNamespace,
 	}, nil
 }

 // Token generation using an account id and secret
-func (n *noop) Token(id, secret string, opts ...TokenOption) (*Token, error) {
+func (n *noop) Token(opts ...TokenOption) (*Token, error) {
 	return &Token{}, nil
 }
--- a/auth/jwt/jwt.go
+++ b/auth/jwt/jwt.go
@@ -0,0 +1,190 @@
+package jwt
+
+import (
+	"sync"
+
+	"github.com/micro/go-micro/v2/auth"
+	"github.com/micro/go-micro/v2/auth/token"
+	jwtToken "github.com/micro/go-micro/v2/auth/token/jwt"
+)
+
+// NewAuth returns a new instance of the Auth service
+func NewAuth(opts ...auth.Option) auth.Auth {
+	j := new(jwt)
+	j.Init(opts...)
+	return j
+}
+
+type rule struct {
+	role     string
+	resource *auth.Resource
+}
+
+type jwt struct {
+	options auth.Options
+	jwt     token.Provider
+	rules   []*rule
+
+	sync.Mutex
+}
+
+func (j *jwt) String() string {
+	return "jwt"
+}
+
+func (j *jwt) Init(opts ...auth.Option) {
+	j.Lock()
+	defer j.Unlock()
+
+	for _, o := range opts {
+		o(&j.options)
+	}
+
+	if len(j.options.Namespace) == 0 {
+		j.options.Namespace = auth.DefaultNamespace
+	}
+
+	j.jwt = jwtToken.NewTokenProvider(
+		token.WithPrivateKey(j.options.PrivateKey),
+		token.WithPublicKey(j.options.PublicKey),
+	)
+}
+
+func (j *jwt) Options() auth.Options {
+	j.Lock()
+	defer j.Unlock()
+	return j.options
+}
+
+func (j *jwt) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, error) {
+	options := auth.NewGenerateOptions(opts...)
+	account := &auth.Account{
+		ID:        id,
+		Type:      options.Type,
+		Roles:     options.Roles,
+		Provider:  options.Provider,
+		Metadata:  options.Metadata,
+		Namespace: options.Namespace,
+	}
+
+	// generate a JWT secret which can be provided to the Token() method
+	// and exchanged for an access token
+	secret, err := j.jwt.Generate(account)
+	if err != nil {
+		return nil, err
+	}
+	account.Secret = secret.Token
+
+	// return the account
+	return account, nil
+}
+
+func (j *jwt) Grant(role string, res *auth.Resource) error {
+	j.Lock()
+	defer j.Unlock()
+	j.rules = append(j.rules, &rule{role, res})
+	return nil
+}
+
+func (j *jwt) Revoke(role string, res *auth.Resource) error {
+	j.Lock()
+	defer j.Unlock()
+
+	rules := make([]*rule, 0, len(j.rules))
+
+	var ruleFound bool
+	for _, r := range rules {
+		if r.role == role && r.resource == res {
+			ruleFound = true
+		} else {
+			rules = append(rules, r)
+		}
+	}
+
+	if !ruleFound {
+		return auth.ErrNotFound
+	}
+
+	j.rules = rules
+	return nil
+}
+
+func (j *jwt) Verify(acc *auth.Account, res *auth.Resource) error {
+	j.Lock()
+	if len(res.Namespace) == 0 {
+		res.Namespace = j.options.Namespace
+	}
+	rules := j.rules
+	j.Unlock()
+
+	for _, rule := range rules {
+		// validate the rule applies to the requested resource
+		if rule.resource.Namespace != "*" && rule.resource.Namespace != res.Namespace {
+			continue
+		}
+		if rule.resource.Type != "*" && rule.resource.Type != res.Type {
+			continue
+		}
+		if rule.resource.Name != "*" && rule.resource.Name != res.Name {
+			continue
+		}
+		if rule.resource.Endpoint != "*" && rule.resource.Endpoint != res.Endpoint {
+			continue
+		}
+
+		// a blank role indicates anyone can access the resource, even without an account
+		if rule.role == "" {
+			return nil
+		}
+
+		// all furter checks require an account
+		if acc == nil {
+			continue
+		}
+
+		// this rule allows any account access, allow the request
+		if rule.role == "*" {
+			return nil
+		}
+
+		// if the account has the necessary role, allow the request
+		for _, r := range acc.Roles {
+			if r == rule.role {
+				return nil
+			}
+		}
+	}
+
+	// no rules matched, forbid the request
+	return auth.ErrForbidden
+}
+
+func (j *jwt) Inspect(token string) (*auth.Account, error) {
+	return j.jwt.Inspect(token)
+}
+
+func (j *jwt) Token(opts ...auth.TokenOption) (*auth.Token, error) {
+	options := auth.NewTokenOptions(opts...)
+
+	secret := options.RefreshToken
+	if len(options.Secret) > 0 {
+		secret = options.Secret
+	}
+
+	account, err := j.jwt.Inspect(secret)
+	if err != nil {
+		return nil, err
+	}
+
+	tok, err := j.jwt.Generate(account, token.WithExpiry(options.Expiry))
+	if err != nil {
+		return nil, err
+	}
+
+	return &auth.Token{
+		Created:      tok.Created,
+		Expiry:       tok.Expiry,
+		AccessToken:  tok.Token,
+		RefreshToken: tok.Token,
+	}, nil
+}
--- a/auth/options.go
+++ b/auth/options.go
@@ -7,12 +7,31 @@ import (
 	"github.com/micro/go-micro/v2/store"
 )

+func NewOptions(opts ...Option) Options {
+	var options Options
+	for _, o := range opts {
+		o(&options)
+	}
+
+	if len(options.Namespace) == 0 {
+		options.Namespace = DefaultNamespace
+	}
+
+	return options
+}
+
 type Options struct {
-	// Token is an auth token
-	Token string
-	// Public key base64 encoded
+	// Namespace the service belongs to
+	Namespace string
+	// ID is the services auth ID
+	ID string
+	// Secret is used to authenticate the service
+	Secret string
+	// Token is the services token used to authenticate itself
+	Token *Token
+	// PublicKey for decoding JWTs
 	PublicKey string
-	// Private key base64 encoded
+	// PrivateKey for encoding JWTs
 	PrivateKey string
 	// Provider is an auth provider
 	Provider provider.Provider
@@ -24,6 +43,13 @@ type Options struct {

 type Option func(o *Options)

+// Namespace the service belongs to
+func Namespace(n string) Option {
+	return func(o *Options) {
+		o.Namespace = n
+	}
+}
+
 // Store to back auth
 func Store(s store.Store) Option {
 	return func(o *Options) {
@@ -45,10 +71,18 @@ func PrivateKey(key string) Option {
 	}
 }

-// ServiceToken sets an auth token
-func ServiceToken(t string) Option {
+// Credentials sets the auth credentials
+func Credentials(id, secret string) Option {
 	return func(o *Options) {
-		o.Token = t
+		o.ID = id
+		o.Secret = secret
+	}
+}
+
+// ClientToken sets the auth token to use when making requests
+func ClientToken(token *Token) Option {
+	return func(o *Options) {
+		o.Token = token
 	}
 }

@@ -73,10 +107,30 @@ type GenerateOptions struct {
 	Roles []string
 	// Namespace the account belongs too
 	Namespace string
+	// Provider of the account, e.g. oauth
+	Provider string
+	// Type of the account, e.g. user
+	Type string
+	// Secret used to authenticate the account
+	Secret string
 }

 type GenerateOption func(o *GenerateOptions)

+// WithSecret for the generated account
+func WithSecret(s string) GenerateOption {
+	return func(o *GenerateOptions) {
+		o.Secret = s
+	}
+}
+
+// WithType for the generated account
+func WithType(t string) GenerateOption {
+	return func(o *GenerateOptions) {
+		o.Type = t
+	}
+}
+
 // WithMetadata for the generated account
 func WithMetadata(md map[string]string) GenerateOption {
 	return func(o *GenerateOptions) {
@@ -98,6 +152,13 @@ func WithNamespace(n string) GenerateOption {
 	}
 }

+// WithProvider for the generated account
+func WithProvider(p string) GenerateOption {
+	return func(o *GenerateOptions) {
+		o.Provider = p
+	}
+}
+
 // NewGenerateOptions from a slice of options
 func NewGenerateOptions(opts ...GenerateOption) GenerateOptions {
 	var options GenerateOptions
@@ -108,16 +169,35 @@ func NewGenerateOptions(opts ...GenerateOption) GenerateOptions {
 }

 type TokenOptions struct {
-	// TokenExpiry is the time the token should live for
-	TokenExpiry time.Duration
+	// ID for the account
+	ID string
+	// Secret for the account
+	Secret string
+	// RefreshToken is used to refesh a token
+	RefreshToken string
+	// Expiry is the time the token should live for
+	Expiry time.Duration
 }

 type TokenOption func(o *TokenOptions)

-// WithTokenExpiry for the token
-func WithTokenExpiry(ex time.Duration) TokenOption {
+// WithExpiry for the token
+func WithExpiry(ex time.Duration) TokenOption {
 	return func(o *TokenOptions) {
-		o.TokenExpiry = ex
+		o.Expiry = ex
+	}
+}
+
+func WithCredentials(id, secret string) TokenOption {
+	return func(o *TokenOptions) {
+		o.ID = id
+		o.Secret = secret
+	}
+}
+
+func WithToken(rt string) TokenOption {
+	return func(o *TokenOptions) {
+		o.RefreshToken = rt
 	}
 }

@@ -129,8 +209,8 @@ func NewTokenOptions(opts ...TokenOption) TokenOptions {
 	}

 	// set defualt expiry of token
-	if options.TokenExpiry == 0 {
-		options.TokenExpiry = time.Minute
+	if options.Expiry == 0 {
+		options.Expiry = time.Minute
 	}

 	return options
--- a/auth/provider/basic/basic.go
+++ b/auth/provider/basic/basic.go
@@ -25,7 +25,7 @@ func (b *basic) Options() provider.Options {
 	return b.opts
 }

-func (b *basic) Endpoint() string {
+func (b *basic) Endpoint(...provider.EndpointOption) string {
 	return ""
 }

--- a/auth/provider/oauth/oauth.go
+++ b/auth/provider/oauth/oauth.go
@@ -3,7 +3,6 @@ package oauth
 import (
 	"fmt"
 	"net/url"
-	"strings"

 	"github.com/micro/go-micro/v2/auth/provider"
 )
@@ -29,17 +28,29 @@ func (o *oauth) Options() provider.Options {
 	return o.opts
 }

-func (o *oauth) Endpoint() string {
+func (o *oauth) Endpoint(opts ...provider.EndpointOption) string {
+	var options provider.EndpointOptions
+	for _, o := range opts {
+		o(&options)
+	}
+
 	params := make(url.Values)
 	params.Add("response_type", "code")

+	if len(options.State) > 0 {
+		params.Add("state", options.State)
+	}
+
+	if len(options.LoginHint) > 0 {
+		params.Add("login_hint", options.LoginHint)
+	}
+
 	if clientID := o.opts.ClientID; len(clientID) > 0 {
 		params.Add("client_id", clientID)
 	}

 	if scope := o.opts.Scope; len(scope) > 0 {
-		// spaces are url encoded since this cannot be passed in env vars
-		params.Add("scope", strings.ReplaceAll(scope, "%20", " "))
+		params.Add("scope", scope)
 	}

 	if redir := o.Redirect(); len(redir) > 0 {
--- a/auth/provider/provider.go
+++ b/auth/provider/provider.go
@@ -12,7 +12,7 @@ type Provider interface {
 	// Options returns the options of a provider
 	Options() Options
 	// Endpoint for the provider
-	Endpoint() string
+	Endpoint(...EndpointOption) string
 	// Redirect url incase of UI
 	Redirect() string
 }
@@ -26,3 +26,24 @@ type Grant struct {
 	// Scopes associated with grant
 	Scopes []string
 }
+
+type EndpointOptions struct {
+	// State is a code to verify the req
+	State string
+	// LoginHint prefils the user id on oauth clients
+	LoginHint string
+}
+
+type EndpointOption func(*EndpointOptions)
+
+func WithState(c string) EndpointOption {
+	return func(o *EndpointOptions) {
+		o.State = c
+	}
+}
+
+func WithLoginHint(hint string) EndpointOption {
+	return func(o *EndpointOptions) {
+		o.LoginHint = hint
+	}
+}
--- a/auth/service/proto/auth.pb.go
+++ b/auth/service/proto/auth.pb.go
@@ -1,11 +1,15 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
-// source: github.com/micro/go-micro/auth/service/proto/auth.proto
+// source: auth/service/proto/auth.proto

 package go_micro_auth

 import (
+	context "context"
 	fmt "fmt"
 	proto "github.com/golang/protobuf/proto"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
 	math "math"
 )

@@ -45,7 +49,7 @@ func (x Access) String() string {
 }

 func (Access) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{0}
+	return fileDescriptor_21300bfacc51fc2a, []int{0}
 }

 type ListAccountsRequest struct {
@@ -58,7 +62,7 @@ func (m *ListAccountsRequest) Reset()         { *m = ListAccountsRequest{} }
 func (m *ListAccountsRequest) String() string { return proto.CompactTextString(m) }
 func (*ListAccountsRequest) ProtoMessage()    {}
 func (*ListAccountsRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{0}
+	return fileDescriptor_21300bfacc51fc2a, []int{0}
 }

 func (m *ListAccountsRequest) XXX_Unmarshal(b []byte) error {
@@ -90,7 +94,7 @@ func (m *ListAccountsResponse) Reset()         { *m = ListAccountsResponse{} }
 func (m *ListAccountsResponse) String() string { return proto.CompactTextString(m) }
 func (*ListAccountsResponse) ProtoMessage()    {}
 func (*ListAccountsResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{1}
+	return fileDescriptor_21300bfacc51fc2a, []int{1}
 }

 func (m *ListAccountsResponse) XXX_Unmarshal(b []byte) error {
@@ -119,24 +123,20 @@ func (m *ListAccountsResponse) GetAccounts() []*Account {
 }

 type Token struct {
-	Token                string            `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
-	Type                 string            `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
-	Created              int64             `protobuf:"varint,3,opt,name=created,proto3" json:"created,omitempty"`
-	Expiry               int64             `protobuf:"varint,4,opt,name=expiry,proto3" json:"expiry,omitempty"`
-	Subject              string            `protobuf:"bytes,5,opt,name=subject,proto3" json:"subject,omitempty"`
-	Roles                []string          `protobuf:"bytes,6,rep,name=roles,proto3" json:"roles,omitempty"`
-	Metadata             map[string]string `protobuf:"bytes,7,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	Namespace            string            `protobuf:"bytes,8,opt,name=namespace,proto3" json:"namespace,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
-	XXX_unrecognized     []byte            `json:"-"`
-	XXX_sizecache        int32             `json:"-"`
+	AccessToken          string   `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
+	RefreshToken         string   `protobuf:"bytes,2,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
+	Created              int64    `protobuf:"varint,3,opt,name=created,proto3" json:"created,omitempty"`
+	Expiry               int64    `protobuf:"varint,4,opt,name=expiry,proto3" json:"expiry,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
 }

 func (m *Token) Reset()         { *m = Token{} }
 func (m *Token) String() string { return proto.CompactTextString(m) }
 func (*Token) ProtoMessage()    {}
 func (*Token) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{2}
+	return fileDescriptor_21300bfacc51fc2a, []int{2}
 }

 func (m *Token) XXX_Unmarshal(b []byte) error {
@@ -157,16 +157,16 @@ func (m *Token) XXX_DiscardUnknown() {

 var xxx_messageInfo_Token proto.InternalMessageInfo

-func (m *Token) GetToken() string {
+func (m *Token) GetAccessToken() string {
 	if m != nil {
-		return m.Token
+		return m.AccessToken
 	}
 	return ""
 }

-func (m *Token) GetType() string {
+func (m *Token) GetRefreshToken() string {
 	if m != nil {
-		return m.Type
+		return m.RefreshToken
 	}
 	return ""
 }
@@ -185,40 +185,14 @@ func (m *Token) GetExpiry() int64 {
 	return 0
 }

-func (m *Token) GetSubject() string {
-	if m != nil {
-		return m.Subject
-	}
-	return ""
-}
-
-func (m *Token) GetRoles() []string {
-	if m != nil {
-		return m.Roles
-	}
-	return nil
-}
-
-func (m *Token) GetMetadata() map[string]string {
-	if m != nil {
-		return m.Metadata
-	}
-	return nil
-}
-
-func (m *Token) GetNamespace() string {
-	if m != nil {
-		return m.Namespace
-	}
-	return ""
-}
-
 type Account struct {
 	Id                   string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Secret               string            `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
+	Type                 string            `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
 	Roles                []string          `protobuf:"bytes,3,rep,name=roles,proto3" json:"roles,omitempty"`
 	Metadata             map[string]string `protobuf:"bytes,4,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	Namespace            string            `protobuf:"bytes,5,opt,name=namespace,proto3" json:"namespace,omitempty"`
+	Provider             string            `protobuf:"bytes,6,opt,name=provider,proto3" json:"provider,omitempty"`
+	Secret               string            `protobuf:"bytes,7,opt,name=secret,proto3" json:"secret,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
 	XXX_unrecognized     []byte            `json:"-"`
 	XXX_sizecache        int32             `json:"-"`
@@ -228,7 +202,7 @@ func (m *Account) Reset()         { *m = Account{} }
 func (m *Account) String() string { return proto.CompactTextString(m) }
 func (*Account) ProtoMessage()    {}
 func (*Account) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{3}
+	return fileDescriptor_21300bfacc51fc2a, []int{3}
 }

 func (m *Account) XXX_Unmarshal(b []byte) error {
@@ -256,9 +230,9 @@ func (m *Account) GetId() string {
 	return ""
 }

-func (m *Account) GetSecret() string {
+func (m *Account) GetType() string {
 	if m != nil {
-		return m.Secret
+		return m.Type
 	}
 	return ""
 }
@@ -284,10 +258,25 @@ func (m *Account) GetNamespace() string {
 	return ""
 }

+func (m *Account) GetProvider() string {
+	if m != nil {
+		return m.Provider
+	}
+	return ""
+}
+
+func (m *Account) GetSecret() string {
+	if m != nil {
+		return m.Secret
+	}
+	return ""
+}
+
 type Resource struct {
 	Name                 string   `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	Type                 string   `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"`
 	Endpoint             string   `protobuf:"bytes,3,opt,name=endpoint,proto3" json:"endpoint,omitempty"`
+	Namespace            string   `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -297,7 +286,7 @@ func (m *Resource) Reset()         { *m = Resource{} }
 func (m *Resource) String() string { return proto.CompactTextString(m) }
 func (*Resource) ProtoMessage()    {}
 func (*Resource) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{4}
+	return fileDescriptor_21300bfacc51fc2a, []int{4}
 }

 func (m *Resource) XXX_Unmarshal(b []byte) error {
@@ -339,11 +328,21 @@ func (m *Resource) GetEndpoint() string {
 	return ""
 }

+func (m *Resource) GetNamespace() string {
+	if m != nil {
+		return m.Namespace
+	}
+	return ""
+}
+
 type GenerateRequest struct {
 	Id                   string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
 	Roles                []string          `protobuf:"bytes,2,rep,name=roles,proto3" json:"roles,omitempty"`
 	Metadata             map[string]string `protobuf:"bytes,3,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	Namespace            string            `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
+	Secret               string            `protobuf:"bytes,5,opt,name=secret,proto3" json:"secret,omitempty"`
+	Type                 string            `protobuf:"bytes,6,opt,name=type,proto3" json:"type,omitempty"`
+	Provider             string            `protobuf:"bytes,7,opt,name=provider,proto3" json:"provider,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
 	XXX_unrecognized     []byte            `json:"-"`
 	XXX_sizecache        int32             `json:"-"`
@@ -353,7 +352,7 @@ func (m *GenerateRequest) Reset()         { *m = GenerateRequest{} }
 func (m *GenerateRequest) String() string { return proto.CompactTextString(m) }
 func (*GenerateRequest) ProtoMessage()    {}
 func (*GenerateRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{5}
+	return fileDescriptor_21300bfacc51fc2a, []int{5}
 }

 func (m *GenerateRequest) XXX_Unmarshal(b []byte) error {
@@ -402,6 +401,27 @@ func (m *GenerateRequest) GetNamespace() string {
 	return ""
 }

+func (m *GenerateRequest) GetSecret() string {
+	if m != nil {
+		return m.Secret
+	}
+	return ""
+}
+
+func (m *GenerateRequest) GetType() string {
+	if m != nil {
+		return m.Type
+	}
+	return ""
+}
+
+func (m *GenerateRequest) GetProvider() string {
+	if m != nil {
+		return m.Provider
+	}
+	return ""
+}
+
 type GenerateResponse struct {
 	Account              *Account `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
@@ -413,7 +433,7 @@ func (m *GenerateResponse) Reset()         { *m = GenerateResponse{} }
 func (m *GenerateResponse) String() string { return proto.CompactTextString(m) }
 func (*GenerateResponse) ProtoMessage()    {}
 func (*GenerateResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{6}
+	return fileDescriptor_21300bfacc51fc2a, []int{6}
 }

 func (m *GenerateResponse) XXX_Unmarshal(b []byte) error {
@@ -453,7 +473,7 @@ func (m *GrantRequest) Reset()         { *m = GrantRequest{} }
 func (m *GrantRequest) String() string { return proto.CompactTextString(m) }
 func (*GrantRequest) ProtoMessage()    {}
 func (*GrantRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{7}
+	return fileDescriptor_21300bfacc51fc2a, []int{7}
 }

 func (m *GrantRequest) XXX_Unmarshal(b []byte) error {
@@ -498,7 +518,7 @@ func (m *GrantResponse) Reset()         { *m = GrantResponse{} }
 func (m *GrantResponse) String() string { return proto.CompactTextString(m) }
 func (*GrantResponse) ProtoMessage()    {}
 func (*GrantResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{8}
+	return fileDescriptor_21300bfacc51fc2a, []int{8}
 }

 func (m *GrantResponse) XXX_Unmarshal(b []byte) error {
@@ -531,7 +551,7 @@ func (m *RevokeRequest) Reset()         { *m = RevokeRequest{} }
 func (m *RevokeRequest) String() string { return proto.CompactTextString(m) }
 func (*RevokeRequest) ProtoMessage()    {}
 func (*RevokeRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{9}
+	return fileDescriptor_21300bfacc51fc2a, []int{9}
 }

 func (m *RevokeRequest) XXX_Unmarshal(b []byte) error {
@@ -576,7 +596,7 @@ func (m *RevokeResponse) Reset()         { *m = RevokeResponse{} }
 func (m *RevokeResponse) String() string { return proto.CompactTextString(m) }
 func (*RevokeResponse) ProtoMessage()    {}
 func (*RevokeResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{10}
+	return fileDescriptor_21300bfacc51fc2a, []int{10}
 }

 func (m *RevokeResponse) XXX_Unmarshal(b []byte) error {
@@ -608,7 +628,7 @@ func (m *InspectRequest) Reset()         { *m = InspectRequest{} }
 func (m *InspectRequest) String() string { return proto.CompactTextString(m) }
 func (*InspectRequest) ProtoMessage()    {}
 func (*InspectRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{11}
+	return fileDescriptor_21300bfacc51fc2a, []int{11}
 }

 func (m *InspectRequest) XXX_Unmarshal(b []byte) error {
@@ -647,7 +667,7 @@ func (m *InspectResponse) Reset()         { *m = InspectResponse{} }
 func (m *InspectResponse) String() string { return proto.CompactTextString(m) }
 func (*InspectResponse) ProtoMessage()    {}
 func (*InspectResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{12}
+	return fileDescriptor_21300bfacc51fc2a, []int{12}
 }

 func (m *InspectResponse) XXX_Unmarshal(b []byte) error {
@@ -678,7 +698,8 @@ func (m *InspectResponse) GetAccount() *Account {
 type TokenRequest struct {
 	Id                   string   `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
 	Secret               string   `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
-	TokenExpiry          int64    `protobuf:"varint,3,opt,name=token_expiry,json=tokenExpiry,proto3" json:"token_expiry,omitempty"`
+	RefreshToken         string   `protobuf:"bytes,3,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
+	TokenExpiry          int64    `protobuf:"varint,4,opt,name=token_expiry,json=tokenExpiry,proto3" json:"token_expiry,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
 	XXX_sizecache        int32    `json:"-"`
@@ -688,7 +709,7 @@ func (m *TokenRequest) Reset()         { *m = TokenRequest{} }
 func (m *TokenRequest) String() string { return proto.CompactTextString(m) }
 func (*TokenRequest) ProtoMessage()    {}
 func (*TokenRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{13}
+	return fileDescriptor_21300bfacc51fc2a, []int{13}
 }

 func (m *TokenRequest) XXX_Unmarshal(b []byte) error {
@@ -723,6 +744,13 @@ func (m *TokenRequest) GetSecret() string {
 	return ""
 }

+func (m *TokenRequest) GetRefreshToken() string {
+	if m != nil {
+		return m.RefreshToken
+	}
+	return ""
+}
+
 func (m *TokenRequest) GetTokenExpiry() int64 {
 	if m != nil {
 		return m.TokenExpiry
@@ -741,7 +769,7 @@ func (m *TokenResponse) Reset()         { *m = TokenResponse{} }
 func (m *TokenResponse) String() string { return proto.CompactTextString(m) }
 func (*TokenResponse) ProtoMessage()    {}
 func (*TokenResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{14}
+	return fileDescriptor_21300bfacc51fc2a, []int{14}
 }

 func (m *TokenResponse) XXX_Unmarshal(b []byte) error {
@@ -774,6 +802,7 @@ type Rule struct {
 	Role                 string    `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
 	Resource             *Resource `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty"`
 	Access               Access    `protobuf:"varint,4,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
+	Priority             int32     `protobuf:"varint,5,opt,name=priority,proto3" json:"priority,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
 	XXX_unrecognized     []byte    `json:"-"`
 	XXX_sizecache        int32     `json:"-"`
@@ -783,7 +812,7 @@ func (m *Rule) Reset()         { *m = Rule{} }
 func (m *Rule) String() string { return proto.CompactTextString(m) }
 func (*Rule) ProtoMessage()    {}
 func (*Rule) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{15}
+	return fileDescriptor_21300bfacc51fc2a, []int{15}
 }

 func (m *Rule) XXX_Unmarshal(b []byte) error {
@@ -832,10 +861,18 @@ func (m *Rule) GetAccess() Access {
 	return Access_UNKNOWN
 }

+func (m *Rule) GetPriority() int32 {
+	if m != nil {
+		return m.Priority
+	}
+	return 0
+}
+
 type CreateRequest struct {
 	Role                 string    `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
 	Resource             *Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
 	Access               Access    `protobuf:"varint,3,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
+	Priority             int32     `protobuf:"varint,4,opt,name=priority,proto3" json:"priority,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
 	XXX_unrecognized     []byte    `json:"-"`
 	XXX_sizecache        int32     `json:"-"`
@@ -845,7 +882,7 @@ func (m *CreateRequest) Reset()         { *m = CreateRequest{} }
 func (m *CreateRequest) String() string { return proto.CompactTextString(m) }
 func (*CreateRequest) ProtoMessage()    {}
 func (*CreateRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{16}
+	return fileDescriptor_21300bfacc51fc2a, []int{16}
 }

 func (m *CreateRequest) XXX_Unmarshal(b []byte) error {
@@ -887,6 +924,13 @@ func (m *CreateRequest) GetAccess() Access {
 	return Access_UNKNOWN
 }

+func (m *CreateRequest) GetPriority() int32 {
+	if m != nil {
+		return m.Priority
+	}
+	return 0
+}
+
 type CreateResponse struct {
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
@@ -897,7 +941,7 @@ func (m *CreateResponse) Reset()         { *m = CreateResponse{} }
 func (m *CreateResponse) String() string { return proto.CompactTextString(m) }
 func (*CreateResponse) ProtoMessage()    {}
 func (*CreateResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{17}
+	return fileDescriptor_21300bfacc51fc2a, []int{17}
 }

 func (m *CreateResponse) XXX_Unmarshal(b []byte) error {
@@ -922,6 +966,7 @@ type DeleteRequest struct {
 	Role                 string    `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
 	Resource             *Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
 	Access               Access    `protobuf:"varint,3,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
+	Priority             int32     `protobuf:"varint,4,opt,name=priority,proto3" json:"priority,omitempty"`
 	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
 	XXX_unrecognized     []byte    `json:"-"`
 	XXX_sizecache        int32     `json:"-"`
@@ -931,7 +976,7 @@ func (m *DeleteRequest) Reset()         { *m = DeleteRequest{} }
 func (m *DeleteRequest) String() string { return proto.CompactTextString(m) }
 func (*DeleteRequest) ProtoMessage()    {}
 func (*DeleteRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{18}
+	return fileDescriptor_21300bfacc51fc2a, []int{18}
 }

 func (m *DeleteRequest) XXX_Unmarshal(b []byte) error {
@@ -973,6 +1018,13 @@ func (m *DeleteRequest) GetAccess() Access {
 	return Access_UNKNOWN
 }

+func (m *DeleteRequest) GetPriority() int32 {
+	if m != nil {
+		return m.Priority
+	}
+	return 0
+}
+
 type DeleteResponse struct {
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
 	XXX_unrecognized     []byte   `json:"-"`
@@ -983,7 +1035,7 @@ func (m *DeleteResponse) Reset()         { *m = DeleteResponse{} }
 func (m *DeleteResponse) String() string { return proto.CompactTextString(m) }
 func (*DeleteResponse) ProtoMessage()    {}
 func (*DeleteResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{19}
+	return fileDescriptor_21300bfacc51fc2a, []int{19}
 }

 func (m *DeleteResponse) XXX_Unmarshal(b []byte) error {
@@ -1014,7 +1066,7 @@ func (m *ListRequest) Reset()         { *m = ListRequest{} }
 func (m *ListRequest) String() string { return proto.CompactTextString(m) }
 func (*ListRequest) ProtoMessage()    {}
 func (*ListRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{20}
+	return fileDescriptor_21300bfacc51fc2a, []int{20}
 }

 func (m *ListRequest) XXX_Unmarshal(b []byte) error {
@@ -1046,7 +1098,7 @@ func (m *ListResponse) Reset()         { *m = ListResponse{} }
 func (m *ListResponse) String() string { return proto.CompactTextString(m) }
 func (*ListResponse) ProtoMessage()    {}
 func (*ListResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_11312eec02fd5712, []int{21}
+	return fileDescriptor_21300bfacc51fc2a, []int{21}
 }

 func (m *ListResponse) XXX_Unmarshal(b []byte) error {
@@ -1079,7 +1131,6 @@ func init() {
 	proto.RegisterType((*ListAccountsRequest)(nil), "go.micro.auth.ListAccountsRequest")
 	proto.RegisterType((*ListAccountsResponse)(nil), "go.micro.auth.ListAccountsResponse")
 	proto.RegisterType((*Token)(nil), "go.micro.auth.Token")
-	proto.RegisterMapType((map[string]string)(nil), "go.micro.auth.Token.MetadataEntry")
 	proto.RegisterType((*Account)(nil), "go.micro.auth.Account")
 	proto.RegisterMapType((map[string]string)(nil), "go.micro.auth.Account.MetadataEntry")
 	proto.RegisterType((*Resource)(nil), "go.micro.auth.Resource")
@@ -1103,64 +1154,433 @@ func init() {
 	proto.RegisterType((*ListResponse)(nil), "go.micro.auth.ListResponse")
 }

-func init() {
-	proto.RegisterFile("github.com/micro/go-micro/auth/service/proto/auth.proto", fileDescriptor_11312eec02fd5712)
+func init() { proto.RegisterFile("auth/service/proto/auth.proto", fileDescriptor_21300bfacc51fc2a) }
+
+var fileDescriptor_21300bfacc51fc2a = []byte{
+	// 900 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x56, 0xdd, 0x8e, 0xdb, 0x44,
+	0x14, 0x5e, 0xff, 0xc4, 0xc9, 0x9e, 0xfc, 0x6c, 0x34, 0xdd, 0x16, 0x2b, 0xed, 0x96, 0xad, 0x8b,
+	0xd0, 0x52, 0x41, 0x16, 0xa5, 0x37, 0x40, 0x6f, 0x58, 0x35, 0x51, 0x68, 0xa1, 0x41, 0x58, 0x45,
+	0xe5, 0x06, 0x55, 0xc6, 0x39, 0xb0, 0xd6, 0x66, 0x6d, 0x33, 0x33, 0x5e, 0x91, 0x1b, 0x24, 0xde,
+	0x81, 0x37, 0x80, 0x2b, 0x9e, 0x89, 0x7b, 0x5e, 0x03, 0xcd, 0x9f, 0x37, 0x76, 0x9c, 0xaa, 0x40,
+	0x2f, 0xb8, 0x9b, 0x33, 0xe7, 0xf8, 0xcc, 0xf7, 0x7d, 0xe7, 0xcc, 0xf1, 0xc0, 0x51, 0x54, 0xf0,
+	0xf3, 0x53, 0x86, 0xf4, 0x2a, 0x89, 0xf1, 0x34, 0xa7, 0x19, 0xcf, 0x4e, 0xc5, 0xd6, 0x58, 0x2e,
+	0x49, 0xff, 0x87, 0x6c, 0x7c, 0x99, 0xc4, 0x34, 0x1b, 0x8b, 0xcd, 0xe0, 0x26, 0xdc, 0xf8, 0x22,
+	0x61, 0xfc, 0x2c, 0x8e, 0xb3, 0x22, 0xe5, 0x2c, 0xc4, 0x1f, 0x0b, 0x64, 0x3c, 0x78, 0x0a, 0x87,
+	0xd5, 0x6d, 0x96, 0x67, 0x29, 0x43, 0x32, 0x81, 0x4e, 0xa4, 0xf7, 0x7c, 0xeb, 0xd8, 0x39, 0xe9,
+	0x4e, 0x6e, 0x8d, 0x2b, 0x09, 0xc7, 0xfa, 0x93, 0xb0, 0x8c, 0x0b, 0x7e, 0xb1, 0xa0, 0xf5, 0x3c,
+	0xbb, 0xc0, 0x94, 0xdc, 0x83, 0x5e, 0x14, 0xc7, 0xc8, 0xd8, 0x4b, 0x2e, 0x6c, 0xdf, 0x3a, 0xb6,
+	0x4e, 0xf6, 0xc3, 0xae, 0xda, 0x53, 0x21, 0xf7, 0xa1, 0x4f, 0xf1, 0x7b, 0x8a, 0xec, 0x5c, 0xc7,
+	0xd8, 0x32, 0xa6, 0xa7, 0x37, 0x55, 0x90, 0x0f, 0xed, 0x98, 0x62, 0xc4, 0x71, 0xe9, 0x3b, 0xc7,
+	0xd6, 0x89, 0x13, 0x1a, 0x93, 0xdc, 0x02, 0x0f, 0x7f, 0xca, 0x13, 0xba, 0xf6, 0x5d, 0xe9, 0xd0,
+	0x56, 0xf0, 0xab, 0x0d, 0x6d, 0x8d, 0x8c, 0x0c, 0xc0, 0x4e, 0x96, 0xfa, 0x6c, 0x3b, 0x59, 0x12,
+	0x02, 0x2e, 0x5f, 0xe7, 0xa8, 0x4f, 0x92, 0x6b, 0x72, 0x08, 0x2d, 0x9a, 0xad, 0x90, 0xf9, 0xce,
+	0xb1, 0x73, 0xb2, 0x1f, 0x2a, 0x83, 0x7c, 0x0a, 0x9d, 0x4b, 0xe4, 0xd1, 0x32, 0xe2, 0x91, 0xef,
+	0x4a, 0xf6, 0xef, 0x34, 0xb3, 0x1f, 0x3f, 0xd3, 0x61, 0xb3, 0x94, 0xd3, 0x75, 0x58, 0x7e, 0x45,
+	0xee, 0xc0, 0x7e, 0x1a, 0x5d, 0x22, 0xcb, 0xa3, 0x18, 0xfd, 0x96, 0x3c, 0xf0, 0x7a, 0x83, 0x8c,
+	0xa0, 0x93, 0xd3, 0xec, 0x2a, 0x59, 0x22, 0xf5, 0x3d, 0xe9, 0x2c, 0x6d, 0xc1, 0x8c, 0x61, 0x4c,
+	0x91, 0xfb, 0x6d, 0xe9, 0xd1, 0xd6, 0xe8, 0x11, 0xf4, 0x2b, 0x87, 0x91, 0x21, 0x38, 0x17, 0xb8,
+	0xd6, 0xfc, 0xc4, 0x52, 0x90, 0xb9, 0x8a, 0x56, 0x85, 0x61, 0xa8, 0x8c, 0x4f, 0xec, 0x8f, 0xac,
+	0x60, 0x05, 0x9d, 0x10, 0x59, 0x56, 0xd0, 0x18, 0x85, 0x0c, 0x02, 0x89, 0xfe, 0x50, 0xae, 0x1b,
+	0xa5, 0x19, 0x41, 0x07, 0xd3, 0x65, 0x9e, 0x25, 0x29, 0x97, 0xea, 0xef, 0x87, 0xa5, 0x5d, 0xa5,
+	0xe7, 0xd6, 0xe8, 0x05, 0xbf, 0xdb, 0x70, 0x30, 0xc7, 0x14, 0x69, 0xc4, 0x51, 0x37, 0xda, 0x56,
+	0x31, 0x4a, 0xe1, 0xed, 0x4d, 0xe1, 0x3f, 0xdb, 0x10, 0xde, 0x91, 0xc2, 0xbf, 0x5f, 0x13, 0xbe,
+	0x96, 0xf7, 0xf5, 0x0a, 0x50, 0x47, 0xb8, 0x21, 0x72, 0x6b, 0x53, 0xe4, 0x52, 0x07, 0xaf, 0xaa,
+	0x43, 0x59, 0xac, 0x76, 0xb5, 0x58, 0xff, 0xad, 0x28, 0x53, 0x18, 0x5e, 0xb3, 0xd1, 0xf7, 0xee,
+	0x43, 0x68, 0xeb, 0xfb, 0x24, 0x73, 0xec, 0xbe, 0x76, 0x26, 0x2c, 0x78, 0x01, 0xbd, 0x39, 0x8d,
+	0x52, 0x6e, 0x84, 0x26, 0xe0, 0x0a, 0x2d, 0x4d, 0x79, 0xc5, 0x9a, 0x3c, 0x84, 0x0e, 0xd5, 0xe5,
+	0x97, 0x30, 0xba, 0x93, 0xb7, 0x6a, 0x69, 0x4d, 0x77, 0x84, 0x65, 0x60, 0x70, 0x00, 0x7d, 0x9d,
+	0x58, 0x61, 0x0b, 0xbe, 0x81, 0x7e, 0x88, 0x57, 0xd9, 0x05, 0xbe, 0xf1, 0xa3, 0x86, 0x30, 0x30,
+	0x99, 0xf5, 0x59, 0xef, 0xc2, 0xe0, 0x49, 0xca, 0x72, 0x8c, 0x4b, 0x5e, 0x87, 0xd0, 0xda, 0x1c,
+	0x26, 0xca, 0x08, 0x1e, 0xc3, 0x41, 0x19, 0xf7, 0xaf, 0x25, 0xfc, 0x19, 0x7a, 0x72, 0xde, 0xec,
+	0xea, 0xd5, 0xeb, 0x6e, 0xb1, 0x2b, 0xdd, 0xb2, 0x35, 0xc3, 0x9c, 0x86, 0x19, 0x76, 0x0f, 0x7a,
+	0xd2, 0xf9, 0xb2, 0x32, 0xaf, 0xba, 0x72, 0x6f, 0xa6, 0x86, 0xd6, 0x23, 0xe8, 0xeb, 0xf3, 0x35,
+	0x85, 0x07, 0x9b, 0x5c, 0xbb, 0x93, 0xc3, 0x1a, 0x01, 0x15, 0xac, 0x15, 0xf8, 0xc3, 0x02, 0x37,
+	0x2c, 0x56, 0xd8, 0x34, 0xee, 0x64, 0x75, 0xec, 0x1d, 0xd5, 0x71, 0x5e, 0xb3, 0x3a, 0xe4, 0x03,
+	0xf0, 0xd4, 0xe4, 0x96, 0xd8, 0x07, 0x93, 0x9b, 0xdb, 0x7a, 0x22, 0x63, 0xa1, 0x0e, 0x52, 0xf7,
+	0x25, 0xc9, 0x68, 0xc2, 0xd7, 0xf2, 0x76, 0xb5, 0xc2, 0xd2, 0x0e, 0x7e, 0xb3, 0xa0, 0xff, 0x58,
+	0x8e, 0xf0, 0x37, 0xdd, 0x43, 0x1b, 0x28, 0x9d, 0x7f, 0x8a, 0xd2, 0xad, 0xa1, 0x1c, 0xc2, 0xc0,
+	0x80, 0xd4, 0xed, 0x28, 0x70, 0x4f, 0x71, 0x85, 0xff, 0x7b, 0xdc, 0x06, 0xa4, 0xc6, 0xdd, 0x87,
+	0xae, 0xf8, 0xbd, 0x9b, 0xbf, 0xfd, 0xc7, 0xd0, 0x53, 0xa6, 0xee, 0xb3, 0xf7, 0xa0, 0x45, 0x0b,
+	0x31, 0x84, 0xd5, 0x2f, 0xfe, 0x46, 0x1d, 0x6d, 0xb1, 0xc2, 0x50, 0x45, 0x3c, 0x18, 0x83, 0xa7,
+	0x90, 0x90, 0x2e, 0xb4, 0xbf, 0x5e, 0x7c, 0xbe, 0xf8, 0xf2, 0xc5, 0x62, 0xb8, 0x27, 0x8c, 0x79,
+	0x78, 0xb6, 0x78, 0x3e, 0x9b, 0x0e, 0x2d, 0x02, 0xe0, 0x4d, 0x67, 0x8b, 0x27, 0xb3, 0xe9, 0xd0,
+	0x9e, 0xfc, 0x65, 0x81, 0x7b, 0x56, 0xf0, 0x73, 0xf2, 0x0c, 0x3a, 0x66, 0xca, 0x91, 0xbb, 0xaf,
+	0x1e, 0xe6, 0xa3, 0xb7, 0x77, 0xfa, 0x35, 0x9f, 0x3d, 0xf2, 0x14, 0xda, 0xfa, 0xc2, 0x93, 0xa3,
+	0x5a, 0x74, 0x75, 0x60, 0x8c, 0xee, 0xee, 0x72, 0x97, 0xb9, 0xa6, 0xe6, 0xbd, 0x72, 0xbb, 0xf1,
+	0x82, 0xe9, 0x3c, 0x77, 0x9a, 0x9d, 0x26, 0xcb, 0xe4, 0x5b, 0xe8, 0x98, 0xe7, 0x13, 0xf9, 0x0a,
+	0x5c, 0x21, 0x30, 0x09, 0x6a, 0xdf, 0x34, 0x3c, 0xbd, 0x46, 0xf7, 0x5f, 0x19, 0x53, 0xa6, 0xff,
+	0xd3, 0x82, 0x96, 0x28, 0x04, 0x23, 0x73, 0xf0, 0x54, 0x5b, 0x92, 0x3a, 0xa4, 0xca, 0x95, 0x1a,
+	0x1d, 0xed, 0xf0, 0x96, 0xbc, 0xe7, 0xe0, 0xa9, 0x3e, 0xd9, 0x4a, 0x54, 0xe9, 0xf1, 0xad, 0x44,
+	0xb5, 0xe6, 0xda, 0x23, 0x67, 0x9a, 0xee, 0xa8, 0x81, 0x8a, 0x49, 0x72, 0xbb, 0xd1, 0x67, 0x52,
+	0x7c, 0xe7, 0xc9, 0xd7, 0xea, 0xc3, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0xdf, 0x67, 0x3c, 0x6e,
+	0xce, 0x0a, 0x00, 0x00,
 }

-var fileDescriptor_11312eec02fd5712 = []byte{
-	// 860 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x56, 0xdd, 0x8e, 0xdb, 0x44,
-	0x14, 0x5e, 0xff, 0xc4, 0xf1, 0x9e, 0xfc, 0x6c, 0x34, 0xdd, 0x16, 0x2b, 0xfd, 0x21, 0x18, 0x84,
-	0x96, 0x8a, 0x3a, 0x28, 0xbd, 0xe0, 0xa7, 0x12, 0x22, 0x6a, 0xa2, 0xd0, 0x42, 0x83, 0xb0, 0x8a,
-	0x0a, 0x17, 0x08, 0x79, 0x9d, 0xa3, 0x5d, 0xb3, 0x89, 0x1d, 0x3c, 0xe3, 0x15, 0x79, 0x02, 0xee,
-	0x78, 0x14, 0x9e, 0xa8, 0x97, 0x48, 0xbc, 0x06, 0x9a, 0xf1, 0x8c, 0x37, 0x71, 0x9c, 0x55, 0x84,
-	0x72, 0xc1, 0xdd, 0x9c, 0x99, 0x33, 0xdf, 0x7c, 0xdf, 0xe7, 0x33, 0xc7, 0x03, 0x9f, 0x5e, 0x44,
-	0xec, 0x32, 0x3b, 0xf7, 0xc2, 0x64, 0xd1, 0x5f, 0x44, 0x61, 0x9a, 0xf4, 0x2f, 0x92, 0x27, 0xf9,
-	0x20, 0xc8, 0xd8, 0x65, 0x9f, 0x62, 0x7a, 0x1d, 0x85, 0xd8, 0x5f, 0xa6, 0x09, 0xcb, 0xa7, 0x3c,
-	0x31, 0x24, 0xad, 0x8b, 0xc4, 0x13, 0x79, 0x1e, 0x9f, 0x74, 0xef, 0xc2, 0x9d, 0x6f, 0x23, 0xca,
-	0x86, 0x61, 0x98, 0x64, 0x31, 0xa3, 0x3e, 0xfe, 0x96, 0x21, 0x65, 0xee, 0x4b, 0x38, 0xdd, 0x9c,
-	0xa6, 0xcb, 0x24, 0xa6, 0x48, 0x06, 0x60, 0x07, 0x72, 0xce, 0xd1, 0x7a, 0xc6, 0x59, 0x63, 0x70,
-	0xcf, 0xdb, 0x00, 0xf4, 0xe4, 0x16, 0xbf, 0xc8, 0x73, 0xff, 0xd2, 0xa1, 0xf6, 0x3a, 0xb9, 0xc2,
-	0x98, 0x9c, 0x42, 0x8d, 0xf1, 0x81, 0xa3, 0xf5, 0xb4, 0xb3, 0x63, 0x3f, 0x0f, 0x08, 0x01, 0x93,
-	0xad, 0x96, 0xe8, 0xe8, 0x62, 0x52, 0x8c, 0x89, 0x03, 0xf5, 0x30, 0xc5, 0x80, 0xe1, 0xcc, 0x31,
-	0x7a, 0xda, 0x99, 0xe1, 0xab, 0x90, 0xdc, 0x03, 0x0b, 0x7f, 0x5f, 0x46, 0xe9, 0xca, 0x31, 0xc5,
-	0x82, 0x8c, 0xf8, 0x0e, 0x9a, 0x9d, 0xff, 0x8a, 0x21, 0x73, 0x6a, 0x02, 0x48, 0x85, 0xfc, 0xd4,
-	0x34, 0x99, 0x23, 0x75, 0xac, 0x9e, 0xc1, 0x4f, 0x15, 0x01, 0xf9, 0x12, 0xec, 0x05, 0xb2, 0x60,
-	0x16, 0xb0, 0xc0, 0xa9, 0x0b, 0x25, 0x6e, 0x49, 0x89, 0xe0, 0xec, 0xbd, 0x92, 0x49, 0xe3, 0x98,
-	0xa5, 0x2b, 0xbf, 0xd8, 0x43, 0x1e, 0xc0, 0x71, 0x1c, 0x2c, 0x90, 0x2e, 0x83, 0x10, 0x1d, 0x5b,
-	0x9c, 0x78, 0x33, 0xd1, 0x7d, 0x06, 0xad, 0x8d, 0x8d, 0xa4, 0x03, 0xc6, 0x15, 0xae, 0xa4, 0x70,
-	0x3e, 0xe4, 0xb4, 0xae, 0x83, 0x79, 0xa6, 0x74, 0xe7, 0xc1, 0x17, 0xfa, 0x67, 0x9a, 0xfb, 0xb7,
-	0x06, 0x75, 0x69, 0x23, 0x69, 0x83, 0x1e, 0xcd, 0xe4, 0x36, 0x3d, 0x12, 0xf2, 0x29, 0x86, 0x29,
-	0x32, 0xb9, 0x4d, 0x46, 0x37, 0x22, 0x8d, 0x75, 0x91, 0x5f, 0xad, 0x89, 0x34, 0x85, 0xc8, 0x0f,
-	0xaa, 0x3f, 0xd7, 0x7e, 0x32, 0x6b, 0x07, 0x95, 0x39, 0x05, 0xdb, 0x47, 0x9a, 0x64, 0x69, 0x88,
-	0xbc, 0x06, 0x38, 0xaa, 0xdc, 0x28, 0xc6, 0x95, 0x75, 0xd1, 0x05, 0x1b, 0xe3, 0xd9, 0x32, 0x89,
-	0x62, 0x26, 0x0a, 0xe3, 0xd8, 0x2f, 0x62, 0xf7, 0xad, 0x06, 0x27, 0x13, 0x8c, 0x31, 0x0d, 0x18,
-	0xca, 0x3a, 0xde, 0xb2, 0xaf, 0xb0, 0x49, 0x5f, 0xb7, 0xe9, 0xeb, 0x35, 0x9b, 0x0c, 0x61, 0xd3,
-	0xc7, 0x25, 0x9b, 0x4a, 0xb8, 0xfb, 0xd9, 0x65, 0x1e, 0xd4, 0xae, 0x11, 0x74, 0x6e, 0x58, 0xc8,
-	0xeb, 0xf8, 0x09, 0xd4, 0xe5, 0x35, 0x13, 0x18, 0xbb, 0x6f, 0xa3, 0x4a, 0x73, 0xdf, 0x40, 0x73,
-	0x92, 0x06, 0x31, 0x53, 0x06, 0x11, 0x30, 0xb9, 0x07, 0xca, 0x78, 0x3e, 0x26, 0x4f, 0xc1, 0x4e,
-	0xe5, 0x87, 0x11, 0x34, 0x1a, 0x83, 0x77, 0x4a, 0xb0, 0xea, 0xbb, 0xf9, 0x45, 0xa2, 0x7b, 0x02,
-	0x2d, 0x09, 0x9c, 0x73, 0x73, 0x7f, 0x84, 0x96, 0x8f, 0xd7, 0xc9, 0x15, 0x1e, 0xfc, 0xa8, 0x0e,
-	0xb4, 0x15, 0xb2, 0x3c, 0xeb, 0x43, 0x68, 0xbf, 0x88, 0xe9, 0x12, 0xc3, 0x42, 0x57, 0x65, 0xab,
-	0x71, 0x9f, 0xc3, 0x49, 0x91, 0xf7, 0x9f, 0x2d, 0xfc, 0x09, 0x9a, 0xa2, 0x35, 0xec, 0xaa, 0xb1,
-	0x5d, 0x57, 0xf4, 0x3d, 0x68, 0x0a, 0x16, 0xbf, 0xc8, 0xfe, 0x95, 0x37, 0xb6, 0x86, 0x98, 0x1b,
-	0x8b, 0x29, 0xf7, 0x19, 0xb4, 0x24, 0xb4, 0x64, 0xf7, 0x78, 0x5d, 0x46, 0x63, 0x70, 0x5a, 0xd5,
-	0xa2, 0x94, 0xb8, 0x3f, 0x35, 0x30, 0xfd, 0x6c, 0x8e, 0x5b, 0x84, 0x94, 0xf1, 0xfa, 0x0e, 0xe3,
-	0x8d, 0x3d, 0x8d, 0x27, 0x4f, 0xc0, 0x0a, 0xc2, 0x10, 0x29, 0x15, 0xa5, 0xdd, 0x1e, 0xdc, 0xdd,
-	0xb6, 0x0a, 0x29, 0xf5, 0x65, 0x92, 0xfb, 0x87, 0x06, 0xad, 0xe7, 0xa2, 0x6d, 0x1f, 0xba, 0x04,
-	0xd6, 0x98, 0x18, 0xfb, 0x30, 0xe9, 0x40, 0x5b, 0x11, 0x91, 0x15, 0xc3, 0xb9, 0x8d, 0x70, 0x8e,
-	0xff, 0x0b, 0x6e, 0x8a, 0x88, 0xe4, 0xd6, 0x82, 0x06, 0xff, 0xf9, 0xaa, 0x7f, 0xf1, 0xe7, 0xd0,
-	0xcc, 0x43, 0x59, 0x13, 0x1f, 0x41, 0x2d, 0xcd, 0x78, 0x0f, 0xcb, 0x7f, 0xc0, 0x77, 0xca, 0x8c,
-	0xb2, 0x39, 0xfa, 0x79, 0xc6, 0x63, 0x0f, 0xac, 0xfc, 0x34, 0xd2, 0x80, 0xfa, 0x0f, 0xd3, 0x6f,
-	0xa6, 0xdf, 0xbd, 0x99, 0x76, 0x8e, 0x78, 0x30, 0xf1, 0x87, 0xd3, 0xd7, 0xe3, 0x51, 0x47, 0x23,
-	0x00, 0xd6, 0x68, 0x3c, 0x7d, 0x31, 0x1e, 0x75, 0xf4, 0xc1, 0x3f, 0x1a, 0x98, 0xc3, 0x8c, 0x5d,
-	0x92, 0x57, 0x60, 0xab, 0x66, 0x43, 0x1e, 0xdd, 0xde, 0x0b, 0xbb, 0xef, 0xee, 0x5c, 0x97, 0x7a,
-	0x8e, 0xc8, 0x4b, 0xa8, 0xcb, 0x7b, 0x47, 0x1e, 0x96, 0xb2, 0x37, 0xef, 0x6d, 0xf7, 0xd1, 0xae,
-	0xe5, 0x02, 0x6b, 0xa4, 0x5e, 0x13, 0xf7, 0x2b, 0x2f, 0x83, 0xc4, 0x79, 0x50, 0xbd, 0xa8, 0x50,
-	0x06, 0x3f, 0x83, 0xad, 0x1e, 0x37, 0xe4, 0x7b, 0x30, 0xb9, 0xc1, 0xa4, 0xfc, 0x00, 0xa8, 0x78,
-	0x18, 0x75, 0xdf, 0xbf, 0x35, 0xa7, 0x80, 0x7f, 0xab, 0x41, 0x8d, 0x7f, 0x08, 0x4a, 0x26, 0x60,
-	0xe5, 0xa5, 0x47, 0xca, 0x94, 0x36, 0xae, 0x46, 0xf7, 0xe1, 0x8e, 0xd5, 0x42, 0xf7, 0x04, 0xac,
-	0xbc, 0x4e, 0xb6, 0x80, 0x36, 0xea, 0x78, 0x0b, 0xa8, 0x54, 0x5c, 0x47, 0x64, 0x28, 0xe5, 0x76,
-	0x2b, 0xa4, 0x28, 0x90, 0xfb, 0x95, 0x6b, 0x0a, 0xe2, 0xdc, 0x12, 0x6f, 0xc9, 0xa7, 0xff, 0x06,
-	0x00, 0x00, 0xff, 0xff, 0x24, 0x1b, 0xf8, 0x32, 0x86, 0x0a, 0x00, 0x00,
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// AuthClient is the client API for Auth service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type AuthClient interface {
+	Generate(ctx context.Context, in *GenerateRequest, opts ...grpc.CallOption) (*GenerateResponse, error)
+	Inspect(ctx context.Context, in *InspectRequest, opts ...grpc.CallOption) (*InspectResponse, error)
+	Token(ctx context.Context, in *TokenRequest, opts ...grpc.CallOption) (*TokenResponse, error)
+}
+
+type authClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewAuthClient(cc *grpc.ClientConn) AuthClient {
+	return &authClient{cc}
+}
+
+func (c *authClient) Generate(ctx context.Context, in *GenerateRequest, opts ...grpc.CallOption) (*GenerateResponse, error) {
+	out := new(GenerateResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.auth.Auth/Generate", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authClient) Inspect(ctx context.Context, in *InspectRequest, opts ...grpc.CallOption) (*InspectResponse, error) {
+	out := new(InspectResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.auth.Auth/Inspect", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *authClient) Token(ctx context.Context, in *TokenRequest, opts ...grpc.CallOption) (*TokenResponse, error) {
+	out := new(TokenResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.auth.Auth/Token", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// AuthServer is the server API for Auth service.
+type AuthServer interface {
+	Generate(context.Context, *GenerateRequest) (*GenerateResponse, error)
+	Inspect(context.Context, *InspectRequest) (*InspectResponse, error)
+	Token(context.Context, *TokenRequest) (*TokenResponse, error)
+}
+
+// UnimplementedAuthServer can be embedded to have forward compatible implementations.
+type UnimplementedAuthServer struct {
+}
+
+func (*UnimplementedAuthServer) Generate(ctx context.Context, req *GenerateRequest) (*GenerateResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Generate not implemented")
+}
+func (*UnimplementedAuthServer) Inspect(ctx context.Context, req *InspectRequest) (*InspectResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Inspect not implemented")
+}
+func (*UnimplementedAuthServer) Token(ctx context.Context, req *TokenRequest) (*TokenResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Token not implemented")
+}
+
+func RegisterAuthServer(s *grpc.Server, srv AuthServer) {
+	s.RegisterService(&_Auth_serviceDesc, srv)
+}
+
+func _Auth_Generate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GenerateRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServer).Generate(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.auth.Auth/Generate",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServer).Generate(ctx, req.(*GenerateRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Auth_Inspect_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(InspectRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServer).Inspect(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.auth.Auth/Inspect",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServer).Inspect(ctx, req.(*InspectRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Auth_Token_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(TokenRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AuthServer).Token(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.auth.Auth/Token",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AuthServer).Token(ctx, req.(*TokenRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _Auth_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "go.micro.auth.Auth",
+	HandlerType: (*AuthServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Generate",
+			Handler:    _Auth_Generate_Handler,
+		},
+		{
+			MethodName: "Inspect",
+			Handler:    _Auth_Inspect_Handler,
+		},
+		{
+			MethodName: "Token",
+			Handler:    _Auth_Token_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "auth/service/proto/auth.proto",
+}
+
+// AccountsClient is the client API for Accounts service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type AccountsClient interface {
+	List(ctx context.Context, in *ListAccountsRequest, opts ...grpc.CallOption) (*ListAccountsResponse, error)
+}
+
+type accountsClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewAccountsClient(cc *grpc.ClientConn) AccountsClient {
+	return &accountsClient{cc}
+}
+
+func (c *accountsClient) List(ctx context.Context, in *ListAccountsRequest, opts ...grpc.CallOption) (*ListAccountsResponse, error) {
+	out := new(ListAccountsResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.auth.Accounts/List", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// AccountsServer is the server API for Accounts service.
+type AccountsServer interface {
+	List(context.Context, *ListAccountsRequest) (*ListAccountsResponse, error)
+}
+
+// UnimplementedAccountsServer can be embedded to have forward compatible implementations.
+type UnimplementedAccountsServer struct {
+}
+
+func (*UnimplementedAccountsServer) List(ctx context.Context, req *ListAccountsRequest) (*ListAccountsResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method List not implemented")
+}
+
+func RegisterAccountsServer(s *grpc.Server, srv AccountsServer) {
+	s.RegisterService(&_Accounts_serviceDesc, srv)
+}
+
+func _Accounts_List_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListAccountsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(AccountsServer).List(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.auth.Accounts/List",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(AccountsServer).List(ctx, req.(*ListAccountsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _Accounts_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "go.micro.auth.Accounts",
+	HandlerType: (*AccountsServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "List",
+			Handler:    _Accounts_List_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "auth/service/proto/auth.proto",
+}
+
+// RulesClient is the client API for Rules service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
+type RulesClient interface {
+	Create(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error)
+	Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error)
+	List(ctx context.Context, in *ListRequest, opts ...grpc.CallOption) (*ListResponse, error)
+}
+
+type rulesClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewRulesClient(cc *grpc.ClientConn) RulesClient {
+	return &rulesClient{cc}
+}
+
+func (c *rulesClient) Create(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error) {
+	out := new(CreateResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.auth.Rules/Create", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rulesClient) Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error) {
+	out := new(DeleteResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.auth.Rules/Delete", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rulesClient) List(ctx context.Context, in *ListRequest, opts ...grpc.CallOption) (*ListResponse, error) {
+	out := new(ListResponse)
+	err := c.cc.Invoke(ctx, "/go.micro.auth.Rules/List", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// RulesServer is the server API for Rules service.
+type RulesServer interface {
+	Create(context.Context, *CreateRequest) (*CreateResponse, error)
+	Delete(context.Context, *DeleteRequest) (*DeleteResponse, error)
+	List(context.Context, *ListRequest) (*ListResponse, error)
+}
+
+// UnimplementedRulesServer can be embedded to have forward compatible implementations.
+type UnimplementedRulesServer struct {
+}
+
+func (*UnimplementedRulesServer) Create(ctx context.Context, req *CreateRequest) (*CreateResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Create not implemented")
+}
+func (*UnimplementedRulesServer) Delete(ctx context.Context, req *DeleteRequest) (*DeleteResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented")
+}
+func (*UnimplementedRulesServer) List(ctx context.Context, req *ListRequest) (*ListResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method List not implemented")
+}
+
+func RegisterRulesServer(s *grpc.Server, srv RulesServer) {
+	s.RegisterService(&_Rules_serviceDesc, srv)
+}
+
+func _Rules_Create_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RulesServer).Create(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.auth.Rules/Create",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RulesServer).Create(ctx, req.(*CreateRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Rules_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RulesServer).Delete(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.auth.Rules/Delete",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RulesServer).Delete(ctx, req.(*DeleteRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Rules_List_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RulesServer).List(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/go.micro.auth.Rules/List",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RulesServer).List(ctx, req.(*ListRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _Rules_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "go.micro.auth.Rules",
+	HandlerType: (*RulesServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Create",
+			Handler:    _Rules_Create_Handler,
+		},
+		{
+			MethodName: "Delete",
+			Handler:    _Rules_Delete_Handler,
+		},
+		{
+			MethodName: "List",
+			Handler:    _Rules_List_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "auth/service/proto/auth.proto",
 }
--- a/auth/service/proto/auth.pb.micro.go
+++ b/auth/service/proto/auth.pb.micro.go
@@ -1,5 +1,5 @@
 // Code generated by protoc-gen-micro. DO NOT EDIT.
-// source: github.com/micro/go-micro/auth/service/proto/auth.proto
+// source: auth/service/proto/auth.proto

 package go_micro_auth

@@ -11,6 +11,7 @@ import (

 import (
 	context "context"
+	api "github.com/micro/go-micro/v2/api"
 	client "github.com/micro/go-micro/v2/client"
 	server "github.com/micro/go-micro/v2/server"
 )
@@ -27,10 +28,17 @@ var _ = math.Inf
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package

 // Reference imports to suppress errors if they are not otherwise used.
+var _ api.Endpoint
 var _ context.Context
 var _ client.Option
 var _ server.Option

+// Api Endpoints for Auth service
+
+func NewAuthEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
 // Client API for Auth service

 type AuthService interface {
@@ -118,6 +126,12 @@ func (h *authHandler) Token(ctx context.Context, in *TokenRequest, out *TokenRes
 	return h.AuthHandler.Token(ctx, in, out)
 }

+// Api Endpoints for Accounts service
+
+func NewAccountsEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
 // Client API for Accounts service

 type AccountsService interface {
@@ -171,6 +185,12 @@ func (h *accountsHandler) List(ctx context.Context, in *ListAccountsRequest, out
 	return h.AccountsHandler.List(ctx, in, out)
 }

+// Api Endpoints for Rules service
+
+func NewRulesEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
 // Client API for Rules service

 type RulesService interface {
--- a/auth/service/proto/auth.proto
+++ b/auth/service/proto/auth.proto
@@ -4,12 +4,12 @@ package go.micro.auth;

 service Auth {
 	rpc Generate(GenerateRequest) returns (GenerateResponse) {};
-	rpc Inspect(InspectRequest)  returns (InspectResponse) {};		
-	rpc Token(TokenRequest)  returns (TokenResponse) {};
+	rpc Inspect(InspectRequest) returns (InspectResponse) {};		
+	rpc Token(TokenRequest) returns (TokenResponse) {};
 }

 service Accounts {
-  rpc List(ListAccountsRequest) returns (ListAccountsResponse) {};
+	rpc List(ListAccountsRequest) returns (ListAccountsResponse) {};
 }

 service Rules {
@@ -22,32 +22,31 @@ message ListAccountsRequest {
 }

 message ListAccountsResponse {
-  repeated Account accounts = 1;
+	repeated Account accounts = 1;
 }

 message Token {
-	string token = 1;
-	string type = 2;
+	string access_token = 1;
+	string refresh_token = 2;
 	int64 created = 3;
 	int64 expiry = 4;
-	string subject = 5;
-	repeated string roles = 6;
-	map<string, string> metadata = 7;
-	string namespace = 8;
 }

 message Account {
 	string id = 1;
-	string secret = 2;
+	string type = 2;
 	repeated string roles = 3;
 	map<string, string> metadata = 4;
 	string namespace = 5;
+	string provider = 6;
+	string secret = 7;
 }

 message Resource{
 	string name = 1;
 	string type = 2;
 	string endpoint = 3;
+	string namespace = 4;
 }

 message GenerateRequest {
@@ -55,6 +54,9 @@ message GenerateRequest {
 	repeated string roles = 2;
 	map<string, string> metadata = 3;
 	string namespace = 4;
+	string secret = 5;
+	string type = 6;
+	string provider = 7;
 }

 message GenerateResponse {
@@ -86,7 +88,8 @@ message InspectResponse {
 message TokenRequest {
 	string id = 1;
 	string secret = 2;
-	int64 token_expiry = 3;
+	string refresh_token = 3;
+	int64 token_expiry = 4;
 }

 message TokenResponse {
@@ -104,20 +107,23 @@ message Rule {
 	string role = 2;
 	Resource resource = 3;
 	Access access = 4;
+	int32 priority = 5;
 }

 message CreateRequest {
 	string role = 1;
-  Resource resource = 2;
-  Access access = 3;
+	Resource resource = 2;
+	Access access = 3;
+	int32 priority = 4;
 }

 message CreateResponse {}

 message DeleteRequest {
 	string role = 1;
-  Resource resource = 2;
-  Access access = 3;
+	Resource resource = 2;
+	Access access = 3;
+	int32 priority = 4;
 }

 message DeleteResponse {}
--- a/auth/service/service.go
+++ b/auth/service/service.go
@@ -3,6 +3,7 @@ package service
 import (
 	"context"
 	"fmt"
+	"sort"
 	"strings"
 	"sync"
 	"time"
@@ -18,9 +19,7 @@ import (

 // NewAuth returns a new instance of the Auth service
 func NewAuth(opts ...auth.Option) auth.Auth {
-	svc := new(svc)
-	svc.Init(opts...)
-	return svc
+	return &svc{options: auth.NewOptions(opts...)}
 }

 // svc is the service implementation of the Auth interface
@@ -55,13 +54,14 @@ func (s *svc) Init(opts ...auth.Option) {
 	}

 	// load rules periodically from the auth service
-	timer := time.NewTicker(time.Second * 30)
 	go func() {
+		ruleTimer := time.NewTicker(time.Second * 30)
+
 		// load rules immediately on startup
 		s.loadRules()

 		for {
-			<-timer.C
+			<-ruleTimer.C

 			// jitter for up to 5 seconds, this stops
 			// all the services calling the auth service
@@ -73,6 +73,8 @@ func (s *svc) Init(opts ...auth.Option) {
 }

 func (s *svc) Options() auth.Options {
+	s.Lock()
+	defer s.Unlock()
 	return s.options
 }

@@ -82,8 +84,11 @@ func (s *svc) Generate(id string, opts ...auth.GenerateOption) (*auth.Account, e

 	rsp, err := s.auth.Generate(context.TODO(), &pb.GenerateRequest{
 		Id:        id,
+		Type:      options.Type,
+		Secret:    options.Secret,
 		Roles:     options.Roles,
 		Metadata:  options.Metadata,
+		Provider:  options.Provider,
 		Namespace: options.Namespace,
 	})
 	if err != nil {
@@ -99,9 +104,10 @@ func (s *svc) Grant(role string, res *auth.Resource) error {
 		Role:   role,
 		Access: pb.Access_GRANTED,
 		Resource: &pb.Resource{
-			Type:     res.Type,
-			Name:     res.Name,
-			Endpoint: res.Endpoint,
+			Namespace: res.Namespace,
+			Type:      res.Type,
+			Name:      res.Name,
+			Endpoint:  res.Endpoint,
 		},
 	})
 	return err
@@ -113,9 +119,10 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {
 		Role:   role,
 		Access: pb.Access_GRANTED,
 		Resource: &pb.Resource{
-			Type:     res.Type,
-			Name:     res.Name,
-			Endpoint: res.Endpoint,
+			Namespace: res.Namespace,
+			Type:      res.Type,
+			Name:      res.Name,
+			Endpoint:  res.Endpoint,
 		},
 	})
 	return err
@@ -123,11 +130,17 @@ func (s *svc) Revoke(role string, res *auth.Resource) error {

 // Verify an account has access to a resource
 func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
+	// set the namespace on the resource
+	if len(res.Namespace) == 0 {
+		res.Namespace = s.Options().Namespace
+	}
+
 	queries := [][]string{
-		{res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin (role is checked in accessForRule)
-		{res.Type, res.Name, "*"},          // check for wildcard endpoint, e.g. service.foo*
-		{res.Type, "*"},                    // check for wildcard name, e.g. service.*
-		{"*"},                              // check for wildcard type, e.g. *
+		{res.Namespace, res.Type, res.Name, res.Endpoint}, // check for specific role, e.g. service.foo.ListFoo:admin (role is checked in accessForRule)
+		{res.Namespace, res.Type, res.Name, "*"},          // check for wildcard endpoint, e.g. service.foo*
+		{res.Namespace, res.Type, "*"},                    // check for wildcard name, e.g. service.*
+		{res.Namespace, "*"},                              // check for wildcard type, e.g. *
+		{"*"},                                             // check for wildcard namespace
 	}

 	// endpoint is a url which can have wildcard excludes, e.g.
@@ -139,60 +152,61 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource) error {
 		}
 	}

+	// set a default account id / namespace to log
+	logID := acc.ID
+	if len(logID) == 0 {
+		logID = "[no account]"
+	}
+	logNamespace := acc.Namespace
+	if len(logNamespace) == 0 {
+		logNamespace = "[no namespace]"
+	}
+
 	for _, q := range queries {
 		for _, rule := range s.listRules(q...) {
 			switch accessForRule(rule, acc, res) {
 			case pb.Access_UNKNOWN:
 				continue // rule did not specify access, check the next rule
 			case pb.Access_GRANTED:
-				log.Infof("%v granted access to %v:%v:%v by rule %v", acc.ID, res.Type, res.Name, res.Endpoint, rule.Id)
+				log.Tracef("%v:%v granted access to %v:%v:%v:%v by rule %v", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, rule.Id)
 				return nil // rule grants the account access to the resource
 			case pb.Access_DENIED:
-				log.Infof("%v denied access to %v:%v:%v by rule %v", acc.ID, res.Type, res.Name, res.Endpoint, rule.Id)
+				log.Tracef("%v:%v denied access to %v:%v:%v:%v by rule %v", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, rule.Id)
 				return auth.ErrForbidden // rule denies access to the resource
 			}
 		}
 	}

 	// no rules were found for the resource, default to denying access
-	log.Infof("%v denied access to %v:%v:%v by lack of rule (%v rules found)", acc.ID, res.Type, res.Name, res.Endpoint, len(s.rules))
+	log.Tracef("%v:%v denied access to %v:%v:%v:%v by lack of rule (%v rules found for namespace)", logNamespace, logID, res.Namespace, res.Type, res.Name, res.Endpoint, len(s.listRules(res.Namespace)))
 	return auth.ErrForbidden
 }

 // Inspect a token
 func (s *svc) Inspect(token string) (*auth.Account, error) {
-	// try to decode JWT locally and fall back to srv if an error
-	// occurs, TODO: find a better way of determining if the token
-	// is a JWT, possibly update the interface to take an auth.Token
-	// and not just the string
+	// try to decode JWT locally and fall back to srv if an error occurs
 	if len(strings.Split(token, ".")) == 3 && s.jwt != nil {
-		if tok, err := s.jwt.Inspect(token); err == nil {
-			return &auth.Account{
-				ID:       tok.Subject,
-				Roles:    tok.Roles,
-				Metadata: tok.Metadata,
-			}, nil
-		}
+		return s.jwt.Inspect(token)
 	}

-	rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{
-		Token: token,
-	})
+	// the token is not a JWT or we do not have the keys to decode it,
+	// fall back to the auth service
+	rsp, err := s.auth.Inspect(context.TODO(), &pb.InspectRequest{Token: token})
 	if err != nil {
 		return nil, err
 	}
-
 	return serializeAccount(rsp.Account), nil
 }

 // Token generation using an account ID and secret
-func (s *svc) Token(id, secret string, opts ...auth.TokenOption) (*auth.Token, error) {
+func (s *svc) Token(opts ...auth.TokenOption) (*auth.Token, error) {
 	options := auth.NewTokenOptions(opts...)

 	rsp, err := s.auth.Token(context.Background(), &pb.TokenRequest{
-		Id:          id,
-		Secret:      secret,
-		TokenExpiry: int64(options.TokenExpiry.Seconds()),
+		Id:           options.ID,
+		Secret:       options.Secret,
+		RefreshToken: options.RefreshToken,
+		TokenExpiry:  int64(options.Expiry.Seconds()),
 	})
 	if err != nil {
 		return nil, err
@@ -224,21 +238,35 @@ func accessForRule(rule *pb.Rule, acc *auth.Account, res *auth.Resource) pb.Acce
 	return pb.Access_UNKNOWN
 }

-// listRules gets all the rules from the store which have an id
-// prefix matching the filters
+// listRules gets all the rules from the store which match the filters.
+// filters are namespace, type, name and then endpoint.
 func (s *svc) listRules(filters ...string) []*pb.Rule {
 	s.Lock()
 	defer s.Unlock()

-	prefix := strings.Join(filters, ruleJoinKey)
-
 	var rules []*pb.Rule
 	for _, r := range s.rules {
-		if strings.HasPrefix(r.Id, prefix) {
-			rules = append(rules, r)
+		if len(filters) > 0 && r.Resource.Namespace != filters[0] {
+			continue
 		}
+		if len(filters) > 1 && r.Resource.Type != filters[1] {
+			continue
+		}
+		if len(filters) > 2 && r.Resource.Name != filters[2] {
+			continue
+		}
+		if len(filters) > 3 && r.Resource.Endpoint != filters[3] {
+			continue
+		}
+
+		rules = append(rules, r)
 	}

+	// sort rules by priority
+	sort.Slice(rules, func(i, j int) bool {
+		return rules[i].Priority < rules[j].Priority
+	})
+
 	return rules
 }

@@ -258,13 +286,10 @@ func (s *svc) loadRules() {

 func serializeToken(t *pb.Token) *auth.Token {
 	return &auth.Token{
-		Token:    t.Token,
-		Type:     t.Type,
-		Created:  time.Unix(t.Created, 0),
-		Expiry:   time.Unix(t.Expiry, 0),
-		Subject:  t.Subject,
-		Roles:    t.Roles,
-		Metadata: t.Metadata,
+		AccessToken:  t.AccessToken,
+		RefreshToken: t.RefreshToken,
+		Created:      time.Unix(t.Created, 0),
+		Expiry:       time.Unix(t.Expiry, 0),
 	}
 }

@@ -272,8 +297,9 @@ func serializeAccount(a *pb.Account) *auth.Account {
 	return &auth.Account{
 		ID:        a.Id,
 		Roles:     a.Roles,
-		Metadata:  a.Metadata,
-		Namespace: a.Namespace,
 		Secret:    a.Secret,
+		Metadata:  a.Metadata,
+		Provider:  a.Provider,
+		Namespace: a.Namespace,
 	}
 }
--- a/auth/service/sevice_test.go
+++ b/auth/service/sevice_test.go
@@ -0,0 +1,26 @@
+package service
+
+import (
+	"testing"
+
+	pb "github.com/micro/go-micro/v2/auth/service/proto"
+)
+
+func TestListRulesSorting(t *testing.T) {
+	s := &svc{
+		rules: []*pb.Rule{
+			&pb.Rule{Priority: 1},
+			&pb.Rule{Priority: 3},
+			&pb.Rule{Priority: 2},
+		},
+	}
+
+	var priorities []int32
+	for _, r := range s.listRules() {
+		priorities = append(priorities, r.Priority)
+	}
+
+	if priorities[0] != 1 || priorities[1] != 2 || priorities[2] != 3 {
+		t.Errorf("Incorrect Rule Sequence")
+	}
+}
--- a/auth/token/basic/basic.go
+++ b/auth/token/basic/basic.go
@@ -35,30 +35,19 @@ func NewTokenProvider(opts ...token.Option) token.Provider {
 }

 // Generate a token for an account
-func (b *Basic) Generate(subject string, opts ...token.GenerateOption) (*auth.Token, error) {
+func (b *Basic) Generate(acc *auth.Account, opts ...token.GenerateOption) (*token.Token, error) {
 	options := token.NewGenerateOptions(opts...)

-	// construct the token
-	token := auth.Token{
-		Subject:   subject,
-		Type:      b.String(),
-		Token:     uuid.New().String(),
-		Created:   time.Now(),
-		Expiry:    time.Now().Add(options.Expiry),
-		Metadata:  options.Metadata,
-		Roles:     options.Roles,
-		Namespace: options.Namespace,
-	}
-
 	// marshal the account to bytes
-	bytes, err := json.Marshal(token)
+	bytes, err := json.Marshal(acc)
 	if err != nil {
 		return nil, err
 	}

 	// write to the store
+	key := uuid.New().String()
 	err = b.store.Write(&store.Record{
-		Key:    fmt.Sprintf("%v%v", StorePrefix, token.Token),
+		Key:    fmt.Sprintf("%v%v", StorePrefix, key),
 		Value:  bytes,
 		Expiry: options.Expiry,
 	})
@@ -67,11 +56,15 @@ func (b *Basic) Generate(subject string, opts ...token.GenerateOption) (*auth.To
 	}

 	// return the token
-	return &token, nil
+	return &token.Token{
+		Token:   key,
+		Created: time.Now(),
+		Expiry:  time.Now().Add(options.Expiry),
+	}, nil
 }

 // Inspect a token
-func (b *Basic) Inspect(t string) (*auth.Token, error) {
+func (b *Basic) Inspect(t string) (*auth.Account, error) {
 	// lookup the token in the store
 	recs, err := b.store.Read(StorePrefix + t)
 	if err == store.ErrNotFound {
@@ -82,18 +75,12 @@ func (b *Basic) Inspect(t string) (*auth.Token, error) {
 	bytes := recs[0].Value

 	// unmarshal the bytes
-	var tok *auth.Token
-	if err := json.Unmarshal(bytes, &tok); err != nil {
+	var acc *auth.Account
+	if err := json.Unmarshal(bytes, &acc); err != nil {
 		return nil, err
 	}

-	// ensure the token hasn't expired, the store should
-	// expire the token but we're checking again
-	if tok.Expiry.Unix() < time.Now().Unix() {
-		return nil, token.ErrInvalidToken
-	}
-
-	return tok, err
+	return acc, nil
 }

 // String returns basic
--- a/auth/token/basic/basic_test.go
+++ b/auth/token/basic/basic_test.go
@@ -2,8 +2,8 @@ package basic

 import (
 	"testing"
-	"time"

+	"github.com/micro/go-micro/v2/auth"
 	"github.com/micro/go-micro/v2/auth/token"
 	"github.com/micro/go-micro/v2/store/memory"
 )
@@ -12,7 +12,7 @@ func TestGenerate(t *testing.T) {
 	store := memory.NewStore()
 	b := NewTokenProvider(token.WithStore(store))

-	_, err := b.Generate("test")
+	_, err := b.Generate(&auth.Account{ID: "test"})
 	if err != nil {
 		t.Fatalf("Generate returned %v error, expected nil", err)
 	}
@@ -35,12 +35,7 @@ func TestInspect(t *testing.T) {
 		roles := []string{"admin"}
 		subject := "test"

-		opts := []token.GenerateOption{
-			token.WithMetadata(md),
-			token.WithRoles(roles...),
-		}
-
-		tok, err := b.Generate(subject, opts...)
+		tok, err := b.Generate(&auth.Account{ID: subject, Roles: roles, Metadata: md})
 		if err != nil {
 			t.Fatalf("Generate returned %v error, expected nil", err)
 		}
@@ -49,8 +44,8 @@ func TestInspect(t *testing.T) {
 		if err != nil {
 			t.Fatalf("Inspect returned %v error, expected nil", err)
 		}
-		if tok2.Subject != subject {
-			t.Errorf("Inspect returned %v as the token subject, expected %v", tok2.Subject, subject)
+		if tok2.ID != subject {
+			t.Errorf("Inspect returned %v as the token subject, expected %v", tok2.ID, subject)
 		}
 		if len(tok2.Roles) != len(roles) {
 			t.Errorf("Inspect returned %v roles, expected %v", len(tok2.Roles), len(roles))
@@ -60,17 +55,6 @@ func TestInspect(t *testing.T) {
 		}
 	})

-	t.Run("Expired token", func(t *testing.T) {
-		tok, err := b.Generate("foo", token.WithExpiry(-10*time.Second))
-		if err != nil {
-			t.Fatalf("Generate returned %v error, expected nil", err)
-		}
-
-		if _, err = b.Inspect(tok.Token); err != token.ErrInvalidToken {
-			t.Fatalf("Inspect returned %v error, expected %v", err, token.ErrInvalidToken)
-		}
-	})
-
 	t.Run("Invalid token", func(t *testing.T) {
 		_, err := b.Inspect("Invalid token")
 		if err != token.ErrInvalidToken {
--- a/auth/token/jwt/jwt.go
+++ b/auth/token/jwt/jwt.go
@@ -11,7 +11,9 @@ import (

 // authClaims to be encoded in the JWT
 type authClaims struct {
+	Type      string            `json:"type"`
 	Roles     []string          `json:"roles"`
+	Provider  string            `json:"provider"`
 	Metadata  map[string]string `json:"metadata"`
 	Namespace string            `json:"namespace"`

@@ -31,7 +33,7 @@ func NewTokenProvider(opts ...token.Option) token.Provider {
 }

 // Generate a new JWT
-func (j *JWT) Generate(subject string, opts ...token.GenerateOption) (*auth.Token, error) {
+func (j *JWT) Generate(acc *auth.Account, opts ...token.GenerateOption) (*token.Token, error) {
 	// decode the private key
 	priv, err := base64.StdEncoding.DecodeString(j.opts.PrivateKey)
 	if err != nil {
@@ -50,8 +52,8 @@ func (j *JWT) Generate(subject string, opts ...token.GenerateOption) (*auth.Toke
 	// generate the JWT
 	expiry := time.Now().Add(options.Expiry)
 	t := jwt.NewWithClaims(jwt.SigningMethodRS256, authClaims{
-		options.Roles, options.Metadata, options.Namespace, jwt.StandardClaims{
-			Subject:   subject,
+		acc.Type, acc.Roles, acc.Provider, acc.Metadata, acc.Namespace, jwt.StandardClaims{
+			Subject:   acc.ID,
 			ExpiresAt: expiry.Unix(),
 		},
 	})
@@ -61,20 +63,15 @@ func (j *JWT) Generate(subject string, opts ...token.GenerateOption) (*auth.Toke
 	}

 	// return the token
-	return &auth.Token{
-		Subject:   subject,
-		Token:     tok,
-		Type:      j.String(),
-		Created:   time.Now(),
-		Expiry:    expiry,
-		Roles:     options.Roles,
-		Metadata:  options.Metadata,
-		Namespace: options.Namespace,
+	return &token.Token{
+		Token:   tok,
+		Expiry:  expiry,
+		Created: time.Now(),
 	}, nil
 }

 // Inspect a JWT
-func (j *JWT) Inspect(t string) (*auth.Token, error) {
+func (j *JWT) Inspect(t string) (*auth.Account, error) {
 	// decode the public key
 	pub, err := base64.StdEncoding.DecodeString(j.opts.PublicKey)
 	if err != nil {
@@ -99,11 +96,12 @@ func (j *JWT) Inspect(t string) (*auth.Token, error) {
 	}

 	// return the token
-	return &auth.Token{
-		Token:     t,
-		Subject:   claims.Subject,
-		Metadata:  claims.Metadata,
+	return &auth.Account{
+		ID:        claims.Subject,
+		Type:      claims.Type,
 		Roles:     claims.Roles,
+		Provider:  claims.Provider,
+		Metadata:  claims.Metadata,
 		Namespace: claims.Namespace,
 	}, nil
 }
--- a/auth/token/jwt/jwt_test.go
+++ b/auth/token/jwt/jwt_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 	"time"

+	"github.com/micro/go-micro/v2/auth"
 	"github.com/micro/go-micro/v2/auth/token"
 )

@@ -18,7 +19,7 @@ func TestGenerate(t *testing.T) {
 		token.WithPrivateKey(string(privKey)),
 	)

-	_, err = j.Generate("test")
+	_, err = j.Generate(&auth.Account{ID: "test"})
 	if err != nil {
 		t.Fatalf("Generate returned %v error, expected nil", err)
 	}
@@ -44,12 +45,8 @@ func TestInspect(t *testing.T) {
 		roles := []string{"admin"}
 		subject := "test"

-		opts := []token.GenerateOption{
-			token.WithMetadata(md),
-			token.WithRoles(roles...),
-		}
-
-		tok, err := j.Generate(subject, opts...)
+		acc := &auth.Account{ID: subject, Roles: roles, Metadata: md}
+		tok, err := j.Generate(acc)
 		if err != nil {
 			t.Fatalf("Generate returned %v error, expected nil", err)
 		}
@@ -58,8 +55,8 @@ func TestInspect(t *testing.T) {
 		if err != nil {
 			t.Fatalf("Inspect returned %v error, expected nil", err)
 		}
-		if tok2.Subject != subject {
-			t.Errorf("Inspect returned %v as the token subject, expected %v", tok2.Subject, subject)
+		if acc.ID != subject {
+			t.Errorf("Inspect returned %v as the token subject, expected %v", acc.ID, subject)
 		}
 		if len(tok2.Roles) != len(roles) {
 			t.Errorf("Inspect returned %v roles, expected %v", len(tok2.Roles), len(roles))
@@ -70,7 +67,7 @@ func TestInspect(t *testing.T) {
 	})

 	t.Run("Expired token", func(t *testing.T) {
-		tok, err := j.Generate("foo", token.WithExpiry(-10*time.Second))
+		tok, err := j.Generate(&auth.Account{}, token.WithExpiry(-10*time.Second))
 		if err != nil {
 			t.Fatalf("Generate returned %v error, expected nil", err)
 		}
--- a/auth/token/options.go
+++ b/auth/token/options.go
@@ -53,12 +53,6 @@ func NewOptions(opts ...Option) Options {
 type GenerateOptions struct {
 	// Expiry for the token
 	Expiry time.Duration
-	// Metadata associated with the account
-	Metadata map[string]string
-	// Roles/scopes associated with the account
-	Roles []string
-	// Namespace the account belongs too
-	Namespace string
 }

 type GenerateOption func(o *GenerateOptions)
@@ -70,27 +64,6 @@ func WithExpiry(d time.Duration) GenerateOption {
 	}
 }

-// WithMetadata for the token
-func WithMetadata(md map[string]string) func(o *GenerateOptions) {
-	return func(o *GenerateOptions) {
-		o.Metadata = md
-	}
-}
-
-// WithRoles for the token
-func WithRoles(rs ...string) func(o *GenerateOptions) {
-	return func(o *GenerateOptions) {
-		o.Roles = rs
-	}
-}
-
-// WithNamespace for the token
-func WithNamespace(n string) func(o *GenerateOptions) {
-	return func(o *GenerateOptions) {
-		o.Namespace = n
-	}
-}
-
 // NewGenerateOptions from a slice of options
 func NewGenerateOptions(opts ...GenerateOption) GenerateOptions {
 	var options GenerateOptions
--- a/auth/token/token.go
+++ b/auth/token/token.go
@@ -2,6 +2,7 @@ package token

 import (
 	"errors"
+	"time"

 	"github.com/micro/go-micro/v2/auth"
 )
@@ -17,7 +18,16 @@ var (

 // Provider generates and inspects tokens
 type Provider interface {
-	Generate(subject string, opts ...GenerateOption) (*auth.Token, error)
-	Inspect(token string) (*auth.Token, error)
+	Generate(account *auth.Account, opts ...GenerateOption) (*Token, error)
+	Inspect(token string) (*auth.Account, error)
 	String() string
 }
+
+type Token struct {
+	// The actual token
+	Token string `json:"token"`
+	// Time of token creation
+	Created time.Time `json:"created"`
+	// Time of token expiry
+	Expiry time.Time `json:"expiry"`
+}
--- a/broker/default.go
+++ b/broker/default.go
@@ -1,504 +0,0 @@
-package broker
-
-import (
-	"context"
-	"errors"
-	"net"
-	"net/url"
-	"strconv"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/micro/go-micro/v2/codec/json"
-	"github.com/micro/go-micro/v2/logger"
-	"github.com/micro/go-micro/v2/registry"
-	"github.com/micro/go-micro/v2/util/addr"
-	"github.com/nats-io/nats-server/v2/server"
-	nats "github.com/nats-io/nats.go"
-)
-
-type natsBroker struct {
-	sync.Once
-	sync.RWMutex
-
-	// indicate if we're connected
-	connected bool
-
-	// address to bind routes to
-	addrs []string
-	// servers for the client
-	servers []string
-
-	// client connection and nats opts
-	conn  *nats.Conn
-	opts  Options
-	nopts nats.Options
-
-	// should we drain the connection
-	drain   bool
-	closeCh chan (error)
-
-	// embedded server
-	server *server.Server
-	// configure to use local server
-	local bool
-	// server exit channel
-	exit chan bool
-}
-
-type subscriber struct {
-	s    *nats.Subscription
-	opts SubscribeOptions
-}
-
-type publication struct {
-	t   string
-	err error
-	m   *Message
-}
-
-func (p *publication) Topic() string {
-	return p.t
-}
-
-func (p *publication) Message() *Message {
-	return p.m
-}
-
-func (p *publication) Ack() error {
-	// nats does not support acking
-	return nil
-}
-
-func (p *publication) Error() error {
-	return p.err
-}
-
-func (s *subscriber) Options() SubscribeOptions {
-	return s.opts
-}
-
-func (s *subscriber) Topic() string {
-	return s.s.Subject
-}
-
-func (s *subscriber) Unsubscribe() error {
-	return s.s.Unsubscribe()
-}
-
-func (n *natsBroker) Address() string {
-	n.RLock()
-	defer n.RUnlock()
-
-	if n.server != nil {
-		return n.server.ClusterAddr().String()
-	}
-
-	if n.conn != nil && n.conn.IsConnected() {
-		return n.conn.ConnectedUrl()
-	}
-
-	if len(n.addrs) > 0 {
-		return n.addrs[0]
-	}
-
-	return "127.0.0.1:-1"
-}
-
-func (n *natsBroker) setAddrs(addrs []string) []string {
-	//nolint:prealloc
-	var cAddrs []string
-	for _, addr := range addrs {
-		if len(addr) == 0 {
-			continue
-		}
-		if !strings.HasPrefix(addr, "nats://") {
-			addr = "nats://" + addr
-		}
-		cAddrs = append(cAddrs, addr)
-	}
-	// if there's no address and we weren't told to
-	// embed a local server then use the default url
-	if len(cAddrs) == 0 && !n.local {
-		cAddrs = []string{nats.DefaultURL}
-	}
-	return cAddrs
-}
-
-// serve stats a local nats server if needed
-func (n *natsBroker) serve(exit chan bool) error {
-	// local server address
-	host := "127.0.0.1"
-	port := -1
-
-	// cluster address
-	caddr := "0.0.0.0"
-	cport := -1
-
-	// with no address we just default it
-	// this is a local client address
-	if len(n.addrs) > 0 {
-		address := n.addrs[0]
-		if strings.HasPrefix(address, "nats://") {
-			address = strings.TrimPrefix(address, "nats://")
-		}
-
-		// parse out the address
-		h, p, err := net.SplitHostPort(address)
-		if err == nil {
-			caddr = h
-			cport, _ = strconv.Atoi(p)
-		}
-	}
-
-	// 1. create new server
-	// 2. register the server
-	// 3. connect to other servers
-
-	// set cluster opts
-	cOpts := server.ClusterOpts{
-		Host: caddr,
-		Port: cport,
-	}
-
-	// get the routes for other nodes
-	var routes []*url.URL
-
-	// get existing nats servers to connect to
-	services, err := n.opts.Registry.GetService("go.micro.nats.broker")
-	if err == nil {
-		for _, service := range services {
-			for _, node := range service.Nodes {
-				u, err := url.Parse("nats://" + node.Address)
-				if err != nil {
-					if logger.V(logger.InfoLevel, logger.DefaultLogger) {
-						logger.Info(err)
-					}
-					continue
-				}
-				// append to the cluster routes
-				routes = append(routes, u)
-			}
-		}
-	}
-
-	// try get existing server
-	s := n.server
-
-	if s != nil {
-		// stop the existing server
-		s.Shutdown()
-	}
-
-	s, err = server.NewServer(&server.Options{
-		// Specify the host
-		Host: host,
-		// Use a random port
-		Port: port,
-		// Set the cluster ops
-		Cluster: cOpts,
-		// Set the routes
-		Routes:         routes,
-		NoLog:          true,
-		NoSigs:         true,
-		MaxControlLine: 2048,
-		TLSConfig:      n.opts.TLSConfig,
-	})
-	if err != nil {
-		return err
-	}
-
-	// save the server
-	n.server = s
-
-	// start the server
-	go s.Start()
-
-	var ready bool
-
-	// wait till its ready for connections
-	for i := 0; i < 3; i++ {
-		if s.ReadyForConnections(time.Second) {
-			ready = true
-			break
-		}
-	}
-
-	if !ready {
-		return errors.New("server not ready")
-	}
-
-	// set the client address
-	n.servers = []string{s.ClientURL()}
-
-	go func() {
-		var advertise string
-
-		// parse out the address
-		_, port, err := net.SplitHostPort(s.ClusterAddr().String())
-		if err == nil {
-			addr, _ := addr.Extract("")
-			advertise = net.JoinHostPort(addr, port)
-		} else {
-			s.ClusterAddr().String()
-		}
-
-		// register the cluster address
-		for {
-			select {
-			case err := <-n.closeCh:
-				if err != nil {
-					if logger.V(logger.InfoLevel, logger.DefaultLogger) {
-						logger.Info(err)
-					}
-				}
-			case <-exit:
-				// deregister on exit
-				n.opts.Registry.Deregister(&registry.Service{
-					Name:    "go.micro.nats.broker",
-					Version: "v2",
-					Nodes: []*registry.Node{
-						{Id: s.ID(), Address: advertise},
-					},
-				})
-				s.Shutdown()
-				return
-			default:
-				// register the broker
-				n.opts.Registry.Register(&registry.Service{
-					Name:    "go.micro.nats.broker",
-					Version: "v2",
-					Nodes: []*registry.Node{
-						{Id: s.ID(), Address: advertise},
-					},
-				}, registry.RegisterTTL(time.Minute))
-				time.Sleep(time.Minute)
-			}
-		}
-	}()
-
-	return nil
-}
-
-func (n *natsBroker) Connect() error {
-	n.Lock()
-	defer n.Unlock()
-
-	if !n.connected {
-		// create exit chan
-		n.exit = make(chan bool)
-
-		// start the local server
-		if err := n.serve(n.exit); err != nil {
-			return err
-		}
-
-		// set to connected
-	}
-
-	status := nats.CLOSED
-	if n.conn != nil {
-		status = n.conn.Status()
-	}
-
-	switch status {
-	case nats.CONNECTED, nats.RECONNECTING, nats.CONNECTING:
-		return nil
-	default: // DISCONNECTED or CLOSED or DRAINING
-		opts := n.nopts
-		opts.DrainTimeout = 1 * time.Second
-		opts.AsyncErrorCB = n.onAsyncError
-		opts.DisconnectedErrCB = n.onDisconnectedError
-		opts.ClosedCB = n.onClose
-		opts.Servers = n.servers
-		opts.Secure = n.opts.Secure
-		opts.TLSConfig = n.opts.TLSConfig
-
-		// secure might not be set
-		if n.opts.TLSConfig != nil {
-			opts.Secure = true
-		}
-
-		c, err := opts.Connect()
-		if err != nil {
-			return err
-		}
-		n.conn = c
-
-		n.connected = true
-
-		return nil
-	}
-}
-
-func (n *natsBroker) Disconnect() error {
-	n.RLock()
-	defer n.RUnlock()
-
-	if !n.connected {
-		return nil
-	}
-
-	// drain the connection if specified
-	if n.drain {
-		n.conn.Drain()
-	}
-
-	// close the client connection
-	n.conn.Close()
-
-	// shutdown the local server
-	// and deregister
-	if n.server != nil {
-		select {
-		case <-n.exit:
-		default:
-			close(n.exit)
-		}
-	}
-
-	// set not connected
-	n.connected = false
-
-	return nil
-}
-
-func (n *natsBroker) Init(opts ...Option) error {
-	n.setOption(opts...)
-	return nil
-}
-
-func (n *natsBroker) Options() Options {
-	return n.opts
-}
-
-func (n *natsBroker) Publish(topic string, msg *Message, opts ...PublishOption) error {
-	b, err := n.opts.Codec.Marshal(msg)
-	if err != nil {
-		return err
-	}
-	n.RLock()
-	defer n.RUnlock()
-	return n.conn.Publish(topic, b)
-}
-
-func (n *natsBroker) Subscribe(topic string, handler Handler, opts ...SubscribeOption) (Subscriber, error) {
-	if n.conn == nil {
-		return nil, errors.New("not connected")
-	}
-
-	opt := SubscribeOptions{
-		AutoAck: true,
-		Context: context.Background(),
-	}
-
-	for _, o := range opts {
-		o(&opt)
-	}
-
-	fn := func(msg *nats.Msg) {
-		var m Message
-		pub := &publication{t: msg.Subject}
-		eh := n.opts.ErrorHandler
-		err := n.opts.Codec.Unmarshal(msg.Data, &m)
-		pub.err = err
-		pub.m = &m
-		if err != nil {
-			m.Body = msg.Data
-			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
-				logger.Error(err)
-			}
-			if eh != nil {
-				eh(pub)
-			}
-			return
-		}
-		if err := handler(pub); err != nil {
-			pub.err = err
-			if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
-				logger.Error(err)
-			}
-			if eh != nil {
-				eh(pub)
-			}
-		}
-	}
-
-	var sub *nats.Subscription
-	var err error
-
-	n.RLock()
-	if len(opt.Queue) > 0 {
-		sub, err = n.conn.QueueSubscribe(topic, opt.Queue, fn)
-	} else {
-		sub, err = n.conn.Subscribe(topic, fn)
-	}
-	n.RUnlock()
-	if err != nil {
-		return nil, err
-	}
-	return &subscriber{s: sub, opts: opt}, nil
-}
-
-func (n *natsBroker) String() string {
-	return "eats"
-}
-
-func (n *natsBroker) setOption(opts ...Option) {
-	for _, o := range opts {
-		o(&n.opts)
-	}
-
-	n.Once.Do(func() {
-		n.nopts = nats.GetDefaultOptions()
-	})
-
-	// local embedded server
-	n.local = true
-	// set to drain
-	n.drain = true
-
-	if !n.opts.Secure {
-		n.opts.Secure = n.nopts.Secure
-	}
-
-	if n.opts.TLSConfig == nil {
-		n.opts.TLSConfig = n.nopts.TLSConfig
-	}
-
-	n.addrs = n.setAddrs(n.opts.Addrs)
-}
-
-func (n *natsBroker) onClose(conn *nats.Conn) {
-	n.closeCh <- nil
-}
-
-func (n *natsBroker) onDisconnectedError(conn *nats.Conn, err error) {
-	n.closeCh <- err
-}
-
-func (n *natsBroker) onAsyncError(conn *nats.Conn, sub *nats.Subscription, err error) {
-	// There are kinds of different async error nats might callback, but we are interested
-	// in ErrDrainTimeout only here.
-	if err == nats.ErrDrainTimeout {
-		n.closeCh <- err
-	}
-}
-
-func NewBroker(opts ...Option) Broker {
-	options := Options{
-		// Default codec
-		Codec:    json.Marshaler{},
-		Context:  context.Background(),
-		Registry: registry.DefaultRegistry,
-	}
-
-	n := &natsBroker{
-		opts:    options,
-		closeCh: make(chan error),
-	}
-	n.setOption(opts...)
-
-	return n
-}
--- a/broker/http.go
+++ b/broker/http.go
@@ -0,0 +1,711 @@
+// Package http provides a http based message broker
+package broker
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"math/rand"
+	"net"
+	"net/http"
+	"net/url"
+	"runtime"
+	"sync"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/micro/go-micro/v2/codec/json"
+	merr "github.com/micro/go-micro/v2/errors"
+	"github.com/micro/go-micro/v2/registry"
+	"github.com/micro/go-micro/v2/registry/cache"
+	maddr "github.com/micro/go-micro/v2/util/addr"
+	mnet "github.com/micro/go-micro/v2/util/net"
+	mls "github.com/micro/go-micro/v2/util/tls"
+	"golang.org/x/net/http2"
+)
+
+// HTTP Broker is a point to point async broker
+type httpBroker struct {
+	id      string
+	address string
+	opts    Options
+
+	mux *http.ServeMux
+
+	c *http.Client
+	r registry.Registry
+
+	sync.RWMutex
+	subscribers map[string][]*httpSubscriber
+	running     bool
+	exit        chan chan error
+
+	// offline message inbox
+	mtx   sync.RWMutex
+	inbox map[string][][]byte
+}
+
+type httpSubscriber struct {
+	opts  SubscribeOptions
+	id    string
+	topic string
+	fn    Handler
+	svc   *registry.Service
+	hb    *httpBroker
+}
+
+type httpEvent struct {
+	m   *Message
+	t   string
+	err error
+}
+
+var (
+	DefaultPath      = "/"
+	DefaultAddress   = "127.0.0.1:0"
+	serviceName      = "micro.http.broker"
+	broadcastVersion = "ff.http.broadcast"
+	registerTTL      = time.Minute
+	registerInterval = time.Second * 30
+)
+
+func init() {
+	rand.Seed(time.Now().Unix())
+}
+
+func newTransport(config *tls.Config) *http.Transport {
+	if config == nil {
+		config = &tls.Config{
+			InsecureSkipVerify: true,
+		}
+	}
+
+	dialTLS := func(network string, addr string) (net.Conn, error) {
+		return tls.Dial(network, addr, config)
+	}
+
+	t := &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		Dial: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}).Dial,
+		TLSHandshakeTimeout: 10 * time.Second,
+		DialTLS:             dialTLS,
+	}
+	runtime.SetFinalizer(&t, func(tr **http.Transport) {
+		(*tr).CloseIdleConnections()
+	})
+
+	// setup http2
+	http2.ConfigureTransport(t)
+
+	return t
+}
+
+func newHttpBroker(opts ...Option) Broker {
+	options := Options{
+		Codec:    json.Marshaler{},
+		Context:  context.TODO(),
+		Registry: registry.DefaultRegistry,
+	}
+
+	for _, o := range opts {
+		o(&options)
+	}
+
+	// set address
+	addr := DefaultAddress
+
+	if len(options.Addrs) > 0 && len(options.Addrs[0]) > 0 {
+		addr = options.Addrs[0]
+	}
+
+	h := &httpBroker{
+		id:          uuid.New().String(),
+		address:     addr,
+		opts:        options,
+		r:           options.Registry,
+		c:           &http.Client{Transport: newTransport(options.TLSConfig)},
+		subscribers: make(map[string][]*httpSubscriber),
+		exit:        make(chan chan error),
+		mux:         http.NewServeMux(),
+		inbox:       make(map[string][][]byte),
+	}
+
+	// specify the message handler
+	h.mux.Handle(DefaultPath, h)
+
+	// get optional handlers
+	if h.opts.Context != nil {
+		handlers, ok := h.opts.Context.Value("http_handlers").(map[string]http.Handler)
+		if ok {
+			for pattern, handler := range handlers {
+				h.mux.Handle(pattern, handler)
+			}
+		}
+	}
+
+	return h
+}
+
+func (h *httpEvent) Ack() error {
+	return nil
+}
+
+func (h *httpEvent) Error() error {
+	return h.err
+}
+
+func (h *httpEvent) Message() *Message {
+	return h.m
+}
+
+func (h *httpEvent) Topic() string {
+	return h.t
+}
+
+func (h *httpSubscriber) Options() SubscribeOptions {
+	return h.opts
+}
+
+func (h *httpSubscriber) Topic() string {
+	return h.topic
+}
+
+func (h *httpSubscriber) Unsubscribe() error {
+	return h.hb.unsubscribe(h)
+}
+
+func (h *httpBroker) saveMessage(topic string, msg []byte) {
+	h.mtx.Lock()
+	defer h.mtx.Unlock()
+
+	// get messages
+	c := h.inbox[topic]
+
+	// save message
+	c = append(c, msg)
+
+	// max length 64
+	if len(c) > 64 {
+		c = c[:64]
+	}
+
+	// save inbox
+	h.inbox[topic] = c
+}
+
+func (h *httpBroker) getMessage(topic string, num int) [][]byte {
+	h.mtx.Lock()
+	defer h.mtx.Unlock()
+
+	// get messages
+	c, ok := h.inbox[topic]
+	if !ok {
+		return nil
+	}
+
+	// more message than requests
+	if len(c) >= num {
+		msg := c[:num]
+		h.inbox[topic] = c[num:]
+		return msg
+	}
+
+	// reset inbox
+	h.inbox[topic] = nil
+
+	// return all messages
+	return c
+}
+
+func (h *httpBroker) subscribe(s *httpSubscriber) error {
+	h.Lock()
+	defer h.Unlock()
+
+	if err := h.r.Register(s.svc, registry.RegisterTTL(registerTTL)); err != nil {
+		return err
+	}
+
+	h.subscribers[s.topic] = append(h.subscribers[s.topic], s)
+	return nil
+}
+
+func (h *httpBroker) unsubscribe(s *httpSubscriber) error {
+	h.Lock()
+	defer h.Unlock()
+
+	//nolint:prealloc
+	var subscribers []*httpSubscriber
+
+	// look for subscriber
+	for _, sub := range h.subscribers[s.topic] {
+		// deregister and skip forward
+		if sub == s {
+			_ = h.r.Deregister(sub.svc)
+			continue
+		}
+		// keep subscriber
+		subscribers = append(subscribers, sub)
+	}
+
+	// set subscribers
+	h.subscribers[s.topic] = subscribers
+
+	return nil
+}
+
+func (h *httpBroker) run(l net.Listener) {
+	t := time.NewTicker(registerInterval)
+	defer t.Stop()
+
+	for {
+		select {
+		// heartbeat for each subscriber
+		case <-t.C:
+			h.RLock()
+			for _, subs := range h.subscribers {
+				for _, sub := range subs {
+					_ = h.r.Register(sub.svc, registry.RegisterTTL(registerTTL))
+				}
+			}
+			h.RUnlock()
+		// received exit signal
+		case ch := <-h.exit:
+			ch <- l.Close()
+			h.RLock()
+			for _, subs := range h.subscribers {
+				for _, sub := range subs {
+					_ = h.r.Deregister(sub.svc)
+				}
+			}
+			h.RUnlock()
+			return
+		}
+	}
+}
+
+func (h *httpBroker) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	if req.Method != "POST" {
+		err := merr.BadRequest("go.micro.broker", "Method not allowed")
+		http.Error(w, err.Error(), http.StatusMethodNotAllowed)
+		return
+	}
+	defer req.Body.Close()
+
+	req.ParseForm()
+
+	b, err := ioutil.ReadAll(req.Body)
+	if err != nil {
+		errr := merr.InternalServerError("go.micro.broker", "Error reading request body: %v", err)
+		w.WriteHeader(500)
+		w.Write([]byte(errr.Error()))
+		return
+	}
+
+	var m *Message
+	if err = h.opts.Codec.Unmarshal(b, &m); err != nil {
+		errr := merr.InternalServerError("go.micro.broker", "Error parsing request body: %v", err)
+		w.WriteHeader(500)
+		w.Write([]byte(errr.Error()))
+		return
+	}
+
+	topic := m.Header["Micro-Topic"]
+	//delete(m.Header, ":topic")
+
+	if len(topic) == 0 {
+		errr := merr.InternalServerError("go.micro.broker", "Topic not found")
+		w.WriteHeader(500)
+		w.Write([]byte(errr.Error()))
+		return
+	}
+
+	p := &httpEvent{m: m, t: topic}
+	id := req.Form.Get("id")
+
+	//nolint:prealloc
+	var subs []Handler
+
+	h.RLock()
+	for _, subscriber := range h.subscribers[topic] {
+		if id != subscriber.id {
+			continue
+		}
+		subs = append(subs, subscriber.fn)
+	}
+	h.RUnlock()
+
+	// execute the handler
+	for _, fn := range subs {
+		p.err = fn(p)
+	}
+}
+
+func (h *httpBroker) Address() string {
+	h.RLock()
+	defer h.RUnlock()
+	return h.address
+}
+
+func (h *httpBroker) Connect() error {
+	h.RLock()
+	if h.running {
+		h.RUnlock()
+		return nil
+	}
+	h.RUnlock()
+
+	h.Lock()
+	defer h.Unlock()
+
+	var l net.Listener
+	var err error
+
+	if h.opts.Secure || h.opts.TLSConfig != nil {
+		config := h.opts.TLSConfig
+
+		fn := func(addr string) (net.Listener, error) {
+			if config == nil {
+				hosts := []string{addr}
+
+				// check if its a valid host:port
+				if host, _, err := net.SplitHostPort(addr); err == nil {
+					if len(host) == 0 {
+						hosts = maddr.IPs()
+					} else {
+						hosts = []string{host}
+					}
+				}
+
+				// generate a certificate
+				cert, err := mls.Certificate(hosts...)
+				if err != nil {
+					return nil, err
+				}
+				config = &tls.Config{Certificates: []tls.Certificate{cert}}
+			}
+			return tls.Listen("tcp", addr, config)
+		}
+
+		l, err = mnet.Listen(h.address, fn)
+	} else {
+		fn := func(addr string) (net.Listener, error) {
+			return net.Listen("tcp", addr)
+		}
+
+		l, err = mnet.Listen(h.address, fn)
+	}
+
+	if err != nil {
+		return err
+	}
+
+	addr := h.address
+	h.address = l.Addr().String()
+
+	go http.Serve(l, h.mux)
+	go func() {
+		h.run(l)
+		h.Lock()
+		h.opts.Addrs = []string{addr}
+		h.address = addr
+		h.Unlock()
+	}()
+
+	// get registry
+	reg := h.opts.Registry
+	if reg == nil {
+		reg = registry.DefaultRegistry
+	}
+	// set cache
+	h.r = cache.New(reg)
+
+	// set running
+	h.running = true
+	return nil
+}
+
+func (h *httpBroker) Disconnect() error {
+	h.RLock()
+	if !h.running {
+		h.RUnlock()
+		return nil
+	}
+	h.RUnlock()
+
+	h.Lock()
+	defer h.Unlock()
+
+	// stop cache
+	rc, ok := h.r.(cache.Cache)
+	if ok {
+		rc.Stop()
+	}
+
+	// exit and return err
+	ch := make(chan error)
+	h.exit <- ch
+	err := <-ch
+
+	// set not running
+	h.running = false
+	return err
+}
+
+func (h *httpBroker) Init(opts ...Option) error {
+	h.RLock()
+	if h.running {
+		h.RUnlock()
+		return errors.New("cannot init while connected")
+	}
+	h.RUnlock()
+
+	h.Lock()
+	defer h.Unlock()
+
+	for _, o := range opts {
+		o(&h.opts)
+	}
+
+	if len(h.opts.Addrs) > 0 && len(h.opts.Addrs[0]) > 0 {
+		h.address = h.opts.Addrs[0]
+	}
+
+	if len(h.id) == 0 {
+		h.id = "go.micro.http.broker-" + uuid.New().String()
+	}
+
+	// get registry
+	reg := h.opts.Registry
+	if reg == nil {
+		reg = registry.DefaultRegistry
+	}
+
+	// get cache
+	if rc, ok := h.r.(cache.Cache); ok {
+		rc.Stop()
+	}
+
+	// set registry
+	h.r = cache.New(reg)
+
+	// reconfigure tls config
+	if c := h.opts.TLSConfig; c != nil {
+		h.c = &http.Client{
+			Transport: newTransport(c),
+		}
+	}
+
+	return nil
+}
+
+func (h *httpBroker) Options() Options {
+	return h.opts
+}
+
+func (h *httpBroker) Publish(topic string, msg *Message, opts ...PublishOption) error {
+	// create the message first
+	m := &Message{
+		Header: make(map[string]string),
+		Body:   msg.Body,
+	}
+
+	for k, v := range msg.Header {
+		m.Header[k] = v
+	}
+
+	m.Header["Micro-Topic"] = topic
+
+	// encode the message
+	b, err := h.opts.Codec.Marshal(m)
+	if err != nil {
+		return err
+	}
+
+	// save the message
+	h.saveMessage(topic, b)
+
+	// now attempt to get the service
+	h.RLock()
+	s, err := h.r.GetService(serviceName)
+	if err != nil {
+		h.RUnlock()
+		return err
+	}
+	h.RUnlock()
+
+	pub := func(node *registry.Node, t string, b []byte) error {
+		scheme := "http"
+
+		// check if secure is added in metadata
+		if node.Metadata["secure"] == "true" {
+			scheme = "https"
+		}
+
+		vals := url.Values{}
+		vals.Add("id", node.Id)
+
+		uri := fmt.Sprintf("%s://%s%s?%s", scheme, node.Address, DefaultPath, vals.Encode())
+		r, err := h.c.Post(uri, "application/json", bytes.NewReader(b))
+		if err != nil {
+			return err
+		}
+
+		// discard response body
+		io.Copy(ioutil.Discard, r.Body)
+		r.Body.Close()
+		return nil
+	}
+
+	srv := func(s []*registry.Service, b []byte) {
+		for _, service := range s {
+			var nodes []*registry.Node
+
+			for _, node := range service.Nodes {
+				// only use nodes tagged with broker http
+				if node.Metadata["broker"] != "http" {
+					continue
+				}
+
+				// look for nodes for the topic
+				if node.Metadata["topic"] != topic {
+					continue
+				}
+
+				nodes = append(nodes, node)
+			}
+
+			// only process if we have nodes
+			if len(nodes) == 0 {
+				continue
+			}
+
+			switch service.Version {
+			// broadcast version means broadcast to all nodes
+			case broadcastVersion:
+				var success bool
+
+				// publish to all nodes
+				for _, node := range nodes {
+					// publish async
+					if err := pub(node, topic, b); err == nil {
+						success = true
+					}
+				}
+
+				// save if it failed to publish at least once
+				if !success {
+					h.saveMessage(topic, b)
+				}
+			default:
+				// select node to publish to
+				node := nodes[rand.Int()%len(nodes)]
+
+				// publish async to one node
+				if err := pub(node, topic, b); err != nil {
+					// if failed save it
+					h.saveMessage(topic, b)
+				}
+			}
+		}
+	}
+
+	// do the rest async
+	go func() {
+		// get a third of the backlog
+		messages := h.getMessage(topic, 8)
+		delay := (len(messages) > 1)
+
+		// publish all the messages
+		for _, msg := range messages {
+			// serialize here
+			srv(s, msg)
+
+			// sending a backlog of messages
+			if delay {
+				time.Sleep(time.Millisecond * 100)
+			}
+		}
+	}()
+
+	return nil
+}
+
+func (h *httpBroker) Subscribe(topic string, handler Handler, opts ...SubscribeOption) (Subscriber, error) {
+	var err error
+	var host, port string
+	options := NewSubscribeOptions(opts...)
+
+	// parse address for host, port
+	host, port, err = net.SplitHostPort(h.Address())
+	if err != nil {
+		return nil, err
+	}
+
+	addr, err := maddr.Extract(host)
+	if err != nil {
+		return nil, err
+	}
+
+	var secure bool
+
+	if h.opts.Secure || h.opts.TLSConfig != nil {
+		secure = true
+	}
+
+	// register service
+	node := &registry.Node{
+		Id:      topic + "-" + h.id,
+		Address: mnet.HostPort(addr, port),
+		Metadata: map[string]string{
+			"secure": fmt.Sprintf("%t", secure),
+			"broker": "http",
+			"topic":  topic,
+		},
+	}
+
+	// check for queue group or broadcast queue
+	version := options.Queue
+	if len(version) == 0 {
+		version = broadcastVersion
+	}
+
+	service := &registry.Service{
+		Name:    serviceName,
+		Version: version,
+		Nodes:   []*registry.Node{node},
+	}
+
+	// generate subscriber
+	subscriber := &httpSubscriber{
+		opts:  options,
+		hb:    h,
+		id:    node.Id,
+		topic: topic,
+		fn:    handler,
+		svc:   service,
+	}
+
+	// subscribe now
+	if err := h.subscribe(subscriber); err != nil {
+		return nil, err
+	}
+
+	// return the subscriber
+	return subscriber, nil
+}
+
+func (h *httpBroker) String() string {
+	return "http"
+}
+
+// NewBroker returns a new http broker
+func NewBroker(opts ...Option) Broker {
+	return newHttpBroker(opts...)
+}
--- a/broker/http/http.go
+++ b/broker/http/http.go
@@ -0,0 +1,11 @@
+// Package http provides a http based message broker
+package http
+
+import (
+	"github.com/micro/go-micro/v2/broker"
+)
+
+// NewBroker returns a new http broker
+func NewBroker(opts ...broker.Option) broker.Broker {
+	return broker.NewBroker(opts...)
+}
--- a/broker/http/options.go
+++ b/broker/http/options.go
@@ -0,0 +1,23 @@
+package http
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/micro/go-micro/v2/broker"
+)
+
+// Handle registers the handler for the given pattern.
+func Handle(pattern string, handler http.Handler) broker.Option {
+	return func(o *broker.Options) {
+		if o.Context == nil {
+			o.Context = context.Background()
+		}
+		handlers, ok := o.Context.Value("http_handlers").(map[string]http.Handler)
+		if !ok {
+			handlers = make(map[string]http.Handler)
+		}
+		handlers[pattern] = handler
+		o.Context = context.WithValue(o.Context, "http_handlers", handlers)
+	}
+}
--- a/broker/http_test.go
+++ b/broker/http_test.go
@@ -0,0 +1,384 @@
+package broker_test
+
+import (
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/micro/go-micro/v2/broker"
+	"github.com/micro/go-micro/v2/registry"
+	"github.com/micro/go-micro/v2/registry/memory"
+)
+
+var (
+	// mock data
+	testData = map[string][]*registry.Service{
+		"foo": {
+			{
+				Name:    "foo",
+				Version: "1.0.0",
+				Nodes: []*registry.Node{
+					{
+						Id:      "foo-1.0.0-123",
+						Address: "localhost:9999",
+					},
+					{
+						Id:      "foo-1.0.0-321",
+						Address: "localhost:9999",
+					},
+				},
+			},
+			{
+				Name:    "foo",
+				Version: "1.0.1",
+				Nodes: []*registry.Node{
+					{
+						Id:      "foo-1.0.1-321",
+						Address: "localhost:6666",
+					},
+				},
+			},
+			{
+				Name:    "foo",
+				Version: "1.0.3",
+				Nodes: []*registry.Node{
+					{
+						Id:      "foo-1.0.3-345",
+						Address: "localhost:8888",
+					},
+				},
+			},
+		},
+	}
+)
+
+func newTestRegistry() registry.Registry {
+	return memory.NewRegistry(memory.Services(testData))
+}
+
+func sub(be *testing.B, c int) {
+	be.StopTimer()
+	m := newTestRegistry()
+
+	b := broker.NewBroker(broker.Registry(m))
+	topic := uuid.New().String()
+
+	if err := b.Init(); err != nil {
+		be.Fatalf("Unexpected init error: %v", err)
+	}
+
+	if err := b.Connect(); err != nil {
+		be.Fatalf("Unexpected connect error: %v", err)
+	}
+
+	msg := &broker.Message{
+		Header: map[string]string{
+			"Content-Type": "application/json",
+		},
+		Body: []byte(`{"message": "Hello World"}`),
+	}
+
+	var subs []broker.Subscriber
+	done := make(chan bool, c)
+
+	for i := 0; i < c; i++ {
+		sub, err := b.Subscribe(topic, func(p broker.Event) error {
+			done <- true
+			m := p.Message()
+
+			if string(m.Body) != string(msg.Body) {
+				be.Fatalf("Unexpected msg %s, expected %s", string(m.Body), string(msg.Body))
+			}
+
+			return nil
+		}, broker.Queue("shared"))
+		if err != nil {
+			be.Fatalf("Unexpected subscribe error: %v", err)
+		}
+		subs = append(subs, sub)
+	}
+
+	for i := 0; i < be.N; i++ {
+		be.StartTimer()
+		if err := b.Publish(topic, msg); err != nil {
+			be.Fatalf("Unexpected publish error: %v", err)
+		}
+		<-done
+		be.StopTimer()
+	}
+
+	for _, sub := range subs {
+		sub.Unsubscribe()
+	}
+
+	if err := b.Disconnect(); err != nil {
+		be.Fatalf("Unexpected disconnect error: %v", err)
+	}
+}
+
+func pub(be *testing.B, c int) {
+	be.StopTimer()
+	m := newTestRegistry()
+	b := broker.NewBroker(broker.Registry(m))
+	topic := uuid.New().String()
+
+	if err := b.Init(); err != nil {
+		be.Fatalf("Unexpected init error: %v", err)
+	}
+
+	if err := b.Connect(); err != nil {
+		be.Fatalf("Unexpected connect error: %v", err)
+	}
+
+	msg := &broker.Message{
+		Header: map[string]string{
+			"Content-Type": "application/json",
+		},
+		Body: []byte(`{"message": "Hello World"}`),
+	}
+
+	done := make(chan bool, c*4)
+
+	sub, err := b.Subscribe(topic, func(p broker.Event) error {
+		done <- true
+		m := p.Message()
+		if string(m.Body) != string(msg.Body) {
+			be.Fatalf("Unexpected msg %s, expected %s", string(m.Body), string(msg.Body))
+		}
+		return nil
+	}, broker.Queue("shared"))
+	if err != nil {
+		be.Fatalf("Unexpected subscribe error: %v", err)
+	}
+
+	var wg sync.WaitGroup
+	ch := make(chan int, c*4)
+	be.StartTimer()
+
+	for i := 0; i < c; i++ {
+		go func() {
+			for range ch {
+				if err := b.Publish(topic, msg); err != nil {
+					be.Fatalf("Unexpected publish error: %v", err)
+				}
+				select {
+				case <-done:
+				case <-time.After(time.Second):
+				}
+				wg.Done()
+			}
+		}()
+	}
+
+	for i := 0; i < be.N; i++ {
+		wg.Add(1)
+		ch <- i
+	}
+
+	wg.Wait()
+	be.StopTimer()
+	sub.Unsubscribe()
+	close(ch)
+	close(done)
+
+	if err := b.Disconnect(); err != nil {
+		be.Fatalf("Unexpected disconnect error: %v", err)
+	}
+}
+
+func TestBroker(t *testing.T) {
+	m := newTestRegistry()
+	b := broker.NewBroker(broker.Registry(m))
+
+	if err := b.Init(); err != nil {
+		t.Fatalf("Unexpected init error: %v", err)
+	}
+
+	if err := b.Connect(); err != nil {
+		t.Fatalf("Unexpected connect error: %v", err)
+	}
+
+	msg := &broker.Message{
+		Header: map[string]string{
+			"Content-Type": "application/json",
+		},
+		Body: []byte(`{"message": "Hello World"}`),
+	}
+
+	done := make(chan bool)
+
+	sub, err := b.Subscribe("test", func(p broker.Event) error {
+		m := p.Message()
+
+		if string(m.Body) != string(msg.Body) {
+			t.Fatalf("Unexpected msg %s, expected %s", string(m.Body), string(msg.Body))
+		}
+
+		close(done)
+		return nil
+	})
+	if err != nil {
+		t.Fatalf("Unexpected subscribe error: %v", err)
+	}
+
+	if err := b.Publish("test", msg); err != nil {
+		t.Fatalf("Unexpected publish error: %v", err)
+	}
+
+	<-done
+	sub.Unsubscribe()
+
+	if err := b.Disconnect(); err != nil {
+		t.Fatalf("Unexpected disconnect error: %v", err)
+	}
+}
+
+func TestConcurrentSubBroker(t *testing.T) {
+	m := newTestRegistry()
+	b := broker.NewBroker(broker.Registry(m))
+
+	if err := b.Init(); err != nil {
+		t.Fatalf("Unexpected init error: %v", err)
+	}
+
+	if err := b.Connect(); err != nil {
+		t.Fatalf("Unexpected connect error: %v", err)
+	}
+
+	msg := &broker.Message{
+		Header: map[string]string{
+			"Content-Type": "application/json",
+		},
+		Body: []byte(`{"message": "Hello World"}`),
+	}
+
+	var subs []broker.Subscriber
+	var wg sync.WaitGroup
+
+	for i := 0; i < 10; i++ {
+		sub, err := b.Subscribe("test", func(p broker.Event) error {
+			defer wg.Done()
+
+			m := p.Message()
+
+			if string(m.Body) != string(msg.Body) {
+				t.Fatalf("Unexpected msg %s, expected %s", string(m.Body), string(msg.Body))
+			}
+
+			return nil
+		})
+		if err != nil {
+			t.Fatalf("Unexpected subscribe error: %v", err)
+		}
+
+		wg.Add(1)
+		subs = append(subs, sub)
+	}
+
+	if err := b.Publish("test", msg); err != nil {
+		t.Fatalf("Unexpected publish error: %v", err)
+	}
+
+	wg.Wait()
+
+	for _, sub := range subs {
+		sub.Unsubscribe()
+	}
+
+	if err := b.Disconnect(); err != nil {
+		t.Fatalf("Unexpected disconnect error: %v", err)
+	}
+}
+
+func TestConcurrentPubBroker(t *testing.T) {
+	m := newTestRegistry()
+	b := broker.NewBroker(broker.Registry(m))
+
+	if err := b.Init(); err != nil {
+		t.Fatalf("Unexpected init error: %v", err)
+	}
+
+	if err := b.Connect(); err != nil {
+		t.Fatalf("Unexpected connect error: %v", err)
+	}
+
+	msg := &broker.Message{
+		Header: map[string]string{
+			"Content-Type": "application/json",
+		},
+		Body: []byte(`{"message": "Hello World"}`),
+	}
+
+	var wg sync.WaitGroup
+
+	sub, err := b.Subscribe("test", func(p broker.Event) error {
+		defer wg.Done()
+
+		m := p.Message()
+
+		if string(m.Body) != string(msg.Body) {
+			t.Fatalf("Unexpected msg %s, expected %s", string(m.Body), string(msg.Body))
+		}
+
+		return nil
+	})
+	if err != nil {
+		t.Fatalf("Unexpected subscribe error: %v", err)
+	}
+
+	for i := 0; i < 10; i++ {
+		wg.Add(1)
+
+		if err := b.Publish("test", msg); err != nil {
+			t.Fatalf("Unexpected publish error: %v", err)
+		}
+	}
+
+	wg.Wait()
+
+	sub.Unsubscribe()
+
+	if err := b.Disconnect(); err != nil {
+		t.Fatalf("Unexpected disconnect error: %v", err)
+	}
+}
+
+func BenchmarkSub1(b *testing.B) {
+	sub(b, 1)
+}
+func BenchmarkSub8(b *testing.B) {
+	sub(b, 8)
+}
+
+func BenchmarkSub32(b *testing.B) {
+	sub(b, 32)
+}
+
+func BenchmarkSub64(b *testing.B) {
+	sub(b, 64)
+}
+
+func BenchmarkSub128(b *testing.B) {
+	sub(b, 128)
+}
+
+func BenchmarkPub1(b *testing.B) {
+	pub(b, 1)
+}
+
+func BenchmarkPub8(b *testing.B) {
+	pub(b, 8)
+}
+
+func BenchmarkPub32(b *testing.B) {
+	pub(b, 32)
+}
+
+func BenchmarkPub64(b *testing.B) {
+	pub(b, 64)
+}
+
+func BenchmarkPub128(b *testing.B) {
+	pub(b, 128)
+}
--- a/broker/memory/memory.go
+++ b/broker/memory/memory.go
@@ -55,7 +55,8 @@ func (m *memoryBroker) Connect() error {
 		return nil
 	}

-	addr, err := maddr.Extract("::")
+	// use 127.0.0.1 to avoid scan of all network interfaces
+	addr, err := maddr.Extract("127.0.0.1")
 	if err != nil {
 		return err
 	}
--- a/broker/nats/nats.go
+++ b/broker/nats/nats.go
@@ -4,19 +4,13 @@ package nats
 import (
 	"context"
 	"errors"
-	"net"
-	"net/url"
-	"strconv"
 	"strings"
 	"sync"
-	"time"

 	"github.com/micro/go-micro/v2/broker"
 	"github.com/micro/go-micro/v2/codec/json"
 	"github.com/micro/go-micro/v2/logger"
 	"github.com/micro/go-micro/v2/registry"
-	"github.com/micro/go-micro/v2/util/addr"
-	"github.com/nats-io/nats-server/v2/server"
 	nats "github.com/nats-io/nats.go"
 )

@@ -35,13 +29,6 @@ type natsBroker struct {
 	// should we drain the connection
 	drain   bool
 	closeCh chan (error)
-
-	// embedded server
-	server *server.Server
-	// configure to use local server
-	local bool
-	// server exit channel
-	exit chan bool
 }

 type subscriber struct {
@@ -108,186 +95,18 @@ func (n *natsBroker) setAddrs(addrs []string) []string {
 		}
 		cAddrs = append(cAddrs, addr)
 	}
-	// if there's no address and we weren't told to
-	// embed a local server then use the default url
-	if len(cAddrs) == 0 && !n.local {
+	if len(cAddrs) == 0 {
 		cAddrs = []string{nats.DefaultURL}
 	}
 	return cAddrs
 }

-// serve stats a local nats server if needed
-func (n *natsBroker) serve(exit chan bool) error {
-	var host string
-	var port int
-	var local bool
-
-	// with no address we just default it
-	// this is a local client address
-	if len(n.addrs) == 0 {
-		// find an advertiseable ip
-		if h, err := addr.Extract(""); err != nil {
-			host = "127.0.0.1"
-		} else {
-			host = h
-		}
-
-		port = -1
-		local = true
-	} else {
-		address := n.addrs[0]
-		if strings.HasPrefix(address, "nats://") {
-			address = strings.TrimPrefix(address, "nats://")
-		}
-
-		// check if its a local address and only then embed
-		if addr.IsLocal(address) {
-			h, p, err := net.SplitHostPort(address)
-			if err == nil {
-				host = h
-				port, _ = strconv.Atoi(p)
-				local = true
-			}
-		}
-	}
-
-	// we only setup a server for local things
-	if !local {
-		return nil
-	}
-
-	// 1. create new server
-	// 2. register the server
-	// 3. connect to other servers
-	var cOpts server.ClusterOpts
-	var routes []*url.URL
-
-	// get existing nats servers to connect to
-	services, err := n.opts.Registry.GetService("go.micro.nats.broker")
-	if err == nil {
-		for _, service := range services {
-			for _, node := range service.Nodes {
-				u, err := url.Parse("nats://" + node.Address)
-				if err != nil {
-					if logger.V(logger.ErrorLevel, logger.DefaultLogger) {
-						logger.Error(err)
-					}
-					continue
-				}
-				// append to the cluster routes
-				routes = append(routes, u)
-			}
-		}
-	}
-
-	// try get existing server
-	s := n.server
-
-	// get a host address
-	caddr, err := addr.Extract("")
-	if err != nil {
-		caddr = "0.0.0.0"
-	}
-
-	// set cluster opts
-	cOpts = server.ClusterOpts{
-		Host: caddr,
-		Port: -1,
-	}
-
-	if s == nil {
-		var err error
-		s, err = server.NewServer(&server.Options{
-			// Specify the host
-			Host: host,
-			// Use a random port
-			Port: port,
-			// Set the cluster ops
-			Cluster: cOpts,
-			// Set the routes
-			Routes:         routes,
-			NoLog:          true,
-			NoSigs:         true,
-			MaxControlLine: 2048,
-			TLSConfig:      n.opts.TLSConfig,
-		})
-		if err != nil {
-			return err
-		}
-
-		// save the server
-		n.server = s
-	}
-
-	// start the server
-	go s.Start()
-
-	var ready bool
-
-	// wait till its ready for connections
-	for i := 0; i < 3; i++ {
-		if s.ReadyForConnections(time.Second) {
-			ready = true
-			break
-		}
-	}
-
-	if !ready {
-		return errors.New("server not ready")
-	}
-
-	// set the client address
-	n.addrs = []string{s.ClientURL()}
-
-	go func() {
-		// register the cluster address
-		for {
-			select {
-			case <-exit:
-				// deregister on exit
-				n.opts.Registry.Deregister(&registry.Service{
-					Name:    "go.micro.nats.broker",
-					Version: "v2",
-					Nodes: []*registry.Node{
-						{Id: s.ID(), Address: s.ClusterAddr().String()},
-					},
-				})
-				s.Shutdown()
-				return
-			default:
-				// register the broker
-				n.opts.Registry.Register(&registry.Service{
-					Name:    "go.micro.nats.broker",
-					Version: "v2",
-					Nodes: []*registry.Node{
-						{Id: s.ID(), Address: s.ClusterAddr().String()},
-					},
-				}, registry.RegisterTTL(time.Minute))
-				time.Sleep(time.Minute)
-			}
-		}
-	}()
-
-	return nil
-}
-
 func (n *natsBroker) Connect() error {
 	n.Lock()
 	defer n.Unlock()

-	if !n.connected {
-		// create exit chan
-		n.exit = make(chan bool)
-
-		// start embedded server if asked to
-		if n.local {
-			if err := n.serve(n.exit); err != nil {
-				return err
-			}
-		}
-
-		// set to connected
-		n.connected = true
+	if n.connected {
+		return nil
 	}

 	status := nats.CLOSED
@@ -297,6 +116,7 @@ func (n *natsBroker) Connect() error {

 	switch status {
 	case nats.CONNECTED, nats.RECONNECTING, nats.CONNECTING:
+		n.connected = true
 		return nil
 	default: // DISCONNECTED or CLOSED or DRAINING
 		opts := n.nopts
@@ -314,13 +134,14 @@ func (n *natsBroker) Connect() error {
 			return err
 		}
 		n.conn = c
+		n.connected = true
 		return nil
 	}
 }

 func (n *natsBroker) Disconnect() error {
-	n.RLock()
-	defer n.RUnlock()
+	n.Lock()
+	defer n.Unlock()

 	// drain the connection if specified
 	if n.drain {
@@ -331,16 +152,6 @@ func (n *natsBroker) Disconnect() error {
 	// close the client connection
 	n.conn.Close()

-	// shutdown the local server
-	// and deregister
-	if n.server != nil {
-		select {
-		case <-n.exit:
-		default:
-			close(n.exit)
-		}
-	}
-
 	// set not connected
 	n.connected = false

@@ -357,19 +168,27 @@ func (n *natsBroker) Options() broker.Options {
 }

 func (n *natsBroker) Publish(topic string, msg *broker.Message, opts ...broker.PublishOption) error {
+	n.RLock()
+	defer n.RUnlock()
+
+	if n.conn == nil {
+		return errors.New("not connected")
+	}
+
 	b, err := n.opts.Codec.Marshal(msg)
 	if err != nil {
 		return err
 	}
-	n.RLock()
-	defer n.RUnlock()
 	return n.conn.Publish(topic, b)
 }

 func (n *natsBroker) Subscribe(topic string, handler broker.Handler, opts ...broker.SubscribeOption) (broker.Subscriber, error) {
+	n.RLock()
 	if n.conn == nil {
+		n.RUnlock()
 		return nil, errors.New("not connected")
 	}
+	n.RUnlock()

 	opt := broker.SubscribeOptions{
 		AutoAck: true,
@@ -441,15 +260,10 @@ func (n *natsBroker) setOption(opts ...broker.Option) {
 		n.nopts = nopts
 	}

-	local, ok := n.opts.Context.Value(localServerKey{}).(bool)
-	if ok {
-		n.local = local
-	}
-
 	// broker.Options have higher priority than nats.Options
 	// only if Addrs, Secure or TLSConfig were not set through a broker.Option
 	// we read them from nats.Option
-	if len(n.opts.Addrs) == 0 && !n.local {
+	if len(n.opts.Addrs) == 0 {
 		n.opts.Addrs = n.nopts.Servers
 	}

--- a/broker/nats/options.go
+++ b/broker/nats/options.go
@@ -7,18 +7,12 @@ import (

 type optionsKey struct{}
 type drainConnectionKey struct{}
-type localServerKey struct{}

 // Options accepts nats.Options
 func Options(opts nats.Options) broker.Option {
 	return setBrokerOption(optionsKey{}, opts)
 }

-// LocalServer embeds a local server rather than connecting to one
-func LocalServer() broker.Option {
-	return setBrokerOption(localServerKey{}, true)
-}
-
 // DrainConnection will drain subscription on close
 func DrainConnection() broker.Option {
 	return setBrokerOption(drainConnectionKey{}, struct{}{})
--- a/broker/options.go
+++ b/broker/options.go
@@ -49,6 +49,13 @@ type Option func(*Options)

 type PublishOption func(*PublishOptions)

+// PublishContext set context
+func PublishContext(ctx context.Context) PublishOption {
+	return func(o *PublishOptions) {
+		o.Context = ctx
+	}
+}
+
 type SubscribeOption func(*SubscribeOptions)

 func NewSubscribeOptions(opts ...SubscribeOption) SubscribeOptions {
--- a/broker/service/proto/broker.pb.micro.go
+++ b/broker/service/proto/broker.pb.micro.go
@@ -11,6 +11,7 @@ import (

 import (
 	context "context"
+	api "github.com/micro/go-micro/v2/api"
 	client "github.com/micro/go-micro/v2/client"
 	server "github.com/micro/go-micro/v2/server"
 )
@@ -27,10 +28,17 @@ var _ = math.Inf
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package

 // Reference imports to suppress errors if they are not otherwise used.
+var _ api.Endpoint
 var _ context.Context
 var _ client.Option
 var _ server.Option

+// Api Endpoints for Broker service
+
+func NewBrokerEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
 // Client API for Broker service

 type BrokerService interface {
--- a/client/grpc/codec.go
+++ b/client/grpc/codec.go
@@ -11,6 +11,7 @@ import (
 	"github.com/golang/protobuf/proto"
 	"github.com/micro/go-micro/v2/codec"
 	"github.com/micro/go-micro/v2/codec/bytes"
+	"github.com/oxtoacart/bpool"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/encoding"
 )
@@ -23,6 +24,9 @@ type wrapCodec struct{ encoding.Codec }
 var jsonpbMarshaler = &jsonpb.Marshaler{}
 var useNumber bool

+// create buffer pool with 16 instances each preallocated with 256 bytes
+var bufferPool = bpool.NewSizedBufferPool(16, 256)
+
 var (
 	defaultGRPCCodecs = map[string]encoding.Codec{
 		"application/json":         jsonCodec{},
@@ -106,14 +110,19 @@ func (bytesCodec) Name() string {
 }

 func (jsonCodec) Marshal(v interface{}) ([]byte, error) {
-	if pb, ok := v.(proto.Message); ok {
-		s, err := jsonpbMarshaler.MarshalToString(pb)
-
-		return []byte(s), err
-	}
 	if b, ok := v.(*bytes.Frame); ok {
 		return b.Data, nil
 	}
+
+	if pb, ok := v.(proto.Message); ok {
+		buf := bufferPool.Get()
+		defer bufferPool.Put(buf)
+		if err := jsonpbMarshaler.Marshal(buf, pb); err != nil {
+			return nil, err
+		}
+		return buf.Bytes(), nil
+	}
+
 	return json.Marshal(v)
 }

--- a/client/grpc/grpc.go
+++ b/client/grpc/grpc.go
@@ -6,12 +6,10 @@ import (
 	"crypto/tls"
 	"fmt"
 	"net"
-	"os"
 	"strings"
 	"sync/atomic"
 	"time"

-	"github.com/micro/go-micro/v2/auth"
 	"github.com/micro/go-micro/v2/broker"
 	"github.com/micro/go-micro/v2/client"
 	"github.com/micro/go-micro/v2/client/selector"
@@ -19,7 +17,7 @@ import (
 	"github.com/micro/go-micro/v2/errors"
 	"github.com/micro/go-micro/v2/metadata"
 	"github.com/micro/go-micro/v2/registry"
-	"github.com/micro/go-micro/v2/util/config"
+	pnet "github.com/micro/go-micro/v2/util/net"

 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -74,27 +72,13 @@ func (g *grpcClient) secure(addr string) grpc.DialOption {
 }

 func (g *grpcClient) next(request client.Request, opts client.CallOptions) (selector.Next, error) {
-	service := request.Service()
-
-	// get proxy
-	if prx := os.Getenv("MICRO_PROXY"); len(prx) > 0 {
-		// default name
-		if prx == "service" {
-			prx = "go.micro.proxy"
-		}
-		service = prx
-	}
-
-	// get proxy address
-	if prx := os.Getenv("MICRO_PROXY_ADDRESS"); len(prx) > 0 {
-		opts.Address = []string{prx}
-	}
+	service, address, _ := pnet.Proxy(request.Service(), opts.Address)

 	// return remote address
-	if len(opts.Address) > 0 {
+	if len(address) > 0 {
 		return func() (*registry.Node, error) {
 			return &registry.Node{
-				Address: opts.Address[0],
+				Address: address[0],
 			}, nil
 		}, nil
 	}
@@ -131,13 +115,6 @@ func (g *grpcClient) call(ctx context.Context, node *registry.Node, req client.R
 	// set the content type for the request
 	header["x-content-type"] = req.ContentType()

-	// set the authorization token if one is saved locally
-	if len(header["authorization"]) == 0 {
-		if token, err := config.Get("token"); err == nil && len(token) > 0 {
-			header["authorization"] = auth.BearerScheme + token
-		}
-	}
-
 	md := gmetadata.New(header)
 	ctx = gmetadata.NewOutgoingContext(ctx, md)

@@ -152,7 +129,6 @@ func (g *grpcClient) call(ctx context.Context, node *registry.Node, req client.R
 	var grr error

 	grpcDialOptions := []grpc.DialOption{
-		grpc.WithDefaultCallOptions(grpc.ForceCodec(cf)),
 		grpc.WithTimeout(opts.DialTimeout),
 		g.secure(address),
 		grpc.WithDefaultCallOptions(
@@ -177,7 +153,9 @@ func (g *grpcClient) call(ctx context.Context, node *registry.Node, req client.R
 	ch := make(chan error, 1)

 	go func() {
-		grpcCallOptions := []grpc.CallOption{grpc.CallContentSubtype(cf.Name())}
+		grpcCallOptions := []grpc.CallOption{
+			grpc.ForceCodec(cf),
+			grpc.CallContentSubtype(cf.Name())}
 		if opts := g.getGrpcCallOptions(); opts != nil {
 			grpcCallOptions = append(grpcCallOptions, opts...)
 		}
@@ -210,7 +188,9 @@ func (g *grpcClient) stream(ctx context.Context, node *registry.Node, req client
 	}

 	// set timeout in nanoseconds
-	header["timeout"] = fmt.Sprintf("%d", opts.RequestTimeout)
+	if opts.StreamTimeout > time.Duration(0) {
+		header["timeout"] = fmt.Sprintf("%d", opts.StreamTimeout)
+	}
 	// set the content type for the request
 	header["x-content-type"] = req.ContentType()

@@ -234,7 +214,6 @@ func (g *grpcClient) stream(ctx context.Context, node *registry.Node, req client
 	wc := wrapCodec{cf}

 	grpcDialOptions := []grpc.DialOption{
-		grpc.WithDefaultCallOptions(grpc.ForceCodec(wc)),
 		grpc.WithTimeout(opts.DialTimeout),
 		g.secure(address),
 	}
@@ -254,7 +233,10 @@ func (g *grpcClient) stream(ctx context.Context, node *registry.Node, req client
 		ServerStreams: true,
 	}

-	grpcCallOptions := []grpc.CallOption{grpc.CallContentSubtype(cf.Name())}
+	grpcCallOptions := []grpc.CallOption{
+		grpc.ForceCodec(wc),
+		grpc.CallContentSubtype(cf.Name()),
+	}
 	if opts := g.getGrpcCallOptions(); opts != nil {
 		grpcCallOptions = append(grpcCallOptions, opts...)
 	}
@@ -638,7 +620,7 @@ func (g *grpcClient) Publish(ctx context.Context, p client.Message, opts ...clie
 	return g.opts.Broker.Publish(topic, &broker.Message{
 		Header: md,
 		Body:   body,
-	})
+	}, broker.PublishContext(options.Context))
 }

 func (g *grpcClient) String() string {
--- a/client/options.go
+++ b/client/options.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"time"

+	"github.com/micro/go-micro/v2/auth"
 	"github.com/micro/go-micro/v2/broker"
 	"github.com/micro/go-micro/v2/client/selector"
 	"github.com/micro/go-micro/v2/codec"
@@ -16,6 +17,7 @@ type Options struct {
 	ContentType string

 	// Plugged interfaces
+	Auth      auth.Auth
 	Broker    broker.Broker
 	Codecs    map[string]codec.NewCodec
 	Registry  registry.Registry
@@ -55,6 +57,10 @@ type CallOptions struct {
 	Retries int
 	// Request/Response timeout
 	RequestTimeout time.Duration
+	// Stream timeout for the stream
+	StreamTimeout time.Duration
+	// Use the services own auth token
+	ServiceToken bool

 	// Middleware for low level call func
 	CallWrappers []CallWrapper
@@ -99,6 +105,7 @@ func NewOptions(options ...Option) Options {
 		},
 		PoolSize:  DefaultPoolSize,
 		PoolTTL:   DefaultPoolTTL,
+		Auth:      auth.DefaultAuth,
 		Broker:    broker.DefaultBroker,
 		Selector:  selector.DefaultSelector,
 		Registry:  registry.DefaultRegistry,
@@ -119,6 +126,13 @@ func Broker(b broker.Broker) Option {
 	}
 }

+// Auth to be used when making a request
+func Auth(a auth.Auth) Option {
+	return func(o *Options) {
+		o.Auth = a
+	}
+}
+
 // Codec to be used to encode/decode requests for a given content type
 func Codec(contentType string, c codec.NewCodec) Option {
 	return func(o *Options) {
@@ -215,6 +229,13 @@ func RequestTimeout(d time.Duration) Option {
 	}
 }

+// StreamTimeout sets the stream timeout
+func StreamTimeout(d time.Duration) Option {
+	return func(o *Options) {
+		o.CallOptions.StreamTimeout = d
+	}
+}
+
 // Transport dial timeout
 func DialTimeout(d time.Duration) Option {
 	return func(o *Options) {
@@ -231,6 +252,13 @@ func WithExchange(e string) PublishOption {
 	}
 }

+// PublishContext sets the context in publish options
+func PublishContext(ctx context.Context) PublishOption {
+	return func(o *PublishOptions) {
+		o.Context = ctx
+	}
+}
+
 // WithAddress sets the remote addresses to use rather than using service discovery
 func WithAddress(a ...string) CallOption {
 	return func(o *CallOptions) {
@@ -283,6 +311,13 @@ func WithRequestTimeout(d time.Duration) CallOption {
 	}
 }

+// WithStreamTimeout sets the stream timeout
+func WithStreamTimeout(d time.Duration) CallOption {
+	return func(o *CallOptions) {
+		o.StreamTimeout = d
+	}
+}
+
 // WithDialTimeout is a CallOption which overrides that which
 // set in Options.CallOptions
 func WithDialTimeout(d time.Duration) CallOption {
@@ -291,6 +326,14 @@ func WithDialTimeout(d time.Duration) CallOption {
 	}
 }

+// WithServiceToken is a CallOption which overrides the
+// authorization header with the services own auth token
+func WithServiceToken() CallOption {
+	return func(o *CallOptions) {
+		o.ServiceToken = true
+	}
+}
+
 func WithMessageContentType(ct string) MessageOption {
 	return func(o *MessageOptions) {
 		o.ContentType = ct
--- a/client/rpc_client.go
+++ b/client/rpc_client.go
@@ -3,7 +3,6 @@ package client
 import (
 	"context"
 	"fmt"
-	"os"
 	"sync/atomic"
 	"time"

@@ -17,6 +16,7 @@ import (
 	"github.com/micro/go-micro/v2/registry"
 	"github.com/micro/go-micro/v2/transport"
 	"github.com/micro/go-micro/v2/util/buf"
+	"github.com/micro/go-micro/v2/util/net"
 	"github.com/micro/go-micro/v2/util/pool"
 )

@@ -198,7 +198,9 @@ func (r *rpcClient) stream(ctx context.Context, node *registry.Node, req Request
 	}

 	// set timeout in nanoseconds
-	msg.Header["Timeout"] = fmt.Sprintf("%d", opts.RequestTimeout)
+	if opts.StreamTimeout > time.Duration(0) {
+		msg.Header["Timeout"] = fmt.Sprintf("%d", opts.StreamTimeout)
+	}
 	// set the content type for the request
 	msg.Header["Content-Type"] = req.ContentType()
 	// set the accept header
@@ -320,46 +322,18 @@ func (r *rpcClient) Options() Options {
 	return r.opts
 }

-// hasProxy checks if we have proxy set in the environment
-func (r *rpcClient) hasProxy() bool {
-	// get proxy
-	if prx := os.Getenv("MICRO_PROXY"); len(prx) > 0 {
-		return true
-	}
-
-	// get proxy address
-	if prx := os.Getenv("MICRO_PROXY_ADDRESS"); len(prx) > 0 {
-		return true
-	}
-
-	return false
-}
-
 // next returns an iterator for the next nodes to call
 func (r *rpcClient) next(request Request, opts CallOptions) (selector.Next, error) {
-	service := request.Service()
-
-	// get proxy
-	if prx := os.Getenv("MICRO_PROXY"); len(prx) > 0 {
-		// default name
-		if prx == "service" {
-			prx = "go.micro.proxy"
-		}
-		service = prx
-	}
-
-	// get proxy address
-	if prx := os.Getenv("MICRO_PROXY_ADDRESS"); len(prx) > 0 {
-		opts.Address = []string{prx}
-	}
+	// try get the proxy
+	service, address, _ := net.Proxy(request.Service(), opts.Address)

 	// return remote address
-	if len(opts.Address) > 0 {
-		nodes := make([]*registry.Node, len(opts.Address))
+	if len(address) > 0 {
+		nodes := make([]*registry.Node, len(address))

-		for i, address := range opts.Address {
+		for i, addr := range address {
 			nodes[i] = &registry.Node{
-				Address: address,
+				Address: addr,
 				// Set the protocol
 				Metadata: map[string]string{
 					"protocol": "mucp",
@@ -459,7 +433,7 @@ func (r *rpcClient) Call(ctx context.Context, request Request, response interfac
 	retries := callOpts.Retries

 	// disable retries when using a proxy
-	if r.hasProxy() {
+	if _, _, ok := net.Proxy(request.Service(), callOpts.Address); ok {
 		retries = 0
 	}

@@ -550,7 +524,7 @@ func (r *rpcClient) Stream(ctx context.Context, request Request, opts ...CallOpt
 	retries := callOpts.Retries

 	// disable retries when using a proxy
-	if r.hasProxy() {
+	if _, _, ok := net.Proxy(request.Service(), callOpts.Address); ok {
 		retries = 0
 	}

@@ -654,7 +628,7 @@ func (r *rpcClient) Publish(ctx context.Context, msg Message, opts ...PublishOpt
 	return r.opts.Broker.Publish(topic, &broker.Message{
 		Header: md,
 		Body:   body,
-	})
+	}, broker.PublishContext(options.Context))
 }

 func (r *rpcClient) NewMessage(topic string, message interface{}, opts ...MessageOption) Message {
--- a/client/selector/default_test.go
+++ b/client/selector/default_test.go
@@ -1,6 +1,7 @@
 package selector

 import (
+	"os"
 	"testing"

 	"github.com/micro/go-micro/v2/registry/memory"
@@ -25,5 +26,7 @@ func TestRegistrySelector(t *testing.T) {
 		counts[node.Id]++
 	}

-	t.Logf("Selector Counts %v", counts)
+	if len(os.Getenv("IN_TRAVIS_CI")) == 0 {
+		t.Logf("Selector Counts %v", counts)
+	}
 }
--- a/client/selector/strategy_test.go
+++ b/client/selector/strategy_test.go
@@ -1,6 +1,7 @@
 package selector

 import (
+	"os"
 	"testing"

 	"github.com/micro/go-micro/v2/registry"
@@ -50,6 +51,8 @@ func TestStrategies(t *testing.T) {
 			counts[node.Id]++
 		}

-		t.Logf("%s: %+v\n", name, counts)
+		if len(os.Getenv("IN_TRAVIS_CI")) == 0 {
+			t.Logf("%s: %+v\n", name, counts)
+		}
 	}
 }
--- a/client/service/proto/client.pb.micro.go
+++ b/client/service/proto/client.pb.micro.go
@@ -11,6 +11,7 @@ import (

 import (
 	context "context"
+	api "github.com/micro/go-micro/v2/api"
 	client "github.com/micro/go-micro/v2/client"
 	server "github.com/micro/go-micro/v2/server"
 )
@@ -27,10 +28,17 @@ var _ = math.Inf
 const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package

 // Reference imports to suppress errors if they are not otherwise used.
+var _ api.Endpoint
 var _ context.Context
 var _ client.Option
 var _ server.Option

+// Api Endpoints for Client service
+
+func NewClientEndpoints() []*api.Endpoint {
+	return []*api.Endpoint{}
+}
+
 // Client API for Client service

 type ClientService interface {
--- a/codec/bytes/marshaler.go
+++ b/codec/bytes/marshaler.go
@@ -1,7 +1,7 @@
 package bytes

 import (
-	"errors"
+	"github.com/micro/go-micro/v2/codec"
 )

 type Marshaler struct{}
@@ -20,7 +20,7 @@ func (n Marshaler) Marshal(v interface{}) ([]byte, error) {
 	case *Message:
 		return ve.Body, nil
 	}
-	return nil, errors.New("invalid message")
+	return nil, codec.ErrInvalidMessage
 }

 func (n Marshaler) Unmarshal(d []byte, v interface{}) error {
@@ -30,7 +30,7 @@ func (n Marshaler) Unmarshal(d []byte, v interface{}) error {
 	case *Message:
 		ve.Body = d
 	}
-	return errors.New("invalid message")
+	return codec.ErrInvalidMessage
 }

 func (n Marshaler) String() string {
--- a/codec/grpc/util.go
+++ b/codec/grpc/util.go
@@ -7,7 +7,7 @@ import (
 )

 var (
-	maxMessageSize = 1024 * 1024 * 4
+	MaxMessageSize = 1024 * 1024 * 4 // 4Mb
 	maxInt         = int(^uint(0) >> 1)
 )

@@ -34,8 +34,8 @@ func decode(r io.Reader) (uint8, []byte, error) {
 	if int64(length) > int64(maxInt) {
 		return cf, nil, fmt.Errorf("grpc: received message larger than max length allowed on current machine (%d vs. %d)", length, maxInt)
 	}
-	if int(length) > maxMessageSize {
-		return cf, nil, fmt.Errorf("grpc: received message larger than max (%d vs. %d)", length, maxMessageSize)
+	if int(length) > MaxMessageSize {
+		return cf, nil, fmt.Errorf("grpc: received message larger than max (%d vs. %d)", length, MaxMessageSize)
 	}

 	msg := make([]byte, int(length))
--- a/codec/json/marshaler.go
+++ b/codec/json/marshaler.go
@@ -1,21 +1,36 @@
 package json

 import (
+	"bytes"
 	"encoding/json"

 	"github.com/golang/protobuf/jsonpb"
 	"github.com/golang/protobuf/proto"
+	"github.com/oxtoacart/bpool"
 )

+var jsonpbMarshaler = &jsonpb.Marshaler{}
+
+// create buffer pool with 16 instances each preallocated with 256 bytes
+var bufferPool = bpool.NewSizedBufferPool(16, 256)
+
 type Marshaler struct{}

 func (j Marshaler) Marshal(v interface{}) ([]byte, error) {
+	if pb, ok := v.(proto.Message); ok {
+		buf := bufferPool.Get()
+		defer bufferPool.Put(buf)
+		if err := jsonpbMarshaler.Marshal(buf, pb); err != nil {
+			return nil, err
+		}
+		return buf.Bytes(), nil
+	}
 	return json.Marshal(v)
 }

 func (j Marshaler) Unmarshal(d []byte, v interface{}) error {
 	if pb, ok := v.(proto.Message); ok {
-		return jsonpb.UnmarshalString(string(d), pb)
+		return jsonpb.Unmarshal(bytes.NewReader(d), pb)
 	}
 	return json.Unmarshal(d, v)
 }
--- a/codec/proto/marshaler.go
+++ b/codec/proto/marshaler.go
@@ -1,17 +1,45 @@
 package proto

 import (
+	"bytes"
+
 	"github.com/golang/protobuf/proto"
+	"github.com/micro/go-micro/v2/codec"
+	"github.com/oxtoacart/bpool"
 )

+// create buffer pool with 16 instances each preallocated with 256 bytes
+var bufferPool = bpool.NewSizedBufferPool(16, 256)
+
 type Marshaler struct{}

 func (Marshaler) Marshal(v interface{}) ([]byte, error) {
-	return proto.Marshal(v.(proto.Message))
+	pb, ok := v.(proto.Message)
+	if !ok {
+		return nil, codec.ErrInvalidMessage
+	}
+
+	// looks not good, but allows to reuse underlining bytes
+	buf := bufferPool.Get()
+	pbuf := proto.NewBuffer(buf.Bytes())
+	defer func() {
+		bufferPool.Put(bytes.NewBuffer(pbuf.Bytes()))
+	}()
+
+	if err := pbuf.Marshal(pb); err != nil {
+		return nil, err
+	}
+
+	return pbuf.Bytes(), nil
 }

 func (Marshaler) Unmarshal(data []byte, v interface{}) error {
-	return proto.Unmarshal(data, v.(proto.Message))
+	pb, ok := v.(proto.Message)
+	if !ok {
+		return codec.ErrInvalidMessage
+	}
+
+	return proto.Unmarshal(data, pb)
 }

 func (Marshaler) String() string {
--- a/codec/proto/message.go
+++ b/codec/proto/message.go
@@ -0,0 +1,37 @@
+package proto
+
+type Message struct {
+	Data []byte
+}
+
+func (m *Message) MarshalJSON() ([]byte, error) {
+	return m.Data, nil
+}
+
+func (m *Message) UnmarshalJSON(data []byte) error {
+	m.Data = data
+	return nil
+}
+
+func (m *Message) ProtoMessage() {}
+
+func (m *Message) Reset() {
+	*m = Message{}
+}
+
+func (m *Message) String() string {
+	return string(m.Data)
+}
+
+func (m *Message) Marshal() ([]byte, error) {
+	return m.Data, nil
+}
+
+func (m *Message) Unmarshal(data []byte) error {
+	m.Data = data
+	return nil
+}
+
+func NewMessage(data []byte) *Message {
+	return &Message{data}
+}
--- a/config/cmd/cmd.go
+++ b/config/cmd/cmd.go
@@ -36,13 +36,13 @@ import (
 	smucp "github.com/micro/go-micro/v2/server/mucp"

 	// brokers
+	brokerHttp "github.com/micro/go-micro/v2/broker/http"
 	"github.com/micro/go-micro/v2/broker/memory"
 	"github.com/micro/go-micro/v2/broker/nats"
 	brokerSrv "github.com/micro/go-micro/v2/broker/service"

 	// registries
 	"github.com/micro/go-micro/v2/registry/etcd"
-	kreg "github.com/micro/go-micro/v2/registry/kubernetes"
 	"github.com/micro/go-micro/v2/registry/mdns"
 	rmem "github.com/micro/go-micro/v2/registry/memory"
 	regSrv "github.com/micro/go-micro/v2/registry/service"
@@ -70,6 +70,7 @@ import (
 	memTracer "github.com/micro/go-micro/v2/debug/trace/memory"

 	// auth
+	jwtAuth "github.com/micro/go-micro/v2/auth/jwt"
 	svcAuth "github.com/micro/go-micro/v2/auth/service"

 	// auth providers
@@ -225,9 +226,14 @@ var (
 			Usage:   "Comma-separated list of store addresses",
 		},
 		&cli.StringFlag{
-			Name:    "store_namespace",
-			EnvVars: []string{"MICRO_STORE_NAMESPACE"},
-			Usage:   "Namespace for store data",
+			Name:    "store_database",
+			EnvVars: []string{"MICRO_STORE_DATABASE"},
+			Usage:   "Database option for the underlying store",
+		},
+		&cli.StringFlag{
+			Name:    "store_table",
+			EnvVars: []string{"MICRO_STORE_TABLE"},
+			Usage:   "Table option for the underlying store",
 		},
 		&cli.StringFlag{
 			Name:    "transport",
@@ -255,9 +261,14 @@ var (
 			Usage:   "Auth for role based access control, e.g. service",
 		},
 		&cli.StringFlag{
-			Name:    "auth_token",
-			EnvVars: []string{"MICRO_AUTH_TOKEN"},
-			Usage:   "Auth token used for client authentication",
+			Name:    "auth_id",
+			EnvVars: []string{"MICRO_AUTH_ID"},
+			Usage:   "Account ID used for client authentication",
+		},
+		&cli.StringFlag{
+			Name:    "auth_secret",
+			EnvVars: []string{"MICRO_AUTH_SECRET"},
+			Usage:   "Account secret used for client authentication",
 		},
 		&cli.StringFlag{
 			Name:    "auth_public_key",
@@ -310,6 +321,7 @@ var (
 		"service": brokerSrv.NewBroker,
 		"memory":  memory.NewBroker,
 		"nats":    nats.NewBroker,
+		"http":    brokerHttp.NewBroker,
 	}

 	DefaultClients = map[string]func(...client.Option) client.Client{
@@ -318,11 +330,10 @@ var (
 	}

 	DefaultRegistries = map[string]func(...registry.Option) registry.Registry{
-		"service":    regSrv.NewRegistry,
-		"etcd":       etcd.NewRegistry,
-		"mdns":       mdns.NewRegistry,
-		"memory":     rmem.NewRegistry,
-		"kubernetes": kreg.NewRegistry,
+		"service": regSrv.NewRegistry,
+		"etcd":    etcd.NewRegistry,
+		"mdns":    mdns.NewRegistry,
+		"memory":  rmem.NewRegistry,
 	}

 	DefaultSelectors = map[string]func(...selector.Option) selector.Selector{
@@ -359,6 +370,7 @@ var (

 	DefaultAuths = map[string]func(...auth.Option) auth.Auth{
 		"service": svcAuth.NewAuth,
+		"jwt":     jwtAuth.NewAuth,
 	}

 	DefaultAuthProviders = map[string]func(...provider.Option) provider.Provider{
@@ -488,6 +500,8 @@ func (c *cmd) Before(ctx *cli.Context) error {
 		}

 		*c.opts.Auth = a()
+		clientOpts = append(clientOpts, client.Auth(*c.opts.Auth))
+		serverOpts = append(serverOpts, server.Auth(*c.opts.Auth))
 	}

 	// Set the profile
@@ -615,9 +629,15 @@ func (c *cmd) Before(ctx *cli.Context) error {
 		}
 	}

-	if len(ctx.String("store_namespace")) > 0 {
-		if err := (*c.opts.Store).Init(store.Namespace(ctx.String("store_namespace"))); err != nil {
-			logger.Fatalf("Error configuring store: %v", err)
+	if len(ctx.String("store_database")) > 0 {
+		if err := (*c.opts.Store).Init(store.Database(ctx.String("store_database"))); err != nil {
+			logger.Fatalf("Error configuring store database option: %v", err)
+		}
+	}
+
+	if len(ctx.String("store_table")) > 0 {
+		if err := (*c.opts.Store).Init(store.Table(ctx.String("store_table"))); err != nil {
+			logger.Fatalf("Error configuring store table option: %v", err)
 		}
 	}

@@ -655,14 +675,15 @@ func (c *cmd) Before(ctx *cli.Context) error {
 		}
 	}

-	if len(ctx.String("auth_token")) > 0 {
-		authOpts = append(authOpts, auth.ServiceToken(ctx.String("auth_token")))
+	if len(ctx.String("auth_id")) > 0 || len(ctx.String("auth_secret")) > 0 {
+		authOpts = append(authOpts, auth.Credentials(
+			ctx.String("auth_id"), ctx.String("auth_secret"),
+		))
 	}

 	if len(ctx.String("auth_public_key")) > 0 {
 		authOpts = append(authOpts, auth.PublicKey(ctx.String("auth_public_key")))
 	}
-
 	if len(ctx.String("auth_private_key")) > 0 {
 		authOpts = append(authOpts, auth.PrivateKey(ctx.String("auth_private_key")))
 	}
--- a/config/cmd/options.go
+++ b/config/cmd/options.go
@@ -118,6 +118,12 @@ func Server(s *server.Server) Option {
 	}
 }

+func Store(s *store.Store) Option {
+	return func(o *Options) {
+		o.Store = s
+	}
+}
+
 func Tracer(t *trace.Tracer) Option {
 	return func(o *Options) {
 		o.Tracer = t
--- a/config/config.go
+++ b/config/config.go
@@ -16,6 +16,8 @@ type Config interface {
 	reader.Values
 	// Init the config
 	Init(opts ...Option) error
+	// Options in the config
+	Options() Options
 	// Stop the config loader/watcher
 	Close() error
 	// Load config sources
--- a/config/default.go
+++ b/config/default.go
@@ -67,6 +67,10 @@ func (c *config) Init(opts ...Option) error {
 	return nil
 }

+func (c *config) Options() Options {
+	return c.opts
+}
+
 func (c *config) run() {
 	watch := func(w loader.Watcher) error {
 		for {
--- a/config/secrets/box/box.go
+++ b/config/secrets/box/box.go
@@ -18,8 +18,8 @@ type box struct {
 	privateKey [keyLength]byte
 }

-// NewCodec returns a nacl-box codec
-func NewCodec(opts ...secrets.Option) secrets.Codec {
+// NewSecrets returns a nacl-box codec
+func NewSecrets(opts ...secrets.Option) secrets.Secrets {
 	b := &box{}
 	for _, o := range opts {
 		o(&b.options)
--- a/config/secrets/box/box_test.go
+++ b/config/secrets/box/box_test.go
@@ -18,7 +18,7 @@ func TestBox(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	alice, bob := NewCodec(secrets.PublicKey(alicePublicKey[:]), secrets.PrivateKey(alicePrivateKey[:])), NewCodec()
+	alice, bob := NewSecrets(secrets.PublicKey(alicePublicKey[:]), secrets.PrivateKey(alicePrivateKey[:])), NewSecrets()
 	if err := alice.Init(); err != nil {
 		t.Error(err)
 	}
@@ -57,6 +57,9 @@ func TestBox(t *testing.T) {
 		t.Error(err)
 	}
 	dec, err = alice.Decrypt(enc, secrets.SenderPublicKey(bob.Options().PublicKey))
+	if err != nil {
+		t.Error(err)
+	}
 	if !reflect.DeepEqual(dec, bobSecret) {
 		t.Errorf("Alice's decrypted message didn't match Bob's encrypted message %v != %v", bobSecret, dec)
 	}
--- a/config/secrets/secretbox/secretbox.go
+++ b/config/secrets/secretbox/secretbox.go
@@ -18,8 +18,8 @@ type secretBox struct {
 	secretKey [keyLength]byte
 }

-// NewCodec returns a secretbox codec
-func NewCodec(opts ...secrets.Option) secrets.Codec {
+// NewSecrets returns a secretbox codec
+func NewSecrets(opts ...secrets.Option) secrets.Secrets {
 	sb := &secretBox{}
 	for _, o := range opts {
 		o(&sb.options)
@@ -31,13 +31,13 @@ func (s *secretBox) Init(opts ...secrets.Option) error {
 	for _, o := range opts {
 		o(&s.options)
 	}
-	if len(s.options.SecretKey) == 0 {
+	if len(s.options.Key) == 0 {
 		return errors.New("no secret key is defined")
 	}
-	if len(s.options.SecretKey) != keyLength {
+	if len(s.options.Key) != keyLength {
 		return errors.Errorf("secret key must be %d bytes long", keyLength)
 	}
-	copy(s.secretKey[:], s.options.SecretKey)
+	copy(s.secretKey[:], s.options.Key)
 	return nil
 }

--- a/config/secrets/secretbox/secretbox_test.go
+++ b/config/secrets/secretbox/secretbox_test.go
@@ -14,21 +14,21 @@ func TestSecretBox(t *testing.T) {
 		t.Fatal(err)
 	}

-	s := NewCodec()
+	s := NewSecrets()

 	if err := s.Init(); err == nil {
 		t.Error("Secretbox accepted an empty secret key")
 	}
-	if err := s.Init(secrets.SecretKey([]byte("invalid"))); err == nil {
+	if err := s.Init(secrets.Key([]byte("invalid"))); err == nil {
 		t.Error("Secretbox accepted a secret key that is invalid")
 	}

-	if err := s.Init(secrets.SecretKey(secretKey)); err != nil {
+	if err := s.Init(secrets.Key(secretKey)); err != nil {
 		t.Fatal(err)
 	}

 	o := s.Options()
-	if !reflect.DeepEqual(o.SecretKey, secretKey) {
+	if !reflect.DeepEqual(o.Key, secretKey) {
 		t.Error("Init() didn't set secret key correctly")
 	}
 	if s.String() != "nacl-secretbox" {
--- a/config/secrets/secrets.go
+++ b/config/secrets/secrets.go
@@ -3,33 +3,39 @@ package secrets

 import "context"

-// Codec encrypts or decrypts arbitrary data. The data should be as small as possible
-type Codec interface {
+// Secrets encrypts or decrypts arbitrary data. The data should be as small as possible
+type Secrets interface {
+	// Initialise options
 	Init(...Option) error
+	// Return the options
 	Options() Options
-	String() string
+	// Decrypt a value
 	Decrypt([]byte, ...DecryptOption) ([]byte, error)
+	// Encrypt a value
 	Encrypt([]byte, ...EncryptOption) ([]byte, error)
+	// Secrets implementation
+	String() string
 }

-// Options is a codec's options
-// SecretKey or both PublicKey and PrivateKey should be set depending on the
-// underlying implementation
 type Options struct {
-	SecretKey  []byte
+	// Key is a symmetric key for encoding
+	Key []byte
+	// Private key for decoding
 	PrivateKey []byte
-	PublicKey  []byte
-	Context    context.Context
+	// Public key for encoding
+	PublicKey []byte
+	// Context for other opts
+	Context context.Context
 }

 // Option sets options
 type Option func(*Options)

-// SecretKey sets the symmetric secret key
-func SecretKey(key []byte) Option {
+// Key sets the symmetric secret key
+func Key(k []byte) Option {
 	return func(o *Options) {
-		o.SecretKey = make([]byte, len(key))
-		copy(o.SecretKey, key)
+		o.Key = make([]byte, len(k))
+		copy(o.Key, k)
 	}
 }

@@ -49,7 +55,7 @@ func PrivateKey(key []byte) Option {
 	}
 }

-// DecryptOptions can be passed to Codec.Decrypt
+// DecryptOptions can be passed to Secrets.Decrypt
 type DecryptOptions struct {
 	SenderPublicKey []byte
 }
@@ -57,7 +63,7 @@ type DecryptOptions struct {
 // DecryptOption sets DecryptOptions
 type DecryptOption func(*DecryptOptions)

-// SenderPublicKey is the Public Key of the Codec that encrypted this message
+// SenderPublicKey is the Public Key of the Secrets that encrypted this message
 func SenderPublicKey(key []byte) DecryptOption {
 	return func(d *DecryptOptions) {
 		d.SenderPublicKey = make([]byte, len(key))
@@ -65,7 +71,7 @@ func SenderPublicKey(key []byte) DecryptOption {
 	}
 }

-// EncryptOptions can be passed to Codec.Encrypt
+// EncryptOptions can be passed to Secrets.Encrypt
 type EncryptOptions struct {
 	RecipientPublicKey []byte
 }
@@ -73,7 +79,7 @@ type EncryptOptions struct {
 // EncryptOption Sets EncryptOptions
 type EncryptOption func(*EncryptOptions)

-// RecipientPublicKey is the Public Key of the Codec that will decrypt this message
+// RecipientPublicKey is the Public Key of the Secrets that will decrypt this message
 func RecipientPublicKey(key []byte) EncryptOption {
 	return func(e *EncryptOptions) {
 		e.RecipientPublicKey = make([]byte, len(key))
--- a/config/source/file/file_test.go
+++ b/config/source/file/file_test.go
@@ -59,8 +59,8 @@ func TestFile(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	t.Logf("%+v", c)
 	if string(c.Data) != string(data) {
+		t.Logf("%+v", c)
 		t.Error("data from file does not match")
 	}
 }
--- a/Show More
+++ b/Show More