but even then, if you don't incorporate some sort of expiry, you'd be re-running some auth process for every run. maybe you could make that very cheap, but... maybe not.