diff --git a/login_provider/app.py b/login_provider/app.py
index 35f7d8deca3682b269e071ce9769232291c5b6cc..6605b67836e3ea05f01f14be739665126fb58eb9 100644
--- a/login_provider/app.py
+++ b/login_provider/app.py
@@ -1,8 +1,6 @@
 from flask import Flask
 from flask import abort, Flask, redirect, render_template, request
 from flask.views import View
-from flask_wtf import FlaskForm
-from flask_wtf.csrf import CSRFProtect
 from os import urandom
 from hydra_client import HydraAdmin
 from flask_sqlalchemy import SQLAlchemy
@@ -14,35 +12,23 @@ from flask_security import Security, SQLAlchemyUserDatastore, \
 HYDRA_ADMIN_URL = "http://127.0.0.1:4445"
 
 app = Flask(__name__)
-app.secret_key = urandom(16)
+
 app.config['DEBUG'] = True
-app.config['SECRET_KEY'] = 'super-secret'
+app.config['SECRET_KEY'] = urandom(16)
 app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite://'
 app.config["SECURITY_PASSWORD_SALT"] = "SuPeRrAnDoMpAsSwOrD"
 
 db = SQLAlchemy(app)
 
-# Define models
-roles_users = db.Table('roles_users',
-        db.Column('user_id', db.Integer(), db.ForeignKey('user.id')),
-        db.Column('role_id', db.Integer(), db.ForeignKey('role.id')))
-
-class Role(db.Model, RoleMixin):
-    id = db.Column(db.Integer(), primary_key=True)
-    name = db.Column(db.String(80), unique=True)
-    description = db.Column(db.String(255))
-
 class User(db.Model, UserMixin):
     id = db.Column(db.Integer, primary_key=True)
     email = db.Column(db.String(255), unique=True)
     password = db.Column(db.String(255))
     active = db.Column(db.Boolean())
     confirmed_at = db.Column(db.DateTime())
-    roles = db.relationship('Role', secondary=roles_users,
-                            backref=db.backref('users', lazy='dynamic'))
 
 # Setup Flask-Security
-user_datastore = SQLAlchemyUserDatastore(db, User, Role)
+user_datastore = SQLAlchemyUserDatastore(db, User)
 security = Security(app, user_datastore)
 
 # Create a user to test with
@@ -52,9 +38,6 @@ def create_user():
     user_datastore.create_user(email='example@oas.example.com', password='password')
     db.session.commit()
 
-csrf = CSRFProtect(app)
-
-
 @app.route('/')
 @login_required
 def home():