diff --git a/auth.lua b/auth.lua
index 90c8b44..9644abc 100644
--- a/auth.lua
+++ b/auth.lua
@@ -1,12 +1,18 @@
 local openidc = require("resty.openidc")
 
+-- Determine the correct redirect URI
+local scheme = ngx.var.scheme
+local host = ngx.var.http_host
+local request_uri = ngx.var.request_uri
+local redirect_uri = scheme .. "://" .. host .. request_uri
+
 local opts = {
-  redirect_uri_path = "/redirect_uri",
+  redirect_uri = redirect_uri,  -- ✅ use full URI dynamically
   discovery = "https://kc.boomlab.party/realms/rhein-sw/.well-known/openid-configuration",
   client_id = "demo-sso",
   client_secret = os.getenv("KEYCLOAK_CLIENT_SECRET"),
-  redirect_uri_scheme = "http",
-  scope = "openid email profile"
+  scope = "openid email profile",
+  ssl_verify = "no"
 }
 
 local res, err = openidc.authenticate(opts)