diff --git a/src/server/express/a2a_express_app.ts b/src/server/express/a2a_express_app.ts
index f186da05..bfb073e5 100644
--- a/src/server/express/a2a_express_app.ts
+++ b/src/server/express/a2a_express_app.ts
@@ -10,7 +10,10 @@ export class A2AExpressApp {
   private requestHandler: A2ARequestHandler;
   private userBuilder?: UserBuilder;
 
-  constructor(requestHandler: A2ARequestHandler, userBuilder?: UserBuilder) {
+  constructor(
+    requestHandler: A2ARequestHandler,
+    userBuilder: UserBuilder = UserBuilder.NoAuthentication
+  ) {
     this.requestHandler = requestHandler;
     this.userBuilder = userBuilder;
   }
diff --git a/src/server/express/common.ts b/src/server/express/common.ts
index 4e9964cc..50f0d251 100644
--- a/src/server/express/common.ts
+++ b/src/server/express/common.ts
@@ -1,4 +1,8 @@
 import { Request } from 'express';
-import { User } from '../authentication/user.js';
+import { UnauthenticatedUser, User } from '../authentication/user.js';
 
 export type UserBuilder = (req: Request) => Promise<User>;
+
+export const UserBuilder = {
+  NoAuthentication: () => Promise.resolve(new UnauthenticatedUser()),
+};
diff --git a/src/server/express/index.ts b/src/server/express/index.ts
index 954ac9ec..5a643cc8 100644
--- a/src/server/express/index.ts
+++ b/src/server/express/index.ts
@@ -4,4 +4,4 @@
  */
 
 export { A2AExpressApp } from './a2a_express_app.js';
-export type { UserBuilder } from './common.js';
+export { UserBuilder } from './common.js';
diff --git a/src/server/express/json_rpc_handler.ts b/src/server/express/json_rpc_handler.ts
index 0a27263e..2482e29c 100644
--- a/src/server/express/json_rpc_handler.ts
+++ b/src/server/express/json_rpc_handler.ts
@@ -17,7 +17,7 @@ import { UserBuilder } from './common.js';
 
 export interface JsonRpcHandlerOptions {
   requestHandler: A2ARequestHandler;
-  userBuilder?: UserBuilder;
+  userBuilder: UserBuilder;
 }
 
 /**
@@ -37,7 +37,7 @@ export function jsonRpcHandler(options: JsonRpcHandlerOptions): RequestHandler {
 
   router.post('/', async (req: Request, res: Response) => {
     try {
-      const user = await options.userBuilder?.(req);
+      const user = await options.userBuilder(req);
       const context = new ServerCallContext(
         getRequestedExtensions(req.header(HTTP_EXTENSION_HEADER)),
         user ?? new UnauthenticatedUser()