diff --git a/server/cli/src/main.rs b/server/cli/src/main.rs
index 1c1502c..00ab251 100644
--- a/server/cli/src/main.rs
+++ b/server/cli/src/main.rs
@@ -39,7 +39,7 @@ fn main() {
         .get_matches();
 
     let client_id = matches.value_of("client_id").unwrap();
-    let secret = matches.value_of("client_id").unwrap();
+    let secret = matches.value_of("secrect").unwrap();
     let _eng = DummyEngine {};
     let _podman_eng = PodmanEngine::new(env::current_dir().unwrap());
     //let exectuor = NixIdeManageService::new(Box::new(eng));
@@ -53,7 +53,8 @@ fn main() {
                 v1_open_gitlab,
                 v1_open_inquirer_github,
                 v1_open_inquirer_gitlab,
-                v1_ide_state
+                v1_ide_state,
+                v1_open_oath
             ],
         )
         .manage(exectuor)
diff --git a/server/lib/src/lib.rs b/server/lib/src/lib.rs
index 8482d83..1c5eaf3 100644
--- a/server/lib/src/lib.rs
+++ b/server/lib/src/lib.rs
@@ -38,6 +38,7 @@ use std::cell::{
 use oauth2::{
     AuthorizationCode,
     AuthUrl,
+    AuthType,
     ClientId,
     ClientSecret,
     CsrfToken,
@@ -81,8 +82,13 @@ pub trait NixIdeManageServiceEngine {
     fn start_open(&self, ide_id: &str, param: &OpenGitParam) -> Result<IdeState, Status>;
 }
 
+pub struct  OAuthData{
+    verifier : PkceCodeVerifier,
+    client : BasicClient
+}
+
 pub struct RunningData{
-    tokensMap : HashMap<String, PkceCodeVerifier>
+    tokensMap : HashMap<String, OAuthData>
 }
 pub struct NixIdeManageService {
     eng: RefCell<Box<dyn NixIdeManageServiceEngine>>,
@@ -207,6 +213,24 @@ pub fn v1_open_inquirer_git(
         })
 }
 
+#[openapi]
+#[get("/open?<state>&<code>")]
+pub fn v1_open_oath(
+    state: String,
+    code: String,
+    srv: State<NixIdeManageService>,
+) {
+
+    let data =srv.data.borrow_mut().tokensMap.remove(&state).unwrap();
+    let token_result =  data.client
+        .set_auth_type(AuthType::RequestBody)
+        .exchange_code(AuthorizationCode::new(code))
+        .set_pkce_verifier(data.verifier)
+        .request(http_client).unwrap();
+
+    println!("token to: {:#?}", token_result);
+}
+
 #[openapi]
 #[get("/state/<ide_id>")]
 pub fn v1_ide_state(
@@ -242,6 +266,7 @@ pub fn v1_open_inquirer_gitea(
         ref_name,
     };
 
+    println!("secret {:#?}", ClientSecret::new(srv.secret.clone()));
     // Create an OAuth2 client by specifying the client ID, client secret, authorization URL and
     // token URL.
     let client =
@@ -252,7 +277,7 @@ pub fn v1_open_inquirer_gitea(
         Some(TokenUrl::new("https://gitea.stubbe.rocks/login/oauth/access_token".to_string()).unwrap())
     )
     // Set the URL the user will be redirected to after the authorization process.
-    .set_redirect_url(RedirectUrl::new("https://cloud.stubbe.rocks/login".to_string()).unwrap());
+    .set_redirect_url(RedirectUrl::new("http://localhost:8000/api/v1/open".to_string()).unwrap());
 
     // Generate a PKCE challenge.
     let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256();
@@ -271,7 +296,7 @@ pub fn v1_open_inquirer_gitea(
     // process.
     println!("Browse to: {}", auth_url);
 
-    srv.data.borrow_mut().tokensMap.insert(csrf_token.secret().clone(), pkce_verifier);
+    srv.data.borrow_mut().tokensMap.insert(csrf_token.secret().clone(), OAuthData { verifier: pkce_verifier, client : client});
     Ok(SeeOtherResponse(format!("{}", auth_url)))
     // Once the user has been redirected to the redirect URL, you'll have access to the
     // authorization code. For security reasons, your code should verify that the `state`