diff --git a/auth.py b/auth.py
index 72818b5..3c4f13c 100644
--- a/auth.py
+++ b/auth.py
@@ -280,10 +280,11 @@ class LoginForm(FlaskForm):
     password = PasswordField('password', validators=[DataRequired()])
 
 
+@app.route('/')
 @app.route('/profile')
 @login_required
 def profile():
-    return 'You are logged in as {}'.format(current_user.email)
+    return render_template('profile.html', tokens=Token.query.filter(Token.user == current_user.username))
 
 
 @app.route('/token/<int:id>/revoke', methods=['POST'])
diff --git a/static/css/authorize.css b/static/css/authorize.css
index 1bb8266..6695764 100644
--- a/static/css/authorize.css
+++ b/static/css/authorize.css
@@ -22,3 +22,8 @@ body {
     font-size: 14px;
 }
 
+td.placeholder {
+    text-align: center;
+    font-style: italic;
+    opacity: 0.5;
+}
diff --git a/templates/profile.html b/templates/profile.html
new file mode 100644
index 0000000..60affb1
--- /dev/null
+++ b/templates/profile.html
@@ -0,0 +1,45 @@
+{% extends "base.html" %}
+
+{% block content %}
+    <div class="container">
+        <div class="col-md-8 col-md-offset-2">
+            <h2 class="page-title">
+                Hey, <b>{{ current_user.gecos }}</b>!
+                <small class="pull-right"><a href="/logout" class="btn btn-default btn-sm">Logout</a></small>
+            </h2>
+            <h3>Approved applications</h3>
+            <table class="table table-striped">
+                <thead>
+                    <tr>
+                        <th>Application name</th>
+                        <th>Scopes</th>
+                        <th>Expires</th>
+                        <th></th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {% for token in tokens %}
+                        <tr>
+                            <td>
+                                {% if token.client.approved %}<small title="This application is approved."><i class="glyphicon glyphicon-ok-circle text-success"></i></small>{% endif %}
+                                {{ token.client.name }}
+                            </td>
+                            <td>
+                                {% for scope in token.scopes %}<code>{{ scope }}</code> {% endfor %}
+                            </td>
+                            <td>{{ token.expires }}</td>
+                            <td>
+                                <form class="text-right" method="post" action="{{ url_for('token_revoke', id=token.id) }}">
+                                    {# FIXME <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>#}
+                                    <button class="btn btn-danger btn-xs">Revoke <i class="glyphicon glyphicon-remove"></i></button>
+                                </form>
+                            </td>
+                        </tr>
+                    {% else %}
+                        <tr><td colspan=4 class="placeholder">No authorized applications yet</td></tr>
+                    {% endfor %}
+                </tbody>
+            </table>
+        </div>
+    </div>
+{% endblock %}