diff --git a/navi/api/routes/auth.py b/navi/api/routes/auth.py
index c3d096f..e1b45f8 100644
--- a/navi/api/routes/auth.py
+++ b/navi/api/routes/auth.py
@@ -23,11 +23,11 @@
 router = APIRouter(prefix="/auth", tags=["auth"])
 
 
-def _get_redirect_uri(request: Request) -> str:
-    """Build redirect_uri from the incoming request, respecting reverse proxies."""
-    # FastAPI's request.base_url includes scheme+host+port; strip trailing slash
-    base = str(request.base_url).rstrip("/")
-    return f"{base}/auth/callback"
+def _get_redirect_uri() -> str:
+    """Return the configured redirect_uri."""
+    # Always use the configured redirect_uri so reverse proxies are handled
+    # correctly (request.base_url would return the internal address).
+    return settings.gnauth_redirect_uri
 
 
 def _auth_configured() -> bool:
@@ -40,7 +40,7 @@
     if not _auth_configured():
         raise HTTPException(status_code=503, detail="OAuth is not configured. Set GNAUTH_CLIENT_ID and GNAUTH_CLIENT_SECRET in .env")
 
-    redirect_uri = _get_redirect_uri(request)
+    redirect_uri = _get_redirect_uri()
     client = get_gauth_client(redirect_uri=redirect_uri)
 
     auth_request = client.build_authorization_request(
@@ -58,7 +58,7 @@
     if not _auth_configured():
         raise HTTPException(status_code=503, detail="OAuth is not configured. Set GNAUTH_CLIENT_ID and GNAUTH_CLIENT_SECRET in .env")
 
-    redirect_uri = _get_redirect_uri(request)
+    redirect_uri = _get_redirect_uri()
     client = get_gauth_client(redirect_uri=redirect_uri)
     encryptor = get_encryptor()