diff --git a/Socialvoid/Client/SocialvoidClient.cs b/Socialvoid/Client/SocialvoidClient.cs
index 8adf7b6..a2505d6 100644
--- a/Socialvoid/Client/SocialvoidClient.cs
+++ b/Socialvoid/Client/SocialvoidClient.cs
@@ -17,9 +17,11 @@
  */
 
 using System;
+using System.Text;
 using System.Net.Http;
 using System.IO;
 using Socialvoid.Security;
+using Socialvoid.Security.Otp;
 using Socialvoid.JObjects;
 using Socialvoid.Errors.ServerErrors;
 using Socialvoid.Errors.AuthenticationErrors;
@@ -341,9 +343,18 @@ namespace Socialvoid.Client
 		/// <exception cref="TwoFactorAuthenticationRequiredException">
 		/// Thrown if two-factor authentication is required.
 		/// </exception>
-		public virtual void AuthenticateUser(SessionIdentification sessionID,
-			string username, string password, string otp = null)
+		public virtual void AuthenticateUser(string username, string password,
+			string otp = null, SessionIdentification sessionID = null)
 		{
+			if (sessionID == null && _session != null)
+			{
+				sessionID = new()
+				{
+					SessionID = _session.SessionID,
+					ClientPublicHash = PublicHash
+				};
+			}
+
 			JArgs args = new(){
 				{UsernameKey, username},
 				{PasswordKey, password},
@@ -357,12 +368,14 @@ namespace Socialvoid.Client
 			if (IsOtpValid(otp))
 			{
 				args.Add(OtpKey, otp);
+				sessionID.ChallengeAnswer = otp;
 			}
-			else if (_should_otp && IsOtpValid(otp))
+			else if (_should_otp && IsOtpValid(_otp))
 			{
 				// after adding otp answer to args, don't forget to set
 				// _should_otp to false (and _otp to null).
 				args.Add(OtpKey, _otp);
+				sessionID.ChallengeAnswer = _otp;
 				_should_otp = false;
 				_otp = null;
 			}
@@ -384,7 +397,9 @@ namespace Socialvoid.Client
 		/// </summary>
 		protected internal virtual string GetChallengeAnswer(string secret)
 		{
-			return null;
+			var otp = new Totp(Encoding.UTF8.GetBytes(secret));
+			return KeyGeneration.GetSha1(otp.ComputeTotp() + PrivateHash);;
+			//return null;
 		}
 
 		#endregion
@@ -582,6 +597,7 @@ namespace Socialvoid.Client
 
 			return jresp;
 		}
+		
 		#endregion
 		//-------------------------------------------------
 	}
diff --git a/Socialvoid/Security/Otp/KeyGeneration.cs b/Socialvoid/Security/Otp/KeyGeneration.cs
index 3cee5a8..0963eab 100644
--- a/Socialvoid/Security/Otp/KeyGeneration.cs
+++ b/Socialvoid/Security/Otp/KeyGeneration.cs
@@ -23,6 +23,7 @@
 
 
 using System;
+using System.Text;
 using System.Security.Cryptography;
 
 namespace Socialvoid.Security.Otp
@@ -100,7 +101,7 @@ namespace Socialvoid.Security.Otp
 				DeriveKeyFromMaster(masterKey, 
 					KeyUtilities.GetBigEndianBytes(serialNumber), mode);
 
-		private static HashAlgorithm GetHashAlgorithmForMode(OtpHashMode mode)
+		internal static HashAlgorithm GetHashAlgorithmForMode(OtpHashMode mode)
 		{
 			switch(mode)
 			{
@@ -113,7 +114,7 @@ namespace Socialvoid.Security.Otp
 			}
 		}
 
-		private static int LengthForMode(OtpHashMode mode)
+		internal static int LengthForMode(OtpHashMode mode)
 		{
 			switch(mode)
 			{
@@ -125,7 +126,17 @@ namespace Socialvoid.Security.Otp
 					return 20;
 			}
 		}
-		
+		internal static string GetSha1(string value)
+		{
+			var data = Encoding.ASCII.GetBytes(value);
+			var hashData = new SHA1Managed().ComputeHash(data);
+			var hash = string.Empty;
+			foreach (var b in hashData)
+			{
+				hash += b.ToString("X2");
+			}
+			return hash;
+		}
 		#endregion
 		//-------------------------------------------------
 	}
diff --git a/Socialvoid/Security/SessionEstablished.cs b/Socialvoid/Security/SessionEstablished.cs
index 5144fdf..c3b0079 100644
--- a/Socialvoid/Security/SessionEstablished.cs
+++ b/Socialvoid/Security/SessionEstablished.cs
@@ -24,13 +24,13 @@ namespace Socialvoid.Security
 		/// <code> since: v0.0.0 </code>
 		/// </summary>
 		[JsonPropertyName("id")]
-		public string SessionID { get; internal set; }
+		public string SessionID { get; set; }
 		/// <summary>
 		/// The Public Hash of the client used when establishing the session.
 		/// <code> since: v0.0.0 </code>
 		/// </summary>
 		[JsonPropertyName("challenge")]
-		internal string ChallengeSecret { get; set; }
+		public string ChallengeSecret { get; set; }
 		#endregion
 		//-------------------------------------------------
 		#region static field's Region
@@ -53,7 +53,7 @@ namespace Socialvoid.Security
 		/// <summary>
 		///
 		/// </summary>
-		private SessionEstablished()
+		public SessionEstablished()
 		{
 			;// make is private, so user use `EstablishNew` static method.
 		}
diff --git a/Tests/Client/AuthenticateUser.cs b/Tests/Client/AuthenticateUser.cs
index 4f28111..1c9e67f 100644
--- a/Tests/Client/AuthenticateUser.cs
+++ b/Tests/Client/AuthenticateUser.cs
@@ -47,7 +47,7 @@ namespace Tests.Client
 				SocialvoidClient.GetClient(publicHash, 
 					privateHash, platform, name, version);
 			myClient.CreateSession();
-			myClient.AuthenticateUser(new(), "aliwoto", "12345678");
+			myClient.AuthenticateUser("aliwoto", "12345678");
 		}