diff --git a/frontend/bootloader.html b/frontend/bootloader.html
new file mode 100644
index 0000000..d54899e
--- /dev/null
+++ b/frontend/bootloader.html
@@ -0,0 +1,214 @@
+<!DOCTYPE HTML>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <!-- Component CSS -->
+    <style>
+      
+    </style>
+    <!-- /Component CSS -->
+    <!-- Page CSS -->
+    <style>
+      
+    </style>
+    <!-- /Page CSS -->
+    <!-- Head HTML -->
+    <!-- metro (baseComponent/metro) -->
+    <script src="https://cdn.jsdelivr.net/npm/@muze-nl/metro@0.6.19/dist/browser.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/@muze-nl/oldm@0.3.6/dist/oldm.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/@muze-nl/metro-oauth2@0.7.4/dist/browser.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/@muze-nl/metro-oidc@0.5.3/dist/browser.js"></script>
+    <!-- /Head HTML -->
+    <script>
+      var simplyDataApi = {};
+      var simplyApp = {};
+      window.addEventListener("simply-content-loaded", function() {
+        simply.bind = false;
+        /* Raw API */
+        var simplyRawApi = {
+          
+        };
+        /* End of Raw API */
+        /* Data API */
+        simplyDataApi = {
+          // component/solid-preferences
+          "getPreferences" : async function(webID){
+          
+            let issuer = ""
+            let profileTurtle
+          
+            const context = oldm.context({
+              prefixes: {
+                'ldp':    'http://www.w3.org/ns/ldp#',
+                'rdf':    'http://www.w3.org/1999/02/22-rdf-syntax-ns#',
+                'dct':    'http://purl.org/dc/terms/',
+                'stat':   'http://www.w3.org/ns/posix/stat#',
+                'turtle': 'http://www.w3.org/ns/iana/media-types/text/turtle#',
+                'schem':  'https://schema.org/',
+                'solid':  'http://www.w3.org/ns/solid/terms#',
+                'acl':    'http://www.w3.org/ns/auth/acl#',
+                'pims':   'http://www.w3.org/ns/pim/space#',
+                'vcard':  'http://www.w3.org/2006/vcard/ns#',
+                'foaf':   'http://xmlns.com/foaf/0.1/'
+              },
+              parser: oldm.n3Parser,
+              writer: oldm.n3Writer
+            })
+          
+            //fetch profile to retrieve issuer
+            const profileURL = webID;
+            try {
+              const responseProfile = await fetch(profileURL);
+              if (!responseProfile.ok) {
+                throw new Error(`Response status: ${responseProfile.status}`);
+              }
+              profileTurtle = await responseProfile.text();
+            } catch (error) {
+              console.error(error.message);
+            }  
+          
+            let podContent = context.parse(profileTurtle, webID, 'text/turtle')
+          
+            issuer = podContent.primary?.solid$oidcIssuer?.id  
+            let preferenceFileURL = podContent.primary?.pims$preferencesFile?.id
+          
+            const oidcOptions = {
+          //    authorize_callback: metro.oauth2.authorizePopup,
+              force_authorization: true,
+              client_info: {
+                client_name: 'Solid Bootloader',
+                redirect_uris: [
+                  window.location.origin + window.location.pathname
+                ]
+              },
+              issuer: issuer
+            }
+            if (window.location.protocol !== "https") {
+              // needed to allow app.simplyapp:// as redirect uri
+              oidcOptions['client_info']['application_type'] = 'native';
+            }
+          
+            let client = metro.client().with(metro.oidc.oidcmw(oidcOptions))
+          
+            let preferenceResponse = await client.get(preferenceFileURL)
+          
+            if (!preferenceResponse.ok) {
+              throw new Error(preferenceResponse.status+':'+preferenceResponse.statusText)
+            }
+          
+            const preferenceTurtle = await preferenceResponse.text()
+            let preferenceOLDM = context.parse(preferenceTurtle, preferenceFileURL, 'text/turtle')
+          
+            return preferenceOLDM
+          
+          },
+          // component/bootloader
+          "appLocation" : async function(webID){
+            let preferenceOLDM = await simplyDataApi.getPreferences(webID)
+            if (
+              preferenceOLDM.subjects[webID] &&
+              preferenceOLDM.subjects[webID].solid$launcher
+            ) {
+              return preferenceOLDM.subjects[webID].solid$launcher.id
+            } else {
+              return "https://solid-launcher.dev.muze.nl/"
+            }
+          }
+        };
+        /* End of Data API */
+        simplyApp = simply.app({
+          /* Actions */
+          actions: {
+            // component/bootloader
+            "getLauncherLocation" : async function (webID){
+            	let appLauncherPath = await simplyDataApi.appLocation(webID)
+                return appLauncherPath
+            }
+          },
+          /* /Actions */
+          /* Commands */
+          commands: {
+            
+          },
+          /* /Commands */
+          /* Keyboard shortcuts */
+          keyboard: {
+            
+          },
+          /* /Keyboard shortcuts */
+          /* Routes */
+          routes: {
+            // page/home
+            "#autologin/:webID" : async function(params) {
+              let webID = params.webID
+              webID = decodeURIComponent(webID)
+              localStorage['bootloader:webID'] = webID
+              let appLauncherPath = await simplyApp.actions.getLauncherLocation(webID)
+              document.location.href = appLauncherPath + "#autologin/" + encodeURIComponent(webID)
+            },
+            // page/home
+            "/" : async function() {
+              if (
+                document.location.search.match("code") ||
+                document.location.search.match("state")
+              ) {
+                let webID = localStorage['bootloader:webID']
+                let appLauncherPath = await simplyApp.actions.getLauncherLocation(webID)
+                document.location.href = appLauncherPath + "#autologin/" + encodeURIComponent(webID)
+              }
+            }
+          }
+          /* /Routes */
+        });
+      });
+      function clone(ob) {
+        return JSON.parse(JSON.stringify(ob));
+      }
+      function updateDataSource(name) {
+        document.querySelectorAll('[data-simply-data="'+name+'"]').forEach(function(list) {
+          editor.list.applyDataSource(list, name);
+          list.dataBindingPaused = 0;
+        });
+      }
+    </script>
+  </head>
+  <body>
+    <!-- Body HTML -->
+    
+    <!-- /Body HTML -->
+    <!-- Component HTML templates -->
+    
+    <!-- /Component HTML templates -->
+    <div class="main" data-simply-field="page" data-simply-content="template">
+    <!-- Page HTML templates -->
+    
+    <!-- /Page HTML templates -->
+    </div>
+    <script src="https://unpkg.com/simplyview@3.5.5/dist/simply.everything.js"></script>
+    <script src="https://canary.simplyedit.io/1/simply-edit.js" data-simply-storage="none" data-api-key="simply-edit-0011"></script>
+    <script>
+      /* Transformers */
+      editor.transformers = {
+        
+      };
+      /* /Transformers */
+    </script>
+    <script>
+      /* Sorters */
+      editor.sorters = {
+        
+      };
+      /* /Sorters */
+    </script>
+    <script>
+      window.addEventListener("simply-content-loaded", function() {
+        /* Data sources */
+        
+        /* /Data sources */
+      });
+    </script>
+    <!-- Foot HTML -->
+    
+    <!-- /Foot HTML -->
+  </body>
+</html>
\ No newline at end of file
diff --git a/lib/Routes/Account.php b/lib/Routes/Account.php
index 87ed8c8..6528da3 100644
--- a/lib/Routes/Account.php
+++ b/lib/Routes/Account.php
@@ -27,7 +27,7 @@ public static function requireLoggedInUser() {
 
 		public static function respondToDashboard() {
 			$user = User::getUser(Session::getLoggedInUser());
-			echo "Logged in as " . $user['webId'];
+			include_once(FRONTENDDIR . "bootloader.html");
 		}
 
 		public static function respondToLogout() {
@@ -170,8 +170,9 @@ public static function respondToLogin() {
 			}
 			if (User::checkPassword($_POST['username'], $_POST['password'])) {
 				Session::start($_POST['username']);
+				$user = User::getUser($_POST['username']);
 				if (!isset($_POST['redirect_uri']) || $_POST['redirect_uri'] === '') {
-					header("Location: /dashboard/");
+					header("Location: /dashboard/#autologin/" . urlencode($user['webId']));
 					exit();
 				}
 				header("Location: " . urldecode($_POST['redirect_uri'])); // FIXME: Do we need to harden this?
diff --git a/lib/Routes/SolidStorage.php b/lib/Routes/SolidStorage.php
index 5b90424..97ffe01 100644
--- a/lib/Routes/SolidStorage.php
+++ b/lib/Routes/SolidStorage.php
@@ -43,7 +43,7 @@ public static function respondToStorage() {
 			$owner = StorageServer::getOwner();
 
 			$allowedClients = $owner['allowedClients'] ?? [];
-			$allowedOrigins = [];
+			$allowedOrigins = TRUSTED_APPS ?? [];
 			foreach ($allowedClients as $clientId) {
 				$clientRegistration = ClientRegistration::getRegistration($clientId);
 				if (isset($clientRegistration['client_name'])) {
diff --git a/lib/Routes/SolidUserProfile.php b/lib/Routes/SolidUserProfile.php
index 287c7f8..e25221b 100644
--- a/lib/Routes/SolidUserProfile.php
+++ b/lib/Routes/SolidUserProfile.php
@@ -46,7 +46,7 @@ public static function respondToProfile() {
 			$owner = ProfileServer::getOwner();
 
 			$allowedClients = $owner['allowedClients'] ?? [];
-			$allowedOrigins = [];
+                        $allowedOrigins = TRUSTED_APPS ?? [];
 			foreach ($allowedClients as $clientId) {
 				$clientRegistration = ClientRegistration::getRegistration($clientId);
 				if (isset($clientRegistration['client_name'])) {
diff --git a/lib/StorageServer.php b/lib/StorageServer.php
index 12ac7d0..5c56eb0 100644
--- a/lib/StorageServer.php
+++ b/lib/StorageServer.php
@@ -237,14 +237,13 @@ public static function generateDefaultPreferences() {
 @prefix : <#>.
 @prefix sp: <http://www.w3.org/ns/pim/space#>.
 @prefix dct: <http://purl.org/dc/terms/>.
-@prefix profile: <$webId>.
 @prefix solid: <http://www.w3.org/ns/solid/terms#>.
 
 <>
 	a sp:ConfigurationFile;
 	dct:title "Preferences file".
 
-profile:me
+<$webId>
 	a solid:Developer;
 	solid:privateTypeIndex <privateTypeIndex.ttl>;
 	solid:publicTypeIndex <publicTypeIndex.ttl>.