diff --git a/include/toksvc/toksvc.h b/include/toksvc/toksvc.h
index 1f3e571..71f490f 100644
--- a/include/toksvc/toksvc.h
+++ b/include/toksvc/toksvc.h
@@ -119,7 +119,8 @@ toks_api void toks_free_driver_ctx      (struct toks_driver_ctx *);
 
 /* core api */
 
-/* helper api */
+/* client api */
+toks_api int  toks_client_connect       (struct toks_driver_ctx *);
 
 /* utility api */
 toks_api int  toks_main                 (char **, char **);
diff --git a/project/common.mk b/project/common.mk
index c3c85c4..0fbf8de 100644
--- a/project/common.mk
+++ b/project/common.mk
@@ -1,6 +1,7 @@
 API_SRCS = \
 
 INTERNAL_SRCS = \
+	src/client/toks_client_connect.c \
 	src/daemon/toks_daemon_connect.c \
 	src/daemon/toks_daemon_init.c \
 	src/daemon/toks_daemon_loop.c \
diff --git a/project/tree.mk b/project/tree.mk
index 801a85e..d95637b 100644
--- a/project/tree.mk
+++ b/project/tree.mk
@@ -1,4 +1,5 @@
 TREE_DIRS     = bin src lib \
+		src/client \
 		src/daemon \
 		src/driver \
 		src/internal \
diff --git a/src/client/toks_client_connect.c b/src/client/toks_client_connect.c
new file mode 100644
index 0000000..09983de
--- /dev/null
+++ b/src/client/toks_client_connect.c
@@ -0,0 +1,58 @@
+/*********************************************************/
+/*  toksvc: a framework-native token broker service      */
+/*  Copyright (C) 2020  Z. Gilboa                        */
+/*  Released under GPLv2 and GPLv3; see COPYING.TOKSVC.  */
+/*********************************************************/
+
+#include <psxtypes/psxtypes.h>
+#include <ntapi/ntapi.h>
+
+#include <toksvc/toksvc.h>
+#include "toksvc_driver_impl.h"
+
+int32_t toks_client_connect(struct toks_driver_ctx * dctx)
+{
+	int32_t			status;
+	void *			hsvclink;
+	void *			hservice;
+	nt_unicode_string	name;
+	nt_guid_str_utf16	guid;
+	nt_oa			oa;
+	nt_sqos			sqos = {
+					sizeof(sqos),
+					NT_SECURITY_ANONYMOUS,
+					NT_SECURITY_TRACKING_STATIC,
+					1};
+
+	ntapi->tt_guid_to_string_utf16(
+		toks_get_driver_uuid(dctx),
+		&guid);
+
+	name.strlen = sizeof(guid);
+	name.maxlen = 0;
+	name.buffer = &guid.lbrace;
+
+	oa.len		= sizeof(oa);
+	oa.root_dir	= toks_get_driver_hsvcdir(dctx);
+	oa.obj_name	= &name;
+	oa.obj_attr	= NT_OBJ_INHERIT;
+	oa.sec_desc	= 0;
+	oa.sec_qos	= &sqos;
+
+	if ((status = ntapi->zw_open_symbolic_link_object(
+			&hsvclink,
+			NT_SYMBOLIC_LINK_QUERY,
+			&oa)))
+		return status;
+
+	toks_set_driver_hsvclink(
+		dctx,hsvclink);
+
+	if ((ntapi->ipc_connect_by_symlink(&hservice,hsvclink)))
+		return status;
+
+	toks_set_driver_hservice(
+		dctx,hservice);
+
+	return NT_STATUS_SUCCESS;
+}
diff --git a/src/driver/toks_driver_ctx.c b/src/driver/toks_driver_ctx.c
index a214c71..269b846 100644
--- a/src/driver/toks_driver_ctx.c
+++ b/src/driver/toks_driver_ctx.c
@@ -245,6 +245,11 @@ int toks_get_driver_ctx(
 				case TAG_UUID:
 					uuid = entry;
 					break;
+
+				case TAG_CONNECT:
+					cctx.drvflags &= ~(uint64_t)TOKS_DRIVER_MODE_SERVER;
+					cctx.drvflags |= TOKS_DRIVER_MODE_CLIENT;
+					break;
 			}
 		} else
 			/* strict */
@@ -305,6 +310,10 @@ int toks_get_driver_ctx(
 		if (toks_daemon_init(&toks_daemon_ctx,&ctx->uuid))
 			return toks_get_driver_ctx_fail(meta);
 
+	if (cctx.drvflags & TOKS_DRIVER_MODE_CLIENT)
+		if (toks_client_connect(&ctx->ctx))
+			return toks_get_driver_ctx_fail(meta);
+
 	*pctx = &ctx->ctx;
 	return TOKS_OK;
 }
diff --git a/src/internal/toksvc_driver_impl.h b/src/internal/toksvc_driver_impl.h
index 7ceada2..61a7bf1 100644
--- a/src/internal/toksvc_driver_impl.h
+++ b/src/internal/toksvc_driver_impl.h
@@ -23,6 +23,7 @@ enum app_tags {
 	TAG_DAEMON,
 	TAG_SYSROOT,
 	TAG_UUID,
+	TAG_CONNECT,
 };
 
 struct toks_ticks {
@@ -46,6 +47,7 @@ struct toks_driver_ctx_impl {
 	void *			hevent;
 	void *			hsvcdir;
 	void *			hsvclink;
+	void *			hservice;
 	nt_guid			uuid;
 };
 
@@ -103,6 +105,20 @@ static inline void toks_set_driver_hsvclink(const struct toks_driver_ctx * dctx,
 	ictx->hsvclink = hsvclink;
 }
 
+static inline void * toks_get_driver_hservice(const struct toks_driver_ctx * dctx)
+{
+	struct toks_driver_ctx_impl * ictx;
+	ictx = toks_get_driver_ictx(dctx);
+	return ictx->hservice;
+}
+
+static inline void toks_set_driver_hservice(const struct toks_driver_ctx * dctx, void * hservice)
+{
+	struct toks_driver_ctx_impl * ictx;
+	ictx = toks_get_driver_ictx(dctx);
+	ictx->hservice = hservice;
+}
+
 static inline const nt_guid * toks_get_driver_uuid(const struct toks_driver_ctx * dctx)
 {
 	struct toks_driver_ctx_impl * ictx;
diff --git a/src/skin/toks_skin_default.c b/src/skin/toks_skin_default.c
index 0fe9d3e..2a1d4f7 100644
--- a/src/skin/toks_skin_default.c
+++ b/src/skin/toks_skin_default.c
@@ -22,5 +22,8 @@ const struct argv_option toks_default_options[] = {
 	{"uuid",		'u',TAG_UUID,ARGV_OPTARG_REQUIRED,0,0,"<uuid>",
 				"set the service identifier to %s."},
 
+	{"connect",		'c',TAG_CONNECT,ARGV_OPTARG_NONE,0,0,0,
+				"connect to the server without placing any request"},
+
 	{0,0,0,0,0,0,0,0}
 };