diff --git a/Gemfile b/Gemfile
index 3db2165..de1ffcf 100644
--- a/Gemfile
+++ b/Gemfile
@@ -10,6 +10,7 @@ gem 'jbuilder', '~> 2.6'
 gem 'jquery-rails'
 gem 'json', '~> 2.0.2'
 gem 'normalize-rails'
+gem 'oauth2'
 gem 'puma', '~> 3.0'
 gem 'sass-rails', '~> 5.0'
 gem 'settingslogic', '~> 2.0.9'
diff --git a/Gemfile.lock b/Gemfile.lock
index c58f802..59ee7eb 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -57,6 +57,8 @@ GEM
     erubis (2.7.0)
     eventmachine (1.2.0.1)
     execjs (2.7.0)
+    faraday (0.9.2)
+      multipart-post (>= 1.2, < 3)
     ffi (1.9.14)
     figaro (1.1.1)
       thor (~> 0.14)
@@ -99,6 +101,7 @@ GEM
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
     json (2.0.2)
+    jwt (1.5.1)
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -120,6 +123,8 @@ GEM
       minitest (>= 5.0)
       ruby-progressbar
     multi_json (1.12.1)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
     mysql2 (0.4.4)
     nenv (0.3.0)
     nio4r (1.2.1)
@@ -130,6 +135,12 @@ GEM
     notiffany (0.1.1)
       nenv (~> 0.1)
       shellany (~> 0.0)
+    oauth2 (1.2.0)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 1.0)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (>= 1.2, < 3)
     parser (2.3.1.2)
       ast (~> 2.2)
     pkg-config (1.1.7)
@@ -253,6 +264,7 @@ DEPENDENCIES
   minitest-reporters
   mysql2 (>= 0.3.18, < 0.5)
   normalize-rails
+  oauth2
   pry-byebug
   pry-rails
   puma (~> 3.0)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1c07694..5ab006f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,3 +1,11 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
+
+  before_action :verify_session
+
+  private
+
+    def verify_session
+      redirect_to logout_path and return if session[:token].nil?
+    end
 end
diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb
new file mode 100644
index 0000000..ee7b2f4
--- /dev/null
+++ b/app/controllers/auth_controller.rb
@@ -0,0 +1,40 @@
+class AuthController < ApplicationController
+  skip_before_action :verify_session
+
+  def login
+  end
+
+  def logout
+    session.destroy
+    redirect_to login_path
+  end
+
+  def auth
+    redirect_to client.auth_code.authorize_url(redirect_uri: ENV['gitlab_callback'])
+  end
+
+  def callback
+    access_token = client.auth_code.get_token(params[:code], redirect_uri: ENV['gitlab_callback'])
+    session[:token] = access_token.token
+    user_info(access_token)
+
+    redirect_to accounts_path
+  end
+
+  private
+
+    def user_info access_token
+      @user_info ||= JSON.parse(access_token.get(ENV['gitlab_oauth'] + '/api/v3/user').body)
+      session[:name] = @user_info['name']
+      session[:avatar] = @user_info['avatar_url']
+      session[:admin] = @user_info['is_admin']
+    end
+
+    def client
+      OAuth2::Client.new(
+        ENV['gitlab_client'],
+        ENV['gitlab_secret'],
+        site: ENV['gitlab_oauth']
+      )
+    end
+end
diff --git a/app/views/auth/login.erb b/app/views/auth/login.erb
new file mode 100644
index 0000000..2d1d14c
--- /dev/null
+++ b/app/views/auth/login.erb
@@ -0,0 +1 @@
+<%= link_to "Authenticate with gitlab", auth_path %>
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 1574739..71b8c52 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -4,11 +4,14 @@
     <title>FtpManager</title>
     <%= csrf_meta_tags %>
 
-    <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track': 'reload' %>
+    <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %>
     <%= javascript_include_tag 'application', 'data-turbolinks-track': 'reload' %>
   </head>
 
   <body>
+    <header>
+      <p>Welcome <%= session[:name] %></p>
+    </header>
     <%= yield %>
   </body>
 </html>
diff --git a/config/application.yml.sample b/config/application.yml.sample
index 4fea521..fd0b986 100644
--- a/config/application.yml.sample
+++ b/config/application.yml.sample
@@ -5,6 +5,10 @@ defaults: &defaults
   mysql_usr: "user"
   mysql_pwd: "password"
   full_app_url: "localhost:3000"
+  gitlab_oauth: provider-url
+  gitlab_client: client-id
+  gitlab_secret: client-secret
+  gitlab_callback: local-callback
 
 development:
   <<: *defaults
diff --git a/config/routes.rb b/config/routes.rb
index 16857e9..ba456e8 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,6 +1,12 @@
 Rails.application.routes.draw do
-  resources :accounts
   get 'accounts/reveal/:id', to: 'accounts#reveal', as: :reveal_password
+  resources :accounts
 
+  get "logout", to: "auth#logout", as: :logout
+  get "login", to: "auth#login", as: :login
+  get "auth", to: "auth#auth", as: :auth
+  get "auth/callback", to: 'auth#callback'
+
+  root to: "accounts#index"
   # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
 end
diff --git a/test/controllers/accounts_controller_test.rb b/test/controllers/accounts_controller_test.rb
index 1fedc48..2b6d658 100644
--- a/test/controllers/accounts_controller_test.rb
+++ b/test/controllers/accounts_controller_test.rb
@@ -3,6 +3,9 @@ require 'test_helper'
 class AccountsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @account = accounts(:account1)
+    # get login_path
+    # session[:token] = 'fake-oauth-token'
+    # session[:name] = "Fake User"
   end
 
   test "should get index" do
diff --git a/test/controllers/auth_controller_test.rb b/test/controllers/auth_controller_test.rb
new file mode 100644
index 0000000..928f072
--- /dev/null
+++ b/test/controllers/auth_controller_test.rb
@@ -0,0 +1,8 @@
+require 'test_helper'
+
+class AuthControllerTest < ActionDispatch::IntegrationTest
+  # test "should get auth" do
+  #   get auth_url
+  #   assert_response :redirect
+  # end
+end