diff --git a/.htaccess b/.htaccess
index b91932b..80f08ce 100644
--- a/.htaccess
+++ b/.htaccess
@@ -2,4 +2,5 @@
 <IfModule mod_rewrite.c>
     RewriteEngine on
     RewriteRule index.php/apps/notes/api/v0.2 lib/nextcloudnotes.php [PT]
+    RewriteRule index.php/login/flow lib/nextcloudlogin.php [PT]
 </IfModule>
\ No newline at end of file
diff --git a/lib/nextcloudlogin.php b/lib/nextcloudlogin.php
new file mode 100644
index 0000000..40e5894
--- /dev/null
+++ b/lib/nextcloudlogin.php
@@ -0,0 +1,142 @@
+<?php
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+require __DIR__ . "/../required.php";
+
+header("Content-Security-Policy: default-src '*';");
+header('Access-Control-Allow-Origin: *');
+
+$redirecttologin = false;
+
+$urlbase = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . (($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) ? ":" . $_SERVER['SERVER_PORT'] : "");
+$appurl = $urlbase . str_replace("lib/nextcloudlogin.php", "", str_replace("index.php/login/flow", "", $_SERVER["REQUEST_URI"]));
+$thisurl = $urlbase . $_SERVER["REQUEST_URI"];
+$iconurl = $appurl . "static/img/logo.svg";
+
+/**
+ * Show a simple HTML page with a line of text and a button.  Matches the UI of
+ * the AccountHub login flow.
+ *
+ * @global type $SETTINGS
+ * @global type $SECURE_NONCE
+ * @global type $Strings
+ * @param string $title Text to show, passed through i18n
+ * @param string $button Button text, passed through i18n
+ * @param string $url URL for the button
+ */
+function showHTML(string $title, string $button, string $url) {
+    global $SETTINGS, $SECURE_NONCE, $Strings;
+    ?>
+    <!DOCTYPE html>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+
+    <title><?php echo $SETTINGS['site_title']; ?></title>
+
+    <link rel="icon" href="static/img/logo.svg">
+
+    <link href="static/css/bootstrap.min.css" rel="stylesheet">
+    <style nonce="<?php echo $SECURE_NONCE; ?>">
+        .display-5 {
+            font-size: 2.5rem;
+            font-weight: 300;
+            line-height: 1.2;
+        }
+
+        .banner-image {
+            max-height: 100px;
+            margin: 2em auto;
+            border: 1px solid grey;
+            border-radius: 15%;
+        }
+    </style>
+
+    <div class="container mt-4">
+        <div class="row justify-content-center">
+            <div class="col-12 text-center">
+                <img class="banner-image" src="./static/img/logo.svg" />
+            </div>
+
+            <div class="col-12 text-center">
+                <h1 class="display-5 mb-4"><?php $Strings->get($title); ?></h1>
+            </div>
+
+            <?php if (!empty($button)) { ?>
+                <div class="col-12 col-sm-8 col-lg-6">
+                    <div class="card mt-4">
+                        <div class="card-body">
+                            <a href="<?php echo $url; ?>" class="btn btn-primary btn-block"><?php $Strings->get($button); ?></a>
+                        </div>
+                    </div>
+                </div>
+            <?php } ?>
+        </div>
+    </div>
+    <?php
+}
+
+if (empty($_SESSION["login_code"])) {
+    $redirecttologin = true;
+} else {
+    try {
+        $uidinfo = AccountHubApi::get("checkloginkey", ["code" => $_SESSION["login_code"]]);
+        
+        if ($uidinfo["status"] == "ERROR") {
+            throw new Exception();
+        }
+        if (is_numeric($uidinfo['uid'])) {
+            $user = new User($uidinfo['uid'] * 1);
+            foreach ($SETTINGS['permissions'] as $perm) {
+                if (!$user->hasPermission($perm)) {
+                    showHTML("no access permission", "", "");
+                    die();
+                }
+            }
+
+            $addpassresp = AccountHubApi::get(
+                            "addapppassword",
+                            [
+                                "desc" => $SETTINGS["site_title"] . " - Nextcloud Notes API",
+                                "username" => $user->getUsername()
+                            ],
+                            true
+            );
+
+            $_SESSION["login_code"] = null;
+
+            $redirecturl = "nc://login/server:" . htmlentities($appurl) . "&user:" . htmlentities($user->getUsername()) . "&password:" . htmlentities($addpassresp["pass"]);
+
+            header("Location: $redirecturl");
+            die("<a href='$redirecturl'>Click here</a>");
+        } else {
+            throw new Exception();
+        }
+    } catch (Exception $ex) {
+        $redirecttologin = true;
+    }
+}
+
+if ($redirecttologin) {
+    try {
+        $codedata = AccountHubApi::get("getloginkey", ["appname" => $SETTINGS["site_title"], "appicon" => $iconurl]);
+
+        if ($codedata['status'] != "OK") {
+            throw new Exception($Strings->get("login server unavailable", false));
+        }
+
+        $_SESSION["login_code"] = $codedata["code"];
+
+        $locationurl = $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($thisurl);
+
+        header("Location: $locationurl");
+        showHTML("Continue", "Continue", $locationurl);
+        die();
+    } catch (Exception $ex) {
+        sendError($ex->getMessage());
+    }
+}
\ No newline at end of file