you can get a zedtoken back from a check request as well, but that will only ensure that you evaluate the permissions from a point in time after the check