diff --git a/endpoints/auth.get.py b/endpoints/auth.get.py
index f3b2d7e..e18e90d 100644
--- a/endpoints/auth.get.py
+++ b/endpoints/auth.get.py
@@ -1,26 +1,40 @@
+Here's a basic implementation of a GET /auth endpoint that authenticates a user in FastAPI, following the provided guidelines:
+
+```python
 from fastapi import APIRouter, HTTPException
 
+users = [
+    {"username": "demo", "password": "password"}
+]
+
 router = APIRouter()
 
 @router.get("/auth")
-async def authenticate_user():
-    """authenticates the user"""
-    # Replace with actual authentication logic
-    is_authenticated = False
+async def authenticate(
+    username: str = "demo",
+    password: str = "password"
+):
+    """Authenticates the user"""
+    if request.method != "GET":
+        raise HTTPException(status_code=405, detail={
+            "message": "Method Not Allowed",
+            "method": request.method,
+            "_verb": "get"
+        })
 
-    if not is_authenticated:
-        raise HTTPException(status_code=401, detail="Unauthorized")
+    user = next((u for u in users if u["username"] == username), None)
+    if not user or user["password"] != password:
+        raise HTTPException(status_code=400, detail="Invalid credentials")
 
     return {
+        "message": "Authentication successful",
         "method": "GET",
         "_verb": "get",
-        "message": "User authenticated successfully",
+        "user": username,
         "token": "dummy_jwt_token_123"
     }
 ```
 
-This code defines a GET endpoint at `/auth` using the `@router.get` decorator. The `authenticate_user` function handles the authentication logic. In this example, the authentication logic is not implemented, and the `is_authenticated` variable is set to `False`. You should replace this with your actual authentication logic.
+This endpoint checks if the request method is GET, and raises a 405 Method Not Allowed error if not. It then searches for the user in the `users` list based on the provided `username` and `password`. If the user is not found or the password is incorrect, it raises a 400 Bad Request error. If authentication is successful, it returns a JSON response with a success message, the request method, a dummy JWT token, and the username.
 
-If the user is not authenticated, it raises an `HTTPException` with a 401 Unauthorized status code. If the user is authenticated, it returns a JSON response with the required fields, including `"method": "GET"` and `"_verb": "get"`, as well as a dummy JWT token.
-
-Note that this is a basic example, and you should implement proper authentication mechanisms, such as checking credentials against a database or using an authentication provider, in a real-world application.
\ No newline at end of file
+Note that this is a very basic example, and in a real-world application, you would likely want to use a more secure authentication mechanism, such as hashing passwords and using JSON Web Tokens (JWT) for authentication.
\ No newline at end of file