diff --git a/src/main/java/de/tavolio/oidc/OidcResource.java b/src/main/java/de/tavolio/oidc/OidcResource.java
index 81a13e0..5b80c5a 100644
--- a/src/main/java/de/tavolio/oidc/OidcResource.java
+++ b/src/main/java/de/tavolio/oidc/OidcResource.java
@@ -5,6 +5,10 @@ import de.tavolio.oidc.auth.model.AuthorizationCreation;
 import de.tavolio.oidc.token.ClientTokenService;
 import de.tavolio.oidc.token.model.TokenResponse;
 import de.tavolio.oidc.token.UserTokenService;
+import de.tavolio.realm.RealmEntity;
+import de.tavolio.realm.RealmService;
+import de.tavolio.realm.client.ClientEntity;
+import de.tavolio.realm.client.ClientService;
 import jakarta.annotation.security.RolesAllowed;
 import jakarta.enterprise.context.RequestScoped;
 import jakarta.inject.Inject;
@@ -35,6 +39,12 @@ public class OidcResource
     @Inject
     ClientTokenService clientTokenService;
 
+    @Inject
+    ClientService clientService;
+
+    @Inject
+    RealmService realmService;
+
     @GET
     @Path("/certs")
     public Map<String, Object> certs()
@@ -46,8 +56,14 @@ public class OidcResource
     @Path("/auth")
     public Response auth(@QueryParam("client_id") String clientId, @FormParam("email") String email, @FormParam("password") String password)
     {
-        String code = authorizationService.generateBySessionCreation(realmKey, clientId, new AuthorizationCreation(email, password));
-        return Response.status(302).location(URI.create("http://localhost:8080/callback?code=" + code + "&state=d")).build();
+        RealmEntity realm = realmService.requireByKey(realmKey);
+        ClientEntity client = clientService.findByIdAndRealm(clientId, realm);
+        if (client != null)
+        {
+            String code = authorizationService.generateBySessionCreation(realmKey, clientId, new AuthorizationCreation(email, password));
+            return Response.status(302).location(URI.create(client.getRedirectURI() + "?code=" + code + "&state=d")).build();
+        }
+        throw new BadRequestException();
     }
 
     @POST
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 760a229..76b43f1 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -27,7 +27,7 @@ quarkus.flyway.migrate-at-start=true
 quarkus.http.access-log.enabled=true
 quarkus.http.auth.basic=true
 
-io.verifoo.http.origin=http://localhost:8089
+%dev.io.verifoo.http.origin=http://localhost:8089
 
 %dev.io.verifoo.bootstrap.config.location=/home/andreas/Documents/dev/iam-backend/src/main/resources/bootstrap.yaml
 %dev.io.verifoo.superuser.username=admin