diff --git a/app/Http/Controllers/Auth/HydraCallback.php b/app/Http/Controllers/Auth/HydraCallback.php
new file mode 100644
index 0000000..16fb0ae
--- /dev/null
+++ b/app/Http/Controllers/Auth/HydraCallback.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use Illuminate\Http\Request;
+use Ory\Hydra\Client\Api\PublicApi;
+
+class HydraCallback
+{
+    public function __invoke(Request $request, PublicApi $hydra)
+    {
+        $error = $request->input('error');
+
+        if (null !== $error) {
+            return match ($error) {
+                'access_denied' => response('使用者拒絕授權'),
+                default => response('未知的 error: ' . $error),
+            };
+        }
+
+        $redirectUri = 'http://127.0.0.1:8000/callback';
+
+        try {
+            $tokenResponse = $hydra->oauth2Token(
+                grantType: 'authorization_code',
+                code: $request->input('code'),
+                redirectUri: $redirectUri
+            );
+        } catch (\Throwable $e) {
+            dump($e);
+            return response('請求 Token 失敗');
+        }
+
+        dump(json_decode((string)$tokenResponse, true));
+
+        return response('拿到身分驗證回應了');
+    }
+}
diff --git a/app/Http/Controllers/Auth/HydraLogin.php b/app/Http/Controllers/Auth/HydraLogin.php
new file mode 100644
index 0000000..d31ca31
--- /dev/null
+++ b/app/Http/Controllers/Auth/HydraLogin.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Redirect;
+
+class HydraLogin
+{
+    public function __invoke(): RedirectResponse
+    {
+        $authorizeUri = 'http://127.0.0.1:4444/oauth2/auth';
+
+        $query = Arr::query([
+            'client_id' => 'my-rp',
+            'redirect_uri' => 'http://127.0.0.1:8000/callback',
+            'scope' => 'openid',
+            'response_type' => 'code',
+            'state' => '1a2b3c4d',
+        ]);
+
+        $authenticationRequest = $authorizeUri . '?' . $query;
+
+        Log::info('Authentication Request: ' . $authenticationRequest);
+
+        return Redirect::away($authenticationRequest);
+    }
+}
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 2789814..71b6ae6 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -4,6 +4,7 @@
 
 use Illuminate\Support\ServiceProvider;
 use Ory\Hydra\Client\Api\AdminApi;
+use Ory\Hydra\Client\Api\PublicApi;
 
 class AppServiceProvider extends ServiceProvider
 {
@@ -14,8 +15,18 @@ class AppServiceProvider extends ServiceProvider
      */
     public function register()
     {
+$this->app->singleton(PublicApi::class, function () {
+    return tap(new PublicApi(), function (PublicApi $instance) {
+        $instance->getConfig()
+            ->setHost('http://127.0.0.1:4444')
+            ->setUsername('my-rp')
+            ->setPassword('my-secret')
+            ->setAccessToken(null);
+    });
+});
+
         $this->app->singleton(AdminApi::class, function () {
-            return tap(new AdminApi(), function ($instance) {
+            return tap(new AdminApi(), function (AdminApi $instance) {
                 $instance->getConfig()->setHost('http://127.0.0.1:4445');
             });
         });
diff --git a/routes/auth.php b/routes/auth.php
index b702e4f..291085b 100644
--- a/routes/auth.php
+++ b/routes/auth.php
@@ -4,6 +4,8 @@
 use App\Http\Controllers\Auth\ConfirmablePasswordController;
 use App\Http\Controllers\Auth\EmailVerificationNotificationController;
 use App\Http\Controllers\Auth\EmailVerificationPromptController;
+use App\Http\Controllers\Auth\HydraCallback;
+use App\Http\Controllers\Auth\HydraLogin;
 use App\Http\Controllers\Auth\NewPasswordController;
 use App\Http\Controllers\Auth\PasswordResetLinkController;
 use App\Http\Controllers\Auth\RegisteredUserController;
@@ -17,29 +19,8 @@
 
     Route::post('register', [RegisteredUserController::class, 'store']);
 
-    Route::get('login', function () {
-        $authorizeUri = 'http://127.0.0.1:4444/oauth2/auth';
-
-        $query = \Illuminate\Support\Arr::query([
-            'client_id' => 'my-rp',
-            'redirect_uri' => 'http://127.0.0.1:8000/callback',
-            'scope' => 'openid',
-            'response_type' => 'code',
-            'state' => '1a2b3c4d',
-        ]);
-
-        $authenticationRequest = $authorizeUri . '?' . $query;
-
-        Log::info('Authentication Request: ' . $authenticationRequest);
-
-        return redirect($authenticationRequest);
-    })->name('login');
-
-    Route::get('callback', function () {
-        dump(request()->all());
-        return response('拿到身分驗證回應了');
-    });
-
+    Route::get('login', HydraLogin::class)->name('login');
+    Route::get('callback', HydraCallback::class)->name('hydra.callback');
 
     Route::get('forgot-password', [PasswordResetLinkController::class, 'create'])
         ->name('password.request');