diff --git a/internal/imports/imports_linux.go b/internal/imports/imports_linux.go
index 317780c..cdcf4b5 100644
--- a/internal/imports/imports_linux.go
+++ b/internal/imports/imports_linux.go
@@ -19,6 +19,7 @@ import (
 	_ "github.com/networkservicemesh/sdk/pkg/networkservice/common/mechanisms"
 	_ "github.com/networkservicemesh/sdk/pkg/networkservice/core/next"
 	_ "github.com/networkservicemesh/sdk/pkg/registry/chains/client"
+	_ "github.com/networkservicemesh/sdk/pkg/registry/common/authorize"
 	_ "github.com/networkservicemesh/sdk/pkg/registry/common/begin"
 	_ "github.com/networkservicemesh/sdk/pkg/registry/common/clientinfo"
 	_ "github.com/networkservicemesh/sdk/pkg/registry/common/expire"
@@ -34,6 +35,7 @@ import (
 	_ "github.com/networkservicemesh/sdk/pkg/tools/opentelemetry"
 	_ "github.com/networkservicemesh/sdk/pkg/tools/spiffejwt"
 	_ "github.com/networkservicemesh/sdk/pkg/tools/spire"
+	_ "github.com/networkservicemesh/sdk/pkg/tools/token"
 	_ "github.com/networkservicemesh/sdk/pkg/tools/tracing"
 	_ "github.com/pkg/errors"
 	_ "github.com/sirupsen/logrus"
diff --git a/main.go b/main.go
index 3733ebd..342da62 100644
--- a/main.go
+++ b/main.go
@@ -46,6 +46,7 @@ import (
 	"github.com/networkservicemesh/sdk/pkg/networkservice/common/authorize"
 	"github.com/networkservicemesh/sdk/pkg/networkservice/common/mechanisms"
 	registryclient "github.com/networkservicemesh/sdk/pkg/registry/chains/client"
+	registryauthorize "github.com/networkservicemesh/sdk/pkg/registry/common/authorize"
 	"github.com/networkservicemesh/sdk/pkg/registry/common/clientinfo"
 	"github.com/networkservicemesh/sdk/pkg/registry/common/sendfd"
 	"github.com/networkservicemesh/sdk/pkg/tools/debug"
@@ -54,6 +55,7 @@ import (
 	"github.com/networkservicemesh/sdk/pkg/tools/log/logruslogger"
 	"github.com/networkservicemesh/sdk/pkg/tools/opentelemetry"
 	"github.com/networkservicemesh/sdk/pkg/tools/spiffejwt"
+	"github.com/networkservicemesh/sdk/pkg/tools/token"
 	"github.com/networkservicemesh/sdk/pkg/tools/tracing"
 
 	"github.com/networkservicemesh/cmd-nse-vfio/internal/config"
@@ -192,7 +194,9 @@ func main() {
 	clientOptions := append(
 		tracing.WithTracingDial(),
 		grpc.WithBlock(),
-		grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
+		grpc.WithDefaultCallOptions(
+			grpc.WaitForReady(true),
+			grpc.PerRPCCredentials(token.NewPerRPCCredentials(spiffejwt.TokenGeneratorFunc(source, cfg.MaxTokenLifetime)))),
 		grpc.WithTransportCredentials(
 			grpcfd.TransportCredentials(
 				credentials.NewTLS(
@@ -200,9 +204,14 @@ func main() {
 				),
 			),
 		),
+		grpcfd.WithChainStreamInterceptor(),
+		grpcfd.WithChainUnaryInterceptor(),
 	)
 
-	nsRegistryClient := registryclient.NewNetworkServiceRegistryClient(ctx, registryclient.WithClientURL(&cfg.ConnectTo), registryclient.WithDialOptions(clientOptions...))
+	nsRegistryClient := registryclient.NewNetworkServiceRegistryClient(ctx,
+		registryclient.WithClientURL(&cfg.ConnectTo),
+		registryclient.WithDialOptions(clientOptions...),
+		registryclient.WithAuthorizeNSRegistryClient(registryauthorize.NewNetworkServiceRegistryClient()))
 	for i := range cfg.Services {
 		nsName := cfg.Services[i].Name
 		nsPayload := cfg.Services[i].Payload
@@ -222,6 +231,7 @@ func main() {
 			clientinfo.NewNetworkServiceEndpointRegistryClient(),
 			sendfd.NewNetworkServiceEndpointRegistryClient(),
 		),
+		registryclient.WithAuthorizeNSERegistryClient(registryauthorize.NewNetworkServiceEndpointRegistryClient()),
 	)
 	nse, err := nseRegistryClient.Register(ctx, registryEndpoint(listenOn, cfg))
 	if err != nil {