diff --git a/oauth2client/client.go b/oauth2client/client.go
index 5df30e6..d769a7a 100644
--- a/oauth2client/client.go
+++ b/oauth2client/client.go
@@ -11,6 +11,13 @@ import (
 	"time"
 )
 
+type cached struct {
+	access string
+	exp    time.Time
+}
+
+var cache = map[string]cached{}
+
 func Authenticate(server, scope string, w http.ResponseWriter, r *http.Request) error {
 	oauth2server, err := url.Parse(server)
 	if err != nil {
@@ -63,7 +70,10 @@ func login(oauth2server *url.URL, scope string, w http.ResponseWriter, r *http.R
 	url := *r.URL
 	url.Host = r.Host
 	if url.Scheme == "" {
-		url.Scheme = "http"
+		url.Scheme = oauth2server.Scheme
+	}
+	if url.Scheme == "" {
+		url.Scheme = "https"
 	}
 	q := oauth2server.Query()
 	q.Set(oauth2.REDIRECT, url.String())
@@ -73,6 +83,9 @@ func login(oauth2server *url.URL, scope string, w http.ResponseWriter, r *http.R
 }
 
 func verify(access string, oauth2server *url.URL, scope string, w http.ResponseWriter, r *http.Request) error {
+	if v, ok := cache[scope]; ok && v.access == access && time.Now().Before(v.exp) {
+		return nil
+	}
 	oauth2server.Path = "/verify/" + scope
 	data := url.Values{}
 	data.Set("access", access)
@@ -96,6 +109,10 @@ func verify(access string, oauth2server *url.URL, scope string, w http.ResponseW
 	if resp.StatusCode != http.StatusOK {
 		return login(oauth2server, scope, w, r)
 	}
+	cache[scope] = cached{
+		access: access,
+		exp:    time.Now().Add(time.Minute),
+	}
 	return nil
 }