diff --git a/build.sbt b/build.sbt
index 49c579b..a799b1f 100644
--- a/build.sbt
+++ b/build.sbt
@@ -6,3 +6,4 @@ libraryDependencies += "com.lihaoyi" %% "upickle" % "3.1.2"
 libraryDependencies += "com.lihaoyi" %% "requests" % "0.8.0"
 libraryDependencies += "com.lihaoyi" %% "cask" % "0.9.1"
 libraryDependencies += "com.lihaoyi" %% "mainargs" % "0.5.0"
+libraryDependencies += "org.thymeleaf" % "thymeleaf" % "3.1.1.RELEASE"
diff --git a/src/main/resources/templates/redirect.html b/src/main/resources/templates/redirect.html
new file mode 100644
index 0000000..0d2198a
--- /dev/null
+++ b/src/main/resources/templates/redirect.html
@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html class="no-js" lang="">
+  <head>
+    <meta charset="utf-8" />
+    <meta http-equiv="x-ua-compatible" content="ie=edge" />
+    <title>Will redirect</title>
+    <meta name="description" content="" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+
+    <meta http-equiv="refresh" content="0; url='/'"
+          th:content="|${redirectAfter}; url='${redirectTo}'|"
+    />
+    <link rel="apple-touch-icon" href="/apple-touch-icon.png" />
+    <!-- Place favicon.ico in the root directory -->
+  </head>
+  <body>
+    <!--[if lt IE 8]>
+      <p class="browserupgrade">
+        You are using an <strong>outdated</strong> browser. Please
+        <a href="http://browsehappy.com/">upgrade your browser</a> to improve
+        your experience.
+      </p>
+    <![endif]-->
+    <p
+        th:text="${message}"
+    >You will be redirected soon!</p>
+  </body>
+</html>
diff --git a/src/main/scala/example/AuthService.scala b/src/main/scala/example/AuthService.scala
index 8de9380..18b14ec 100644
--- a/src/main/scala/example/AuthService.scala
+++ b/src/main/scala/example/AuthService.scala
@@ -5,6 +5,9 @@ import example.pocketbase.Api
 import upickle.default._
 import example.pocketbase.Models._
 import java.time.Instant
+import org.thymeleaf.TemplateEngine
+import org.thymeleaf.templateresolver.ClassLoaderTemplateResolver
+import org.thymeleaf.context.{Context => PageContext}
 
 case class AuthService()(implicit cc: castor.Context, log: cask.Logger)
     extends cask.Routes {
@@ -17,23 +20,14 @@ case class AuthService()(implicit cc: castor.Context, log: cask.Logger)
     authCookieOpt match {
       case None =>
         println("cookie was None")
-        val redirectingHtml = """
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta http-equiv="refresh" content="0; url='/login'" />
-  </head>
-  <body>
-    <p>You will be redirected to w3docs.com soon!</p>
-  </body>
-</html>
-"""
+        val redirectToLogin = renderRedirectPage(
+          "/login", "You will be redirected to login page soon", 0
+        )
         cask.Response(
-          redirectingHtml,
+          redirectToLogin,
           200,
           Seq(
             "Content-Type" -> "text/html;charset=UTF-8",
-            "Cache-Control" -> "Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate"
           )
         )
       case Some(authCookie) =>
@@ -151,19 +145,12 @@ case class AuthService()(implicit cc: castor.Context, log: cask.Logger)
         )
       case Some(result) =>
         // this is already fully successful auth
-        val redirectingHtml = """
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta http-equiv="refresh" content="0; url='/login'" />
-  </head>
-  <body>
-    <p>Successful authorization, you will be redirected to main page soon.</p>
-  </body>
-</html>
-"""
+        val redirectToIndex = renderRedirectPage(
+          "/", "You will be redirected to home page soon", 0
+        )
+
         cask.Response(
-          redirectingHtml,
+          redirectToIndex,
           headers = Seq("Content-Type" -> "text/html;charset=UTF-8"),
           cookies = Seq(
             cask.Cookie(
@@ -181,18 +168,6 @@ case class AuthService()(implicit cc: castor.Context, log: cask.Logger)
         )
     }
 
-    /*
-     *
-     get provider from path param, get verifiers and state from cookie,
-if cookie not present - abort,
-if state doesn't fit one from redirect params - abort
-issue 'auth with oauth 2' and based on response code - set the cookie with jwt
-
-and delete the state\verifiers cookie
-
-but then what? i guess call for redirect to root page again?
-which should trigger auth check and main page render?
-     */
     okMessageFirst
   }
 
@@ -207,6 +182,17 @@ object AuthService {
   // but if cookie is under https, should be ok
   val oauthVerifiersCookieName = "oauthVerifiers"
 
+  val templateEngine = {
+    val templateResolver = new ClassLoaderTemplateResolver()
+    templateResolver.setPrefix("templates/");
+    templateResolver.setSuffix(".html")
+    templateResolver.setTemplateMode("HTML5")
+
+    val templateEngine = new TemplateEngine()
+    templateEngine.setTemplateResolver(templateResolver)
+    templateEngine
+  }
+
   val pocketbaseApi = Api("http://127.0.0.1:8090")
   val selfUri = "http://127.0.0.1:8080"
 
@@ -221,4 +207,22 @@ object AuthService {
    */
   def getRedirectUrl(provider: String): String =
     s"${selfUri}${baseRedirectUrl}/${provider}"
+
+  /*
+   * this is a page of my site that does redirecting
+   * from index to register
+   * or from oauth provider redirect landing to index
+   */
+  def renderRedirectPage(
+      redirectTo: String,
+      message: String,
+      redirectAfter: Int = 0
+  ): String = {
+    val context = new PageContext()
+    context.setVariable("redirectTo", redirectTo)
+    context.setVariable("message", message)
+    context.setVariable("redirectAfter", redirectAfter)
+    templateEngine.process("redirect", context)
+  }
+
 }