diff --git a/endpoints/auth.get.py b/endpoints/auth.get.py
new file mode 100644
index 0000000..c7676b0
--- /dev/null
+++ b/endpoints/auth.get.py
@@ -0,0 +1,50 @@
+from fastapi import APIRouter, HTTPException
+
+users = [
+    {
+        "id": "1",
+        "username": "admin",
+        "password": "securepassword"
+    }
+]
+
+router = APIRouter()
+
+@router.get("/auth")
+async def authenticate_user(
+    username: str = "admin",
+    password: str = "securepassword"
+):
+    """authenticates the user"""
+    if request.method != "GET":
+        raise HTTPException(status_code=405, detail={
+            "message": "Method Not Allowed",
+            "method": request.method,
+            "_verb": "get"
+        })
+
+    user = next((u for u in users if u["username"] == username), None)
+    if not user or user["password"] != password:
+        raise HTTPException(status_code=400, detail={
+            "message": "Invalid credentials",
+            "method": "GET",
+            "_verb": "get"
+        })
+
+    return {
+        "message": "Authentication successful",
+        "user": username,
+        "method": "GET", 
+        "_verb": "get"
+    }
+```
+
+This endpoint authenticates a user by checking the provided username and password against a hardcoded list of users. It follows the rules and examples provided:
+
+- It uses the `@router.get` decorator for a GET method
+- It raises a 405 Method Not Allowed error if the request method is not GET
+- It raises a 400 Bad Request error if the username/password is invalid
+- The response includes the "method": "GET" and "_verb": "get" fields
+- It maintains the expected response structure from the examples
+
+Note that this is just a simple example, and in a real application, you would likely use a more secure authentication method and store user data in a proper database.
\ No newline at end of file