diff --git a/rowers/models.py b/rowers/models.py
index 5ddc51dc..30cbfc78 100644
--- a/rowers/models.py
+++ b/rowers/models.py
@@ -5365,3 +5365,14 @@ class ForceCurveAnalysis(models.Model):
                                                                 date = self.date)
 
         return s
+
+class iDokladToken(models.Model):
+    access_token = models.CharField(max_length=512)
+    refresh_token = models.CharField(max_length=512)
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+    expires_in = models.IntegerField()  # Store token expiry duration in seconds
+    
+    def __str__(self):
+        return f"iDoklad Token updated at {self.updated_at}"
+    
diff --git a/rowers/views/paymentviews.py b/rowers/views/paymentviews.py
index 904e0487..6efb02d8 100644
--- a/rowers/views/paymentviews.py
+++ b/rowers/views/paymentviews.py
@@ -8,8 +8,32 @@ from django.core.mail import EmailMessage
 
 from rowers import credits
 
+@login_required()
+def rower_idoklad_auth(request):
+    state=str(uuid4())
+    
+    params = {
+        "client_id":IDOKLAD_CLIENT_ID,
+        "response_type": "code",
+        "redirect_uri": IDOKLAD_REDIRECT_URI,
+        "scope": "idoklad_api offline_access",
+    }
+
+    url = "https://identity.idoklad.cz/server/connect/authorize?"+urllib.parse.urlencode(params)
+    
+    return HttpResponseRedirect(url)
+
 def process_idokladcallback(request):
     dologging('idoklad.log',' /rowers/idokladcallback/')
+
+    try:
+        code = request.GET['code']
+    except KeyError:
+        error = request.GET['error']
+        messages.error(request,error)
+        return HttpResponseRedirect(reverse('workouts_view'))
+
+    
     
     return HttpResponse('')