diff --git a/backend/app/api/auth.py b/backend/app/api/auth.py
index c4536ae..0e0414f 100644
--- a/backend/app/api/auth.py
+++ b/backend/app/api/auth.py
@@ -77,7 +77,7 @@ async def pocketid_login_url(db: AsyncSession = Depends(get_db)):
     from urllib.parse import urlencode
     params = {
         "client_id": client_id,
-        "redirect_uri": "/api/auth/pocketid/callback",
+        "redirect_uri": f"{settings.base_url}/api/auth/pocketid/callback",
         "response_type": "code",
         "scope": "openid profile email",
     }
@@ -94,7 +94,7 @@ async def pocketid_callback(code: str, db: AsyncSession = Depends(get_db)):
         resp = await client.post(
             f"{issuer}/token",
             data={"grant_type": "authorization_code", "code": code,
-                  "redirect_uri": "/api/auth/pocketid/callback",
+                  "redirect_uri": f"{settings.base_url}/api/auth/pocketid/callback",
                   "client_id": client_id, "client_secret": client_secret},
         )
         if resp.status_code != 200:
diff --git a/backend/app/core/config.py b/backend/app/core/config.py
index 71778e8..37596be 100644
--- a/backend/app/core/config.py
+++ b/backend/app/core/config.py
@@ -6,28 +6,23 @@ from typing import Optional
 class Settings(BaseSettings):
     # Database
     database_url: str = Field(..., env="DATABASE_URL")
-
     # Redis
     redis_url: str = Field("redis://localhost:6379/0", env="REDIS_URL")
-
     # Auth
     secret_key: str = Field(..., env="SECRET_KEY")
     algorithm: str = "HS256"
     access_token_expire_minutes: int = 60 * 24 * 7  # 7 days
-
-    # Admin account - optional so the worker (which doesn't seed users) can start
-    # without it. The backend service checks this at seed time.
+    # Admin account
     admin_username: str = Field("admin", env="ADMIN_USERNAME")
     admin_password: Optional[str] = Field(None, env="ADMIN_PASSWORD")
-
+    # Base URL - used for OAuth callbacks
+    base_url: str = Field("https://milevault.jarrett.eu", env="BASE_URL")
     # PocketID OIDC (optional)
     pocketid_issuer: Optional[str] = Field(None, env="POCKETID_ISSUER")
     pocketid_client_id: Optional[str] = Field(None, env="POCKETID_CLIENT_ID")
     pocketid_client_secret: Optional[str] = Field(None, env="POCKETID_CLIENT_SECRET")
-
     # Files
     file_store_path: str = Field("/data/files", env="FILE_STORE_PATH")
-
     # Environment
     environment: str = Field("production", env="ENVIRONMENT")
 
@@ -36,4 +31,4 @@ class Settings(BaseSettings):
         case_sensitive = False
 
 
-settings = Settings()
+settings = Settings()
\ No newline at end of file