diff --git a/Cargo.lock b/Cargo.lock
index 1c7630195..4c477ef01 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -267,9 +267,9 @@ dependencies = [
 
 [[package]]
 name = "async-graphql"
-version = "7.0.12"
+version = "7.0.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "10db7e8b2042f8d7ebcfebc482622411c23f88f3e9cd7fac74465b78fdab65f0"
+checksum = "59fd6bd734afb8b6e4d0f84a3e77305ce0a7ccc60d70f6001cb5e1c3f38d8ff1"
 dependencies = [
  "async-graphql-derive",
  "async-graphql-parser",
@@ -303,9 +303,9 @@ dependencies = [
 
 [[package]]
 name = "async-graphql-axum"
-version = "7.0.12"
+version = "7.0.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "862e8fc78b34a118a8cf5133e7e0194f728a0b844ea842d14aed7e5705320954"
+checksum = "ec8c1bb47161c37286e40e2fa58055e97b2a2b6cf1022a6686967e10636fa5d7"
 dependencies = [
  "async-graphql",
  "async-trait",
@@ -321,9 +321,9 @@ dependencies = [
 
 [[package]]
 name = "async-graphql-derive"
-version = "7.0.12"
+version = "7.0.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ad560d871a344178c35568a15be1bbb40cbcaced57838bf2eb1f654802000df7"
+checksum = "ac38b4dd452d529d6c0248b51df23603f0a875770352e26ae8c346ce6c149b3e"
 dependencies = [
  "Inflector",
  "async-graphql-parser",
@@ -338,9 +338,9 @@ dependencies = [
 
 [[package]]
 name = "async-graphql-parser"
-version = "7.0.12"
+version = "7.0.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1df338e3e6469f86cce1e2b0226644e9fd82ec04790e199f8dd06416632d89ea"
+checksum = "42d271ddda2f55b13970928abbcbc3423cfc18187c60e8769b48f21a93b7adaa"
 dependencies = [
  "async-graphql-value",
  "pest",
@@ -350,9 +350,9 @@ dependencies = [
 
 [[package]]
 name = "async-graphql-value"
-version = "7.0.12"
+version = "7.0.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d4cffd8bb84bc7895672c4e9b71d21e35526ffd645a29aedeed165a3f4a7ba9b"
+checksum = "aefe909173a037eaf3281b046dc22580b59a38b765d7b8d5116f2ffef098048d"
 dependencies = [
  "bytes",
  "indexmap 2.7.0",
@@ -485,10 +485,10 @@ dependencies = [
  "serde_path_to_error",
  "serde_urlencoded",
  "sha1",
- "sync_wrapper 1.0.2",
+ "sync_wrapper",
  "tokio",
  "tokio-tungstenite",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tower-layer",
  "tower-service",
  "tracing",
@@ -509,7 +509,7 @@ dependencies = [
  "mime",
  "pin-project-lite",
  "rustversion",
- "sync_wrapper 1.0.2",
+ "sync_wrapper",
  "tower-layer",
  "tower-service",
  "tracing",
@@ -536,7 +536,7 @@ dependencies = [
  "pin-project-lite",
  "serde",
  "serde_html_form",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tower-layer",
  "tower-service",
 ]
@@ -1433,7 +1433,7 @@ dependencies = [
  "http",
  "pin-project-lite",
  "rand 0.8.5",
- "tower 0.5.1",
+ "tower 0.5.2",
  "triomphe",
  "zeroize",
 ]
@@ -3322,7 +3322,7 @@ dependencies = [
  "time",
  "tokio",
  "tokio-util",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tower-http",
  "tower-http-digest",
  "tower-stop-using-brave",
@@ -3373,7 +3373,7 @@ dependencies = [
  "sonic-rs",
  "speedy-uuid",
  "tokio",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tracing",
  "triomphe",
  "typed-builder",
@@ -3553,7 +3553,7 @@ dependencies = [
  "garde",
  "http",
  "sonic-rs",
- "sync_wrapper 1.0.2",
+ "sync_wrapper",
  "tracing",
 ]
 
@@ -3612,7 +3612,7 @@ dependencies = [
  "simdutf8",
  "sonic-rs",
  "tokio",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tower-http",
 ]
 
@@ -3845,7 +3845,7 @@ dependencies = [
  "speedy-uuid",
  "tempfile",
  "tokio",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tracing",
  "triomphe",
  "typed-builder",
@@ -3955,7 +3955,7 @@ dependencies = [
  "sonic-rs",
  "tempfile",
  "tokio",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tracing",
  "tracing-subscriber",
  "triomphe",
@@ -3983,7 +3983,7 @@ dependencies = [
  "pretty_assertions",
  "sonic-rs",
  "tokio",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tracing",
  "triomphe",
  "urlencoding",
@@ -4090,9 +4090,9 @@ dependencies = [
 
 [[package]]
 name = "lexical-util"
-version = "1.0.5"
+version = "1.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ee72ef7886d94f30741743126c1ec123564749ee339281b9834d0e913f2d40fe"
+checksum = "5a82e24bf537fd24c177ffbbdc6ebcc8d54732c35b50a3f28cc3f4e4c949a0b3"
 dependencies = [
  "static_assertions",
 ]
@@ -5574,9 +5574,9 @@ dependencies = [
 
 [[package]]
 name = "redb"
-version = "2.2.0"
+version = "2.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "84b1de48a7cf7ba193e81e078d17ee2b786236eed1d3f7c60f8a09545efc4925"
+checksum = "a7c2a94325f9c5826b17c42af11067230f503747f870117a28180e85696e21ba"
 dependencies = [
  "libc",
  "log",
@@ -6160,9 +6160,9 @@ dependencies = [
 
 [[package]]
 name = "serde"
-version = "1.0.215"
+version = "1.0.216"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6513c1ad0b11a9376da888e3e0baa0077f1aed55c17f50e7b2397136129fb88f"
+checksum = "0b9781016e935a97e8beecf0c933758c97a5520d32930e460142b4cd80c6338e"
 dependencies = [
  "serde_derive",
 ]
@@ -6179,9 +6179,9 @@ dependencies = [
 
 [[package]]
 name = "serde_derive"
-version = "1.0.215"
+version = "1.0.216"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ad1e866f866923f252f05c889987993144fb74e722403468a4ebd70c3cd756c0"
+checksum = "46f859dbbf73865c6627ed570e78961cd3ac92407a2d117204c49232485da55e"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -6679,12 +6679,6 @@ dependencies = [
  "unicode-ident",
 ]
 
-[[package]]
-name = "sync_wrapper"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160"
-
 [[package]]
 name = "sync_wrapper"
 version = "1.0.2"
@@ -7138,14 +7132,14 @@ dependencies = [
 
 [[package]]
 name = "tower"
-version = "0.5.1"
+version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2873938d487c3cfb9aed7546dc9f2711d867c9f90c46b889989a2cb84eba6b4f"
+checksum = "d039ad9159c98b70ecfd540b2573b97f7f52c3e8d9f8ad57a24b916a536975f9"
 dependencies = [
  "futures-core",
  "futures-util",
  "pin-project-lite",
- "sync_wrapper 0.1.2",
+ "sync_wrapper",
  "tokio",
  "tower-layer",
  "tower-service",
@@ -7175,7 +7169,7 @@ dependencies = [
  "pin-project-lite",
  "tokio",
  "tokio-util",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tower-layer",
  "tower-service",
  "tracing",
@@ -7197,7 +7191,7 @@ dependencies = [
  "pin-project-lite",
  "sha2",
  "subtle",
- "tower 0.5.1",
+ "tower 0.5.2",
  "tracing",
 ]
 
@@ -7221,7 +7215,7 @@ dependencies = [
  "futures-test",
  "http",
  "regex",
- "tower 0.5.1",
+ "tower 0.5.2",
 ]
 
 [[package]]
@@ -7232,7 +7226,7 @@ dependencies = [
  "http",
  "itertools 0.13.0",
  "pin-project-lite",
- "tower 0.5.1",
+ "tower 0.5.2",
  "triomphe",
 ]
 
diff --git a/Cargo.toml b/Cargo.toml
index 58ba0cb56..6bdc123d3 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -85,14 +85,14 @@ aliri_braid = "0.4.0"
 arc-swap = "1.7.1"
 argh = "0.1.12"
 argon2 = { version = "0.5.3", features = ["std"] }
-async-graphql = { version = "7.0.12", default-features = false, features = [
+async-graphql = { version = "7.0.13", default-features = false, features = [
     "graphiql",
     "tempfile",
     "time",
     "tracing",
     "uuid",
 ] }
-async-graphql-axum = "7.0.12"
+async-graphql-axum = "7.0.13"
 async-trait = "0.1.83"
 asynk-strim = "0.1.2"
 axum = { version = "0.7.9", features = ["macros", "multipart"] }
@@ -273,7 +273,7 @@ quote = "1.0.37"
 rand = "0.8.5"
 rand_xorshift = "0.3.0"
 rayon = "1.10.0"
-redb = { version = "2.2.0", features = ["logging"] }
+redb = { version = "2.3.0", features = ["logging"] }
 regex = "1.11.1"
 retry-policies = "0.4.0"
 ring = { version = "0.17.8", features = ["std"] }
@@ -296,7 +296,7 @@ sailfish = { version = "0.9.0", default-features = false, features = [
 schemars = { version = "1.0.0-alpha.17", features = ["semver1"] }
 scoped-futures = { version = "0.1.4", default-features = false }
 semver = { version = "1.0.23", features = ["serde"] }
-serde = { version = "1.0.215", features = ["derive"] }
+serde = { version = "1.0.216", features = ["derive"] }
 serde_json = "1.0.133"
 serde_test = "1.0.177"
 serde_urlencoded = "0.7.1"
@@ -321,7 +321,7 @@ tokio-postgres = "0.7.12"
 tokio-postgres-rustls = "0.13.0"
 tokio-util = { version = "0.7.13", features = ["io", "rt"] }
 toml = { version = "0.8.19", default-features = false, features = ["parse"] }
-tower = { version = "0.5.1", default-features = false, features = ["util"] }
+tower = { version = "0.5.2", default-features = false, features = ["util"] }
 tower-http = { version = "0.6.2", features = [
     "catch-panic",
     "cors",
diff --git a/lib/komainu/src/lib.rs b/lib/komainu/src/lib.rs
index f184dca26..cd2bcfa59 100644
--- a/lib/komainu/src/lib.rs
+++ b/lib/komainu/src/lib.rs
@@ -32,10 +32,10 @@ impl<T> OptionExt<T> for Option<T> {
 // Because we use native async traits where needed, we can't box the traits (not that we want to), so at least the compiler can inline stuff well
 
 pub struct Client<'a> {
-    client_id: &'a str,
-    client_secret: &'a str,
-    scopes: Cow<'a, [Cow<'a, str>]>,
-    redirect_uri: Cow<'a, str>,
+    pub client_id: &'a str,
+    pub client_secret: &'a str,
+    pub scopes: Cow<'a, [Cow<'a, str>]>,
+    pub redirect_uri: Cow<'a, str>,
 }
 
 pub trait ClientExtractor {
@@ -46,8 +46,15 @@ pub trait ClientExtractor {
     ) -> impl Future<Output = Result<Client<'_>>> + Send;
 }
 
-pub struct AuthorizerExtractor<CE> {
-    client_extractor: CE,
+pub trait AuthIssuer {
+    type UserId;
+
+    fn issue_code(
+        &self,
+        user_id: Self::UserId,
+        client_id: &str,
+        scopes: &[&str],
+    ) -> impl Future<Output = Result<String>> + Send;
 }
 
 #[derive(AsRefStr)]
@@ -71,15 +78,25 @@ fn get_from_either<'a>(
     left.get(key).or_else(|| right.get(key)).map(|item| &**item)
 }
 
-impl<CE> AuthorizerExtractor<CE>
+pub struct AuthorizerExtractor<AI, CE> {
+    // pls do not use ai for this, even if the type alias implies it.
+    // kthx bestie. bussi aufs bauchi.
+    auth_issuer: AI,
+    client_extractor: CE,
+}
+
+impl<AI, CE> AuthorizerExtractor<AI, CE>
 where
     CE: ClientExtractor,
 {
-    pub fn new(client_extractor: CE) -> Self {
-        Self { client_extractor }
+    pub fn new(auth_issuer: AI, client_extractor: CE) -> Self {
+        Self {
+            auth_issuer,
+            client_extractor,
+        }
     }
 
-    pub async fn extract<'a>(&'a self, req: &'a http::Request<()>) -> Result<Authorizer<'a>> {
+    pub async fn extract<'a>(&'a self, req: &'a http::Request<()>) -> Result<Authorizer<'a, AI>> {
         let query: ParamStorage<&str, &str> =
             serde_urlencoded::from_str(req.uri().query().or_missing_param()?)
                 .map_err(Error::query)?;
@@ -123,6 +140,7 @@ where
         }
 
         Ok(Authorizer {
+            auth_issuer: &self.auth_issuer,
             client,
             query,
             state,
@@ -130,13 +148,17 @@ where
     }
 }
 
-pub struct Authorizer<'a> {
+pub struct Authorizer<'a, AI> {
+    auth_issuer: &'a AI,
     client: Client<'a>,
     query: ParamStorage<&'a str, &'a str>,
     state: Option<&'a str>,
 }
 
-impl<'a> Authorizer<'a> {
+impl<'a, AI> Authorizer<'a, AI>
+where
+    AI: AuthIssuer,
+{
     pub fn client(&self) -> &Client<'a> {
         &self.client
     }
@@ -145,11 +167,17 @@ impl<'a> Authorizer<'a> {
         &self.query
     }
 
-    pub async fn accept<UID>(self, user_id: UID) -> http::Response<()> {
+    pub async fn accept(self, user_id: AI::UserId, scopes: &[&str]) -> http::Response<()> {
         // TODO: Call an issuer to issue an access token for a particular user
         // Construct the callback url
         // Construct a redirect HTTP response UwU
 
+        let code = self
+            .auth_issuer
+            .issue_code(user_id, self.client.client_id, scopes)
+            .await
+            .unwrap();
+
         todo!();
     }