diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4196746
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+auth.db
\ No newline at end of file
diff --git a/goauth20 b/goauth20
index 5935d01..ccdefe2 100755
Binary files a/goauth20 and b/goauth20 differ
diff --git a/routes.auth.go b/routes.auth.go
index 6affdde..129f478 100644
--- a/routes.auth.go
+++ b/routes.auth.go
@@ -1,13 +1,53 @@
 package main
 
 import (
+	"bytes"
+	"encoding/json"
 	"fmt"
+	"html/template"
+	"log"
 	"net/http"
+	"net/url"
+	"strconv"
 )
 
+//File structure du fichier
+type File struct {
+	Name  string
+	Other string
+}
+
+type JsonToken struct {
+	clientID     string `json:"client_id"`
+	clientSecret string `json:"client_secret"`
+	grantType    string `json:"grant_type"`
+	redirectURI  string `json:"redirect_uri"`
+	code         string `json:"code"`
+}
+
+type token struct {
+	accessToken  string `json:"access_token"`
+	tokenType    string `json:"token_type"`
+	expiresIn    int    `json:"expires_in"`
+	refreshToken string `json:"refresh_token"`
+}
+
 func (s *server) handleIndex() http.HandlerFunc {
 	return func(rw http.ResponseWriter, r *http.Request) {
-		fmt.Fprintf(rw, "Welcome to Goflix")
+		rw.Header().Set("Content-Type", "text/html")
+		rw.WriteHeader(http.StatusOK)
+
+		t, err := template.ParseFiles("template/jwt.html")
+		if err != nil {
+			fmt.Errorf("erreur suivante %v", err)
+		}
+
+		f := File{Name: "Drogou", Other: "Dans le fichier"}
+
+		err = t.Execute(rw, f)
+		if err != nil {
+			fmt.Errorf("erreur suivante %v", err)
+		}
 	}
 
 }
@@ -15,5 +55,60 @@ func (s *server) handleIndex() http.HandlerFunc {
 func (s *server) handleRedirect() http.HandlerFunc {
 	return func(rw http.ResponseWriter, r *http.Request) {
 
+		codes, _ := r.URL.Query()["code"]
+		jsonStr := constJsonToken(codes[0])
+
+		apiURL := "https://api.XXX.XXX.XXX/auth/v1/oauth2.0/accessToken"
+		data := url.Values{}
+		data.Set("client_id", jsonStr.clientID)
+		data.Set("client_secret", jsonStr.clientSecret)
+		data.Set("grant_type", jsonStr.grantType)
+		data.Set("redirect_uri", jsonStr.redirectURI)
+		data.Set("code", jsonStr.code)
+
+		client := &http.Client{}
+		req, err := http.NewRequest("POST", apiURL, bytes.NewBufferString(data.Encode()))
+		req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+		req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))
+		req.Header.Add("Accept", "application/json")
+
+		resp, err := client.Do(req)
+		if err != nil {
+			panic(err)
+		}
+
+		fmt.Println("response Status:", resp.Status)
+		fmt.Println("response Headers:", resp.Header)
+		var t interface{}
+		// here's the trick
+		json.NewDecoder(resp.Body).Decode(&t)
+
+		if err != nil {
+			log.Printf("Cannot parse token body err=%v", err)
+			s.response(rw, r, nil, http.StatusBadGateway)
+			return
+		}
+		defer resp.Body.Close()
+
+		fmt.Println(t.(interface{}).(map[string]interface{})["access_token"])
+
+		if err != nil {
+			log.Printf("Cannot parse token body err=%v", err)
+			s.response(rw, r, nil, http.StatusBadGateway)
+			return
+		}
+
+		s.response(rw, r, t, http.StatusOK)
+
+	}
+}
+
+func constJsonToken(code string) JsonToken {
+	return JsonToken{
+		clientID:     "meg-test-interne",
+		clientSecret: "YNVZF88dD4vny59k",
+		grantType:    "authorization_code",
+		redirectURI:  "http://localhost:8080/callback",
+		code:         code,
 	}
 }
diff --git a/routes.go b/routes.go
index 37fc73b..e6127e5 100644
--- a/routes.go
+++ b/routes.go
@@ -1,6 +1,6 @@
 package main
 
 func (s *server) routes() {
-	s.router.HandleFunc("/", s.handleIndex()).Methods("GET")
+	s.router.HandleFunc("/index", s.handleIndex()).Methods("GET")
 	s.router.HandleFunc("/oauth/redirect", s.handleRedirect()).Methods("GET")
 }
diff --git a/server.go b/server.go
index 7d2ef9e..da2123f 100644
--- a/server.go
+++ b/server.go
@@ -1,6 +1,8 @@
 package main
 
 import (
+	"encoding/json"
+	"log"
 	"net/http"
 
 	"github.com/gorilla/mux"
@@ -15,9 +17,30 @@ func newServer() *server {
 	s := &server{
 		router: mux.NewRouter(),
 	}
+	s.routes()
 	return s
 }
 
 func (s *server) serveHTTP(rw http.ResponseWriter, r *http.Request) {
 	logRequestMiddleware(s.router.ServeHTTP).ServeHTTP(rw, r)
 }
+
+func (s *server) response(rw http.ResponseWriter, _ *http.Request, data interface{}, status int) {
+	rw.Header().Add("Content-type", "application/json")
+	rw.WriteHeader(status)
+
+	if data == nil {
+		return
+	}
+
+	err := json.NewEncoder(rw).Encode(data)
+	if err != nil {
+		log.Printf("Cannot encode to json (err=%v)\n", err)
+	}
+
+}
+
+func (s *server) decode(rw http.ResponseWriter, r *http.Request, v interface{}) error {
+	return json.NewDecoder(r.Body).Decode(v)
+
+}
diff --git a/template/jwt.html b/template/jwt.html
new file mode 100644
index 0000000..cf6584b
--- /dev/null
+++ b/template/jwt.html
@@ -0,0 +1,124 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>RCA JWT API</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+
+    <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/materialize.min.css">
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/materialize.min.js"></script>
+
+    <script src="http://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/hmac-sha512.js"></script>
+    <script src="http://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/components/enc-base64-min.js"></script>
+
+    <script>
+
+        function base64url(source) {
+            // Encode in classical base64
+            encodedSource = CryptoJS.enc.Base64.stringify(source);
+
+            // Remove padding equal characters
+            encodedSource = encodedSource.replace(/=+$/, '');
+
+            // Replace characters according to base64url specifications
+            encodedSource = encodedSource.replace(/\+/g, '-');
+            encodedSource = encodedSource.replace(/\//g, '_');
+
+            return encodedSource;
+        }
+
+        function generateToken() {
+            window.location = 'https://XXX.XXX.XXX/entreprise-partenaire/authorize?client_id=meg-test-interne&scope=user.read company.read accounting_firm.read sales&current_company=true&redirect_uri=http://localhost:8080/oauth/redirect'
+        }
+
+        function generate() {
+            var header = {
+                "alg": "HS512"
+            };
+
+            var data = {
+                "sub": document.getElementById('sub').value,
+                "exp": Math.floor(Date.now() / 1000) + 6 * 30 * 24 * 3600,
+		"roles": [
+    		    "RCA_CLOUD_EXPERT_COMPTABLE",
+		        "E_COLLECTE_BO_CREA",
+		        "E_CREATION_CREA",
+		        "E_QUESTIONNAIRE_CREA"
+	        ],
+                "id_entreprise": document.getElementById('id_entreprise').value,
+                "rcaPartnerId": document.getElementById('rcaPartnerId').value
+            };
+
+            var secret = document.getElementById('secret').value;
+            secret = CryptoJS.enc.Base64.parse(secret);
+
+            var stringifiedHeader = CryptoJS.enc.Utf8.parse(JSON.stringify(header));
+            var encodedHeader = base64url(stringifiedHeader);
+
+            var stringifiedData = CryptoJS.enc.Utf8.parse(JSON.stringify(data));
+            var encodedData = base64url(stringifiedData);
+
+            var signature = encodedHeader + "." + encodedData;
+            signature = CryptoJS.HmacSHA512(signature, secret);
+            signature = base64url(signature);
+
+            document.getElementById('jwt').value = encodedHeader + "." + encodedData + "." + signature;
+            M.updateTextFields();
+            M.textareaAutoResize(document.getElementById('jwt'));
+        }
+    </script>
+</head>
+
+<body>
+    <div class="container">
+        <div class="row">
+            <form class="col s12">
+                <div class="row">
+                    <div class="input-field col s12">
+                        <i class="material-icons prefix">account_circle</i>
+                        <input type="text" id="sub" name="sub" value="mbola.randriamamonjisoa+ec@rca.fr">
+                        <label for="name">Subject :</label>
+                    </div>
+                </div>
+                <div class="row">
+                    <div class="input-field col s12">
+                        <i class="material-icons prefix">account_balance</i>
+                        <input type="text" id="id_entreprise" name="id_entreprise" value="85422">
+                        <label for="name">Id entreprise :</label>
+                    </div>
+                </div>
+                <div class="row">
+                    <div class="input-field col s12">
+                        <i class="material-icons prefix">account_balance</i>
+                        <input type="text" id="rcaPartnerId" name="rcaPartnerId" value="agora-expert">
+                        <label for="name">ID partenaire RCA :</label>
+                    </div>
+                </div>
+                <div class="row">
+                    <div class="input-field col s12">
+                        <i class="material-icons prefix">fiber_pin</i>
+                        <input type="text" id="secret" name="secret" value="XXXXXXX">
+                        <label for="name">Secret :</label>
+                    </div>
+                </div>
+                <div class="row">
+                    <a class="waves-effect waves-light btn" onclick="generateToken();"><i class="material-icons left">cloud</i>Generer</a>
+                </div>
+            </form>
+        </div>
+        <div class="row">
+            <form class="col s12">
+                <div class="row">
+                    <div class="input-field col s12">
+                        <textarea id="jwt" class="materialize-textarea"></textarea>
+                        <label for="textarea1">JWT</label>
+                    </div>
+                </div>
+            </form>
+        </div>
+    </div>
+
+</body>
+
+</html>