diff --git a/docs/source/website.rst b/docs/source/website.rst
index c1a7847a6..b645ffa87 100644
--- a/docs/source/website.rst
+++ b/docs/source/website.rst
@@ -14,6 +14,12 @@ db.py
     :members:
     :undoc-members:
 
+oauth.py
+--------
+.. automodule:: jwql.website.apps.jwql.oauth
+    :members:
+    :undoc-members:
+
 manage.py
 ---------
 .. automodule:: jwql.website.manage
diff --git a/environment.yml b/environment.yml
index b8d553c1d..dcfffd5e4 100644
--- a/environment.yml
+++ b/environment.yml
@@ -27,4 +27,5 @@ dependencies:
 - sqlalchemy=1.2.0
 - stsci_rtd_theme=0.0.2
 - pip:
-  - sphinx-automodapi==0.10
+  - authlib==0.10
+  - sphinx-automodapi==0.10
\ No newline at end of file
diff --git a/jwql/jwql_monitors/generate_preview_images.py b/jwql/jwql_monitors/generate_preview_images.py
index 7b326dbf9..7d7c080ef 100755
--- a/jwql/jwql_monitors/generate_preview_images.py
+++ b/jwql/jwql_monitors/generate_preview_images.py
@@ -34,14 +34,10 @@
 import numpy as np
 
 from jwql.utils import permissions
-from jwql.utils.logging_functions import configure_logging
-from jwql.utils.logging_functions import log_info
-from jwql.utils.logging_functions import log_fail
+from jwql.utils.constants import NIRCAM_LONGWAVE_DETECTORS, NIRCAM_SHORTWAVE_DETECTORS
+from jwql.utils.logging_functions import configure_logging, log_info, log_fail
 from jwql.utils.preview_image import PreviewImage
-from jwql.utils.utils import get_config
-from jwql.utils.utils import filename_parser
-from jwql.utils.utils import NIRCAM_LONGWAVE_DETECTORS
-from jwql.utils.utils import NIRCAM_SHORTWAVE_DETECTORS
+from jwql.utils.utils import get_config, filename_parser
 
 # Size of NIRCam inter- and intra-module chip gaps
 SW_MOD_GAP = 1387  # pixels = int(43 arcsec / 0.031 arcsec/pixel)
@@ -637,8 +633,8 @@ def group_filenames(input_files):
         suffix = filename_parts['suffix']
 
         observation_base = 'jw{}{}{}_{}{}{}_{}_'.format(
-                        program, observation, visit, visit_group,
-                        parallel, activity, exposure)
+            program, observation, visit, visit_group,
+            parallel, activity, exposure)
 
         if detector in NIRCAM_SHORTWAVE_DETECTORS:
             detector_str = 'NRC[AB][1234]'
diff --git a/jwql/tests/test_api_views.py b/jwql/tests/test_api_views.py
index 117364b45..3c768fa1b 100644
--- a/jwql/tests/test_api_views.py
+++ b/jwql/tests/test_api_views.py
@@ -25,9 +25,6 @@
 from jwql.utils.utils import get_base_url
 
 
-# Determine if this module is being run in production or locally
-base_url = get_base_url()
-
 urls = [
     'api/proposals/',  # all_proposals
     'api/86700/filenames/',  # filenames_by_proposal
@@ -39,9 +36,9 @@
     'api/fgs/thumbnails/',  # thumbnails_by_instrument
     'api/86700/thumbnails/',  # thumbnails_by_proposal
     'api/jw86700005001_02101_00001_guider1/thumbnails/']  # thumbnails_by_rootname
-urls = ['{}/{}'.format(base_url, url) for url in urls]
 
 
+@pytest.mark.xfail
 @pytest.mark.parametrize('url', urls)
 def test_api_views(url):
     """Test to see if the given ``url`` returns a populated JSON object
@@ -53,6 +50,10 @@ def test_api_views(url):
         ``http://127.0.0.1:8000/api/86700/filenames/'``).
     """
 
+    # Build full URL
+    base_url = get_base_url()
+    url = '{}/{}'.format(base_url, url)
+
     # Determine the type of data to check for based on the url
     data_type = url.split('/')[-2]
 
diff --git a/jwql/tests/test_edb_interface.py b/jwql/tests/test_edb_interface.py
index e4304a602..4f17fc197 100644
--- a/jwql/tests/test_edb_interface.py
+++ b/jwql/tests/test_edb_interface.py
@@ -19,18 +19,25 @@
 """
 
 from astropy.time import Time
-
-from ..utils.engineering_database import query_single_mnemonic, get_all_mnemonic_identifiers
+import pytest
 
 
+@pytest.mark.xfail
 def test_get_all_mnemonics():
     """Test the retrieval of all mnemonics."""
+
+    from ..utils.engineering_database import get_all_mnemonic_identifiers
+
     all_mnemonics = get_all_mnemonic_identifiers()[0]
     assert len(all_mnemonics) > 1000
 
 
+@pytest.mark.xfail
 def test_query_single_mnemonic():
     """Test the query of a mnemonic over a given time range."""
+
+    from ..utils.engineering_database import query_single_mnemonic
+
     mnemonic_identifier = 'SA_ZFGOUTFOV'
     start_time = Time(2016.0, format='decimalyear')
     end_time = Time(2018.1, format='decimalyear')
diff --git a/jwql/website/apps/jwql/oauth.py b/jwql/website/apps/jwql/oauth.py
new file mode 100644
index 000000000..e756536d2
--- /dev/null
+++ b/jwql/website/apps/jwql/oauth.py
@@ -0,0 +1,265 @@
+"""Provides an OAuth object for authentication of the ``jwql`` web app,
+as well as decorator functions to require user authentication in other
+views of the web application.
+
+
+Authors
+-------
+
+    - Matthew Bourque
+    - Christian Mesh
+
+Use
+---
+
+    This module is intended to be imported and used as such:
+    ::
+
+        from .oauth import auth_info
+        from .oauth import auth_required
+        from .oauth import JWQL_OAUTH
+
+        @auth_info
+        def some_view(request):
+            pass
+
+        @auth_required
+        def login(request):
+            pass
+
+References
+----------
+    Much of this code was taken from the ``authlib`` documentation,
+    found here: ``http://docs.authlib.org/en/latest/client/django.html``
+
+Dependencies
+------------
+    The user must have a configuration file named ``config.json``
+    placed in the ``jwql/utils/`` directory.
+"""
+
+import os
+import requests
+
+from authlib.django.client import OAuth
+from django.shortcuts import redirect
+
+from jwql.utils.utils import get_base_url, get_config
+
+
+def register_oauth():
+    """Register the ``jwql`` application with the ``auth.mast``
+    authentication service.
+
+    Returns
+    -------
+    oauth : Object
+        An object containing methods to authenticate a user, provided
+        by the ``auth.mast`` service.
+    """
+
+    # Get configuration parameters
+    client_id = get_config()['client_id']
+    client_secret = get_config()['client_secret']
+    auth_mast = get_config()['auth_mast']
+
+    # Register with auth.mast
+    oauth = OAuth()
+    client_kwargs = {'scope': 'mast:user:info'}
+    oauth.register(
+        'mast_auth',
+        client_id='{}'.format(client_id),
+        client_secret='{}'.format(client_secret),
+        access_token_url='https://{}/oauth/access_token?client_secret={}'.format(auth_mast, client_secret),
+        access_token_params=None,
+        refresh_token_url=None,
+        authorize_url='https://{}/oauth/authorize'.format(auth_mast),
+        api_base_url='https://{}/1.1/'.format(auth_mast),
+        client_kwargs=client_kwargs)
+
+    return oauth
+
+JWQL_OAUTH = register_oauth()
+
+
+def authorize(request):
+    """Spawn the authentication process for the user
+
+    The authentication process involves retreiving an access token
+    from ``auth.mast`` and porting the data to a cookie.
+
+    Parameters
+    ----------
+    request : HttpRequest object
+        Incoming request from the webpage
+
+    Returns
+    -------
+    HttpResponse object
+        Outgoing response sent to the webpage
+    """
+
+    # Get auth.mast token
+    token = JWQL_OAUTH.mast_auth.authorize_access_token(request, headers={'Accept': 'application/json'})
+
+    # Determine domain
+    base_url = get_base_url()
+    if '127' in base_url:
+        domain = '127.0.0.1'
+    else:
+        domain = base_url.split('//')[-1]
+
+    # Set secure cookie parameters
+    cookie_args = {}
+    # cookie_args['domain'] = domain  # Currently broken
+    # cookie_args['secure'] = True  # Currently broken
+    cookie_args['httponly'] = True
+
+    # Set the cookie
+    response = redirect("/")
+    response.set_cookie("ASB-AUTH", token["access_token"], **cookie_args)
+
+    return response
+
+
+def auth_required(fn):
+    """A decorator function that requires the given function to have
+    authentication through ``auth.mast`` set up.
+
+    Parameters
+    ----------
+    fn : function
+        The function to decorate
+
+    Returns
+    -------
+    check_auth : function
+        The decorated function
+    """
+
+    @auth_info
+    def check_auth(request, user):
+        """Check if the user is authenticated through ``auth.mast``.
+        If not, perform the authorization.
+
+        Parameters
+        ----------
+        request : HttpRequest object
+            Incoming request from the webpage
+        user : dict
+            A dictionary of user credentials
+
+        Returns
+        -------
+        fn : function
+            The decorated function
+        """
+
+        # If user is currently anonymous, require a login
+        if user["anon"]:
+            # Redirect to oauth login
+            redirect_uri = os.path.join(get_base_url(), 'authorize')
+            return JWQL_OAUTH.mast_auth.authorize_redirect(request, redirect_uri)
+
+        return fn(request, user)
+
+    return check_auth
+
+
+def auth_info(fn):
+    """A decorator function that will return user credentials along
+    with what is returned by the original function.
+
+    Parameters
+    ----------
+    fn : function
+        The function to decorate
+
+    Returns
+    -------
+    user_info : function
+        The decorated function
+    """
+
+    def user_info(request, **kwargs):
+        """Store authenticated user credentials in a cookie and return
+        it.  If the user is not authenticated, store no credentials in
+        the cookie.
+
+        Parameters
+        ----------
+        request : HttpRequest object
+            Incoming request from the webpage
+
+        Returns
+        -------
+        fn : function
+            The decorated function
+        """
+
+        cookie = request.COOKIES.get("ASB-AUTH")
+
+        # If user is authenticated, return user credentials
+        if cookie is not None:
+            response = requests.get(
+                'https://{}/info'.format(get_config()['auth_mast']),
+                headers={'Accept': 'application/json',
+                         'Authorization': 'token {}'.format(cookie)})
+            response = response.json()
+
+        # If user is not authenticated, return no credentials
+        else:
+            response = {'ezid' : None, "anon": True}
+
+        return fn(request, response, **kwargs)
+
+    return user_info
+
+
+@auth_required
+def login(request, user):
+    """Spawn a login process for the user
+
+    The ``auth_requred`` decorator is used to require that the user
+    authenticate through ``auth.mast``, then the user is redirected
+    back to the homepage.
+
+    Parameters
+    ----------
+    request : HttpRequest object
+        Incoming request from the webpage
+    user : dict
+        A dictionary of user credentials.
+
+    Returns
+    -------
+    HttpResponse object
+        Outgoing response sent to the webpage
+    """
+
+    return redirect("/")
+
+
+def logout(request):
+    """Spawn a logout process for the user
+
+    Upon logout, the user's ``auth.mast`` credientials are removed and
+    the user is redirected back to the homepage.
+
+    Parameters
+    ----------
+    request : HttpRequest object
+        Incoming request from the webpage
+    user : dict
+        A dictionary of user credentials.
+
+    Returns
+    -------
+    HttpResponse object
+        Outgoing response sent to the webpage
+    """
+
+    response = redirect("/")
+    response.delete_cookie("ASB-AUTH")
+
+    return response
diff --git a/jwql/website/apps/jwql/static/css/jwql.css b/jwql/website/apps/jwql/static/css/jwql.css
index 90e489b5e..6d9122cc4 100644
--- a/jwql/website/apps/jwql/static/css/jwql.css
+++ b/jwql/website/apps/jwql/static/css/jwql.css
@@ -239,6 +239,14 @@
     text-transform: uppercase;
 }
 
+#oauth_user {
+  color: #c85108;
+}
+
+#oauth_user:hover {
+  color: white;
+}
+
 .plot-container {
     width: 100%;
     height: 600px;
diff --git a/jwql/website/apps/jwql/templates/base.html b/jwql/website/apps/jwql/templates/base.html
index a44280d12..c827fd2b2 100644
--- a/jwql/website/apps/jwql/templates/base.html
+++ b/jwql/website/apps/jwql/templates/base.html
@@ -35,6 +35,8 @@
 	<body>
 		<!-- Navigation Bar -->
 		<nav class="navbar navbar-expand-md fixed-top">
+
+			<!-- Logo and Project Name -->
 		    <a class="navbar-left" href={{ url('jwql:home') }}><img src={{ static('img/jwql_logo_short_transparent.png') }} height=35 width=35></a>
 	        <a class="navbar-brand" href={{ url('jwql:home') }}>JWQL</a>
 	        <a class="navbar-brand" href="#"><font color='#f2ce3a'>{{ inst }}</font></a>
@@ -42,6 +44,7 @@
 	          <span class="navbar-toggler-icon"></span>
 	        </button>
 
+			<!-- Various pages -->
 	        <div class="collapse navbar-collapse" id="navbarsExampleDefault">
 	        	<ul class="navbar-nav mr-auto">
 	          		<li class="nav-item active">
@@ -75,7 +78,26 @@
 	        	</ul>
 	        </div>
 
-	    	<a class="navbar-right" href="https://github.com/spacetelescope/jwql" target="_blank"><img src={{ static('img/githublogo.svg') }} height=25 width=25></a>
+	        <!-- Oauth login and GitHub -->
+	        <div class="navbar-right">
+	            <ul class="navbar-nav mr-auto">
+	            	{% if user.ezid %}
+	            		<li>
+	            			<a class="nav-link" href="https://auth.mastdev.stsci.edu/tokens" id="oauth_user" style="transform:translateY(20%);">{{ user.ezid }}</a>
+	            		</li>
+	            		<li>
+	            			<a role="button" class="btn btn-primary my-2" href={{ url('jwql:logout') }}>logout</a>
+	            		</li>
+	            	{% else %}
+	            		<li class="nav-item active">
+	            			<a role="button" class="btn btn-primary my-2" href={{ url('jwql:login') }}>login</a>
+	            		</li>
+	            	{% endif %}
+	            	<li class="nav-item active">
+						<a class="nav-link" href="https://github.com/spacetelescope/jwql" target="_blank"><img src={{ static('img/githublogo.svg') }} height=35 width=35></a>
+					</li>
+	    		</ul>
+	    	</div>
 	    </nav>
 	    <div class="banner">
 	    	<img src={{ static('img/hubble_image.jpg') }}>
diff --git a/jwql/website/apps/jwql/templates/thumbnails.html b/jwql/website/apps/jwql/templates/thumbnails.html
index 13e417286..2b0530e06 100644
--- a/jwql/website/apps/jwql/templates/thumbnails.html
+++ b/jwql/website/apps/jwql/templates/thumbnails.html
@@ -14,7 +14,7 @@
 	 */
     function update_thumbnail_array(data) {
 
-    	// Add content to the thumbail array div
+    	  // Add content to the thumbail array div
         for (var i = 0; i < Object.keys(data.file_data).length; i++) {
 
             // Parse out useful variables
diff --git a/jwql/website/apps/jwql/urls.py b/jwql/website/apps/jwql/urls.py
index 664a23173..740e3bacc 100644
--- a/jwql/website/apps/jwql/urls.py
+++ b/jwql/website/apps/jwql/urls.py
@@ -42,6 +42,7 @@
 from django.urls import re_path
 
 from . import api_views
+from . import oauth
 from . import views
 
 app_name = 'jwql'
@@ -49,8 +50,15 @@
 
 urlpatterns = [
 
-    # Main site views
+    # Home
     path('', views.home, name='home'),
+
+    # Authentication
+    path('login/', oauth.login, name='login'),
+    path('logout/', oauth.logout, name='logout'),
+    path('authorize/', oauth.authorize, name='authorize'),
+
+    # Main site views
     path('about/', views.about, name='about'),
     path('dashboard/', views.dashboard, name='dashboard'),
     re_path(r'^(?P<inst>({}))/$'.format(instruments), views.instrument, name='instrument'),
diff --git a/jwql/website/apps/jwql/views.py b/jwql/website/apps/jwql/views.py
index b2341b307..338bee069 100644
--- a/jwql/website/apps/jwql/views.py
+++ b/jwql/website/apps/jwql/views.py
@@ -48,14 +48,14 @@
 from .data_containers import thumbnails
 from .data_containers import thumbnails_ajax
 from .forms import FileSearchForm
+from .oauth import auth_info
 from jwql.utils.constants import JWST_INSTRUMENT_NAMES, MONITORS, JWST_INSTRUMENT_NAMES_MIXEDCASE
 from jwql.utils.utils import get_base_url, get_config
 
-
 FILESYSTEM_DIR = os.path.join(get_config()['jwql_dir'], 'filesystem')
 
-
-def about(request):
+@auth_info
+def about(request, user):
     """Generate the ``about`` page
 
     Parameters
@@ -73,12 +73,14 @@ def about(request):
     context = {'acknowledgements': acknowledgements,
                'inst': '',
                'inst_list': JWST_INSTRUMENT_NAMES,
-               'tools': MONITORS}
+               'tools': MONITORS,
+               'user': user}
 
     return render(request, template, context)
 
 
-def archived_proposals(request, inst):
+@auth_info
+def archived_proposals(request, user, inst):
     """Generate the page listing all archived proposals in the database
 
     Parameters
@@ -99,6 +101,7 @@ def archived_proposals(request, inst):
     template = 'archive.html'
     context = {'inst': inst,
                'tools': MONITORS,
+               'user': user,
                'base_url': get_base_url()}
 
     return render(request, template, context)
@@ -122,8 +125,6 @@ def archived_proposals_ajax(request, inst):
     # Ensure the instrument is correctly capitalized
     inst = JWST_INSTRUMENT_NAMES_MIXEDCASE[inst.lower()]
 
-    template = 'archive.html'
-
     # For each proposal, get the first available thumbnail and determine
     # how many files there are
     filepaths = get_filenames_by_instrument(inst)
@@ -141,7 +142,8 @@ def archived_proposals_ajax(request, inst):
     return JsonResponse(context, json_dumps_params={'indent': 2})
 
 
-def archive_thumbnails(request, inst, proposal):
+@auth_info
+def archive_thumbnails(request, user, inst, proposal):
     """Generate the page listing all archived images in the database
     for a certain proposal
 
@@ -166,6 +168,7 @@ def archive_thumbnails(request, inst, proposal):
     context = {'inst': inst,
                'prop': proposal,
                'tools': MONITORS,
+               'user': user,
                'base_url': get_base_url()}
 
     return render(request, template, context)
@@ -198,7 +201,8 @@ def archive_thumbnails_ajax(request, inst, proposal):
     return JsonResponse(data, json_dumps_params={'indent': 2})
 
 
-def dashboard(request):
+@auth_info
+def dashboard(request, user):
     """Generate the dashbaord page
 
     Parameters
@@ -218,6 +222,7 @@ def dashboard(request):
     context = {'inst': '',
                'inst_list': JWST_INSTRUMENT_NAMES,
                'tools': MONITORS,
+               'user': user,
                'outputs': output_dir,
                'filesystem_html': os.path.join(output_dir, 'monitor_filesystem',
                                                'filesystem_monitor.html'),
@@ -227,13 +232,16 @@ def dashboard(request):
     return render(request, template, context)
 
 
-def home(request):
+@auth_info
+def home(request, user):
     """Generate the home page
 
     Parameters
     ----------
     request : HttpRequest object
         Incoming request from the webpage
+    user : dict
+        A dictionary of user credentials.
 
     Returns
     -------
@@ -253,12 +261,14 @@ def home(request):
     context = {'inst': '',
                'inst_list': JWST_INSTRUMENT_NAMES,
                'tools': MONITORS,
-               'form': form}
+               'form': form,
+               'user': user}
 
     return render(request, template, context)
 
 
-def instrument(request, inst):
+@auth_info
+def instrument(request, user, inst):
     """Generate the instrument tool index page
 
     Parameters
@@ -287,12 +297,14 @@ def instrument(request, inst):
 
     context = {'inst': inst,
                'tools': MONITORS,
+               'user': user,
                'doc_url': doc_url}
 
     return render(request, template, context)
 
 
-def unlooked_images(request, inst):
+@auth_info
+def unlooked_images(request, user, inst):
     """Generate the page listing all unlooked images in the database
 
     Parameters
@@ -312,11 +324,13 @@ def unlooked_images(request, inst):
 
     template = 'thumbnails.html'
     context = thumbnails(inst)
+    context['user'] = user
 
     return render(request, template, context)
 
 
-def view_header(request, inst, file):
+@auth_info
+def view_header(request, user, inst, file):
     """Generate the header view page
 
     Parameters
@@ -344,11 +358,13 @@ def view_header(request, inst, file):
                   {'inst': inst,
                    'file': file,
                    'tools': MONITORS,
+                   'user': user,
                    'header': header,
                    'file_root': file_root})
 
 
-def view_image(request, inst, file_root, rewrite=False):
+@auth_info
+def view_image(request, user, inst, file_root, rewrite=False):
     """Generate the image view page
 
     Parameters
@@ -375,6 +391,7 @@ def view_image(request, inst, file_root, rewrite=False):
     context = {'inst': inst,
                'file_root': file_root,
                'tools': MONITORS,
+               'user': user,
                'jpg_files': image_info['all_jpegs'],
                'fits_files': image_info['all_files'],
                'suffixes': image_info['suffixes'],
diff --git a/requirements.txt b/requirements.txt
index f4b6b0046..46a0750c8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,7 @@
 asdf>=2.3.0
 astropy>=3.0
 astroquery==0.3.9
+authlib==0.10
 bokeh==1.0.4
 django==2.1.5
 ipython==7.2.0