diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a004dd8
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+*.py[oc]
+*.sqlite3
+*.cfg
diff --git a/auth.py b/auth.py
index 3c4f13c..64f5eae 100644
--- a/auth.py
+++ b/auth.py
@@ -189,9 +189,8 @@ def load_token(access_token=None, refresh_token=None):
 
 @oauth.tokensetter
 def save_token(token, request, *args, **kwargs):
-    print request
     toks = Token.query.filter_by(client_id=request.client.client_id,
-                                 user=current_user.username)
+                                 user=request.user)
     # make sure that every client has only one token connected to a user
     for t in toks:
         db.session.delete(t)
@@ -206,7 +205,7 @@ def save_token(token, request, *args, **kwargs):
         _scopes=token['scope'],
         expires=expires,
         client_id=request.client.client_id,
-        user=current_user.username,
+        user=request.user,
     )
     db.session.add(tok)
     db.session.commit()
@@ -228,7 +227,7 @@ def authorize(*args, **kwargs):
     return confirm == 'yes'
 
 
-@app.route('/oauth/token')
+@app.route('/oauth/token', methods=['GET', 'POST'])
 @oauth.token_handler
 def access_token():
     return None
@@ -300,19 +299,20 @@ def token_revoke(id):
 @app.route('/login', methods=['GET', 'POST'])
 def login():
     form = LoginForm()
+    next = flask.request.args.get('next')
     if form.validate_on_submit():
         username, password = form.data['username'], form.data['password']
         if not check_credentials(username, password):
             flash('Invalid username or password')
-            return render_template('login_oauth.html', form=form)
+            return render_template('login_oauth.html', form=form, next=next)
 
         login_user(LDAPUserProxy(username))
 
         flash('Logged in successfully.')
 
-        next = request.args.get('next')
         return redirect(next or url_for('profile'))
-    return render_template('login_oauth.html', form=form)
+
+    return render_template('login_oauth.html', form=form, next=next)
 
 @app.route('/logout')
 def logout():
@@ -326,6 +326,7 @@ def load_user(user_id):
 
 
 @app.route('/api/profile')
+@app.route('/api/1/profile')
 @oauth.require_oauth('profile:read')
 def api_profile():
     user = LDAPUserProxy(flask.request.oauth.user)
diff --git a/templates/login_oauth.html b/templates/login_oauth.html
index 597aa9f..30fccaf 100644
--- a/templates/login_oauth.html
+++ b/templates/login_oauth.html
@@ -3,7 +3,7 @@
 {% block content %}
   <div class="container" id="login-container">
     <center><img src="/static/hswaw_wht.svg" style="width: 50%;"/></center>
-    <form class="form-signin" method="POST" action="/login">
+    <form class="form-signin" method="POST" action="/login?next={{next|urlencode}}">
       {{ form.csrf_token }}
       <h2 class="form-signin-heading">Please sign in</h2>
       <label for="inputUsername" class="sr-only">Username</label>