diff --git a/login/authorize.go b/login/authorize.go
index a32719b..8b69023 100644
--- a/login/authorize.go
+++ b/login/authorize.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"path"
 
 	oauth2 "github.com/oxisto/oauth2go"
 )
@@ -62,7 +63,7 @@ func (h *handler) handleAuthorize(w http.ResponseWriter, r *http.Request) {
 		params.Add("return_url", r.RequestURI)
 
 		// Redirect to our login page
-		http.Redirect(w, r, fmt.Sprintf("/login?%s", params.Encode()), http.StatusFound)
+		http.Redirect(w, r, fmt.Sprintf("%s?%s", path.Join(h.baseURL, "/login"), params.Encode()), http.StatusFound)
 	} else {
 		var params = url.Values{}
 		params.Add("code", h.srv.IssueCode(challenge))
diff --git a/login/authorize_test.go b/login/authorize_test.go
index 39efe8f..ca621ae 100644
--- a/login/authorize_test.go
+++ b/login/authorize_test.go
@@ -159,6 +159,7 @@ func Test_handler_handleAuthorize(t *testing.T) {
 				users:    []*User{},
 				log:      log.Default(),
 				pwh:      bcryptHasher{},
+				baseURL:  "/oauth/",
 				srv:      oauth2.NewServer(":0", oauth2.WithClient("client", "secret", "/test")),
 			},
 			args: args{
@@ -167,7 +168,7 @@ func Test_handler_handleAuthorize(t *testing.T) {
 			wantCode: http.StatusFound,
 			wantHeaderRegexp: http.Header{
 				// Should redirect to login page but with this authorize endpoint as return URL
-				"Location": []string{"/login\\?return_url=%2Fauthorize%3Fclient_id%3Dclient%26redirect_uri%3D%2Ftest%26response_type%3Dcode%26code_challenge%3D0123456789%26code_challenge_method%3DS256"},
+				"Location": []string{"/oauth/login\\?return_url=%2Fauthorize%3Fclient_id%3Dclient%26redirect_uri%3D%2Ftest%26response_type%3Dcode%26code_challenge%3D0123456789%26code_challenge_method%3DS256"},
 			},
 		},
 		{