diff --git a/fclauncher/auth.go b/fclauncher/auth.go
index ce352b0..11ec9bd 100644
--- a/fclauncher/auth.go
+++ b/fclauncher/auth.go
@@ -100,6 +100,17 @@ type McAuthResponse struct {
 	Token_type   string
 }
 
+func getHTTPRedirect(w http.ResponseWriter, r *http.Request, srv *http.Server, code *string) {
+	r.ParseForm()
+	fmt.Printf("Response Code: %s\n", r.Form.Get("code"))
+	if r.Form.Get("code") != "" {
+		*code = r.Form.Get("code")
+		io.WriteString(w, "You can now close this window and return to the application.")
+	} else {
+		srv.Shutdown(r.Context())
+	}
+}
+
 func AuthCode(a App) (authenticationResp, error) {
 	authentication := authenticationResp{}
 	resp, err := http.PostForm("https://login.microsoftonline.com/consumers/oauth2/v2.0/devicecode", url.Values{
@@ -142,12 +153,32 @@ func AuthCode(a App) (authenticationResp, error) {
 }
 
 func OAuth2(a App) (authenticationResp, error) {
+	code := "code"
+	srv := http.Server{Addr: ":5000"}
 	authentication := authenticationResp{}
-	verrifier := make([]byte, 256)
-	rand.Read(verrifier)
-	challenge := sha256.Sum256(verrifier)
+	verifier := make([]byte, 128)
+	rand.Read(verifier)
+	verifier_string := base64.RawURLEncoding.EncodeToString(verifier)
+	challenge := sha256.Sum256([]byte(verifier_string))
+	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { getHTTPRedirect(w, r, &srv, &code) })
 	openbrowser("https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=" + client_id + "&response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1%3A5000&response_mode=query&scope=XboxLive.signin&state=12345&code_challenge=" + base64.RawURLEncoding.EncodeToString(challenge[:]) + "&code_challenge_method=S256")
-	return authentication, fmt.Errorf("Unknown error")
+	srv.ListenAndServe()
+	fmt.Printf("continuing auth\n")
+	resp, err := http.PostForm("https://login.microsoftonline.com/consumers/oauth2/v2.0/token", url.Values{
+		"grant_type":    {"authorization_code"},
+		"code":          {code},
+		"redirect_uri":  {"http://127.0.0.1:5000"},
+		"code_verifier": {verifier_string},
+		"client_id":     {client_id},
+	})
+	if err != nil {
+		return authenticationResp{}, fmt.Errorf("unable to request token: %e\n", err)
+	}
+	defer resp.Body.Close()
+	data, _ := io.ReadAll(resp.Body)
+	json.Unmarshal(data, &authentication)
+	//fmt.Printf("auth data: %s\n", data)
+	return authentication, nil
 }
 
 func TokenRefresh(app App, auth authenticationResp) (authenticationResp, error) {