diff --git a/lemonauth/migrations/0001_initial.py b/lemonauth/migrations/0001_initial.py
new file mode 100644
index 0000000..f9b1a7f
--- /dev/null
+++ b/lemonauth/migrations/0001_initial.py
@@ -0,0 +1,28 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.6 on 2017-10-29 05:05
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='IndieAuthCode',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('code', models.CharField(max_length=64, unique=True)),
+                ('me', models.CharField(max_length=255)),
+                ('client_id', models.CharField(max_length=255)),
+                ('redirect_uri', models.CharField(max_length=255)),
+                ('response_type', models.CharField(choices=[('id', 'id'), ('code', 'code')], default='id', max_length=4)),
+                ('scope', models.CharField(blank=True, max_length=200)),
+            ],
+        ),
+    ]
diff --git a/lemonauth/migrations/__init__.py b/lemonauth/migrations/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/lemonauth/models.py b/lemonauth/models.py
new file mode 100644
index 0000000..1225811
--- /dev/null
+++ b/lemonauth/models.py
@@ -0,0 +1,29 @@
+from django.db import models
+from secrets import token_hex
+
+
+class IndieAuthCodeManager(models.Manager):
+    def create_from_dict(self, d):
+        code = self.create(
+            me=d['me'],
+            client_id=d['client_id'],
+            redirect_uri=d['redirect_uri'],
+            response_type=d.get('response_type', 'id'),
+            scope=d.get('scope', ''),
+        )
+        code.code = token_hex(32)
+        return code
+
+
+class IndieAuthCode(models.Model):
+    objects = IndieAuthCodeManager()
+    code = models.CharField(max_length=64, unique=True)
+    me = models.CharField(max_length=255)
+    client_id = models.CharField(max_length=255)
+    redirect_uri = models.CharField(max_length=255)
+    response_type = models.CharField(
+        max_length=4,
+        choices=(('id', 'id'), ('code', 'code')),
+        default='id',
+    )
+    scope = models.CharField(max_length=200, blank=True)
diff --git a/lemonauth/views/indie.py b/lemonauth/views/indie.py
index a7d584c..d899a67 100644
--- a/lemonauth/views/indie.py
+++ b/lemonauth/views/indie.py
@@ -3,12 +3,14 @@ import mf2py
 from annoying.decorators import render_to
 from django.contrib.auth.decorators import login_required
 from django.http import HttpResponseForbidden, HttpResponseBadRequest
-from django.http import JsonResponse
+from django.shortcuts import redirect
 from django.utils.decorators import method_decorator
 from django.views.generic import TemplateView
 from django.views.decorators.http import require_POST
 from lemoncurry import breadcrumbs, utils
-from urllib.parse import urljoin, urlunparse, urlparse
+from urllib.parse import urlencode, urljoin, urlunparse, urlparse
+
+from ..models import IndieAuthCode
 
 breadcrumbs.add('lemonauth:indie', label='indieauth', parent='home:index')
 
@@ -70,4 +72,10 @@ class IndieView(TemplateView):
 @login_required
 @require_POST
 def approve(request):
-    return JsonResponse(request.POST)
+    post = request.POST.dict()
+    code = IndieAuthCode.objects.create_from_dict(post)
+    code.save()
+    params = {'code': code.code, 'me': code.me}
+    if 'state' in post:
+        params['state'] = post['state']
+    return redirect(code.redirect_uri + '?' + urlencode(params))