diff --git a/settings.json.docker b/settings.json.docker
index b4a9ebbd0..d96931822 100644
--- a/settings.json.docker
+++ b/settings.json.docker
@@ -652,20 +652,21 @@
    */
   "lowerCasePadIds": "${LOWER_CASE_PAD_IDS:false}",
   "sso": {
+    "issuer": "${SSO_ISSUER:http://localhost:9001}",
       "clients": [
         {
-          "client_id": "admin_client",
-          "client_secret": "admin",
+          "client_id": "${ADMIN_CLIENT:admin_client}",
+          "client_secret": "${ADMIN_SECRET:admin}",
           "grant_types": ["authorization_code"],
           "response_types": ["code"],
-          "redirect_uris": ["http://localhost:9001/admin/*"]
+          "redirect_uris": ["${ADMIN_REDIRECT:http://localhost:9001/admin/}"]
         },
         {
-          "client_id": "user_client",
-          "client_secret": "user",
+          "client_id": "${USER_CLIENT:user_client}",
+          "client_secret": "${USER_SECRET:user}",
           "grant_types": ["authorization_code"],
           "response_types": ["code"],
-          "redirect_uris": ["http://localhost:9001/*"]
+          "redirect_uris": ["${USER_REDIRECT:http://localhost:9001/}"]
         }
       ]
     }
diff --git a/settings.json.template b/settings.json.template
index 48fc7a17d..85165b2f0 100644
--- a/settings.json.template
+++ b/settings.json.template
@@ -653,20 +653,21 @@
   "lowerCasePadIds": false,
 
   "sso": {
+    "issuer": "${SSO_ISSUER:http://localhost:9001}",
       "clients": [
         {
-          "client_id": "admin_client",
-          "client_secret": "admin",
+          "client_id": "${ADMIN_CLIENT:admin_client}",
+          "client_secret": "${ADMIN_SECRET:admin}",
           "grant_types": ["authorization_code"],
           "response_types": ["code"],
-          "redirect_uris": ["http://localhost:9001/admin/*"]
+          "redirect_uris": ["${ADMIN_REDIRECT:http://localhost:9001/admin/}"]
         },
         {
-          "client_id": "user_client",
-          "client_secret": "user",
+          "client_id": "${USER_CLIENT:user_client}",
+          "client_secret": "${USER_SECRET:user}",
           "grant_types": ["authorization_code"],
           "response_types": ["code"],
-          "redirect_uris": ["http://localhost:9001/*"]
+          "redirect_uris": ["${USER_REDIRECT:http://localhost:9001/}"]
         }
       ]
     }
diff --git a/src/node/handler/APIHandler.ts b/src/node/handler/APIHandler.ts
index 6726c83ce..17346b791 100644
--- a/src/node/handler/APIHandler.ts
+++ b/src/node/handler/APIHandler.ts
@@ -149,7 +149,6 @@ exports.version = version;
 
 
 type APIFields = {
-  apikey: string;
   api_key: string;
   padID: string;
   padName: string;
diff --git a/src/node/hooks/express/openapi.ts b/src/node/hooks/express/openapi.ts
index 3cd5cfed6..85dd37360 100644
--- a/src/node/hooks/express/openapi.ts
+++ b/src/node/hooks/express/openapi.ts
@@ -483,14 +483,24 @@ const generateDefinitionForVersion = (version:string, style = APIPathStyle.FLAT)
         ...defaultResponses,
       },
       securitySchemes: {
-        ApiKey: {
-          type: 'apiKey',
-          in: 'query',
-          name: 'apikey',
+        openid: {
+          type: "oauth2",
+          flows: {
+            authorizationCode: {
+              authorizationUrl: settings.sso.issuer+"/oidc/auth",
+              tokenUrl: settings.sso.issuer+"/oidc/token",
+              scopes: {
+                openid: "openid",
+                profile: "profile",
+                email: "email",
+                admin: "admin"
+              }
+            }
+          },
         },
       },
     },
-    security: [{ApiKey: []}],
+    security: [{openid: []}],
   };
 
   // build operations
@@ -622,6 +632,7 @@ exports.expressPreSession = async (hookName:string, {app}:any) => {
           let data;
           try {
             data = await apiHandler.handle(version, funcName, fields, req, res);
+            console.log(app._router.stack)
           } catch (err) {
             const errCaused = err as ErrorCaused
             // convert all errors to http errors
diff --git a/src/node/security/OAuth2Provider.ts b/src/node/security/OAuth2Provider.ts
index 832589f76..3c6583e62 100644
--- a/src/node/security/OAuth2Provider.ts
+++ b/src/node/security/OAuth2Provider.ts
@@ -82,7 +82,7 @@ export const expressCreateServer = async (hookName: string, args: ArgsExpressTyp
     publicKeyExported = publicKey
     privateKeyExported = privateKey
 
-    const oidc = new Provider('http://localhost:9001', {
+    const oidc = new Provider(settings.sso.issuer, {
         ...configuration, jwks: {
             keys: [
                 privateKeyJWK
@@ -98,7 +98,6 @@ export const expressCreateServer = async (hookName: string, args: ArgsExpressTyp
         },
         features:{
              userinfo: {enabled: true},
-
              claimsParameter: {enabled: true},
             devInteractions: {enabled: false},
           resourceIndicators: {enabled: true,   defaultResource(ctx) {
diff --git a/src/tests/backend/specs/api/fuzzImportTest.ts b/src/tests/backend/specs/api/fuzzImportTest.ts
index 85f4c81f2..3caa185da 100644
--- a/src/tests/backend/specs/api/fuzzImportTest.ts
+++ b/src/tests/backend/specs/api/fuzzImportTest.ts
@@ -9,7 +9,6 @@ const settings = require('../../../container/loadSettings.js').loadSettings();
 
 const host = "http://" + settings.ip + ":" + settings.port;
 
-const apiKey = common.apiKey;
 var apiVersion = 1;
 var testPadId = "TEST_fuzz" + makeid();
 
diff --git a/src/tests/backend/specs/api/pad.ts b/src/tests/backend/specs/api/pad.ts
index 2c2ae142e..4e36762c4 100644
--- a/src/tests/backend/specs/api/pad.ts
+++ b/src/tests/backend/specs/api/pad.ts
@@ -12,7 +12,6 @@ const common = require('../../common');
 const padManager = require('../../../../node/db/PadManager');
 
 let agent:any;
-const apiKey = common.apiKey;
 let apiVersion = 1;
 const testPadId = makeid();
 const newPadId = makeid();