diff --git a/packages/web-console/src/modules/OAuth2/utils.ts b/packages/web-console/src/modules/OAuth2/utils.ts
index 4f18c2097..099cc23ca 100644
--- a/packages/web-console/src/modules/OAuth2/utils.ts
+++ b/packages/web-console/src/modules/OAuth2/utils.ts
@@ -9,6 +9,18 @@ type TokenPayload = Partial<{
   refresh_token: string
 }>
 
+const getBaseURL = (settings: Settings) => {
+    // if there is no host in settings, no need to construct base URL at all
+    if (!settings["acl.oidc.host"]) {
+        return "";
+    }
+
+    // if there is host in settings, we are in legacy mode, and we should construct the base URL
+    return `${settings["acl.oidc.tls.enabled"] ? "https" : "http"}://${
+        settings["acl.oidc.host"]
+    }:${settings["acl.oidc.port"]}`
+}
+
 export const getAuthorisationURL = ({
   settings,
   code_challenge = null,
@@ -37,6 +49,7 @@ export const getAuthorisationURL = ({
   }
 
   return (
+    getBaseURL(settings) +
     settings["acl.oidc.authorization.endpoint"] +
     "?" +
     urlParams
@@ -52,7 +65,7 @@ export const getAuthToken = async (
   payload: TokenPayload,
 ) => {
   return fetch(
-    `${settings["acl.oidc.token.endpoint"]}`,
+    `${getBaseURL(settings)}${settings["acl.oidc.token.endpoint"]}`,
     {
       method: "POST",
       headers: {
diff --git a/packages/web-console/src/providers/SettingsProvider/types.ts b/packages/web-console/src/providers/SettingsProvider/types.ts
index 695e12e59..81919aed4 100644
--- a/packages/web-console/src/providers/SettingsProvider/types.ts
+++ b/packages/web-console/src/providers/SettingsProvider/types.ts
@@ -9,6 +9,9 @@ export type Settings = Partial<{
   "acl.oidc.client.id": string
   "acl.oidc.redirect.uri": string
   "acl.oidc.scope": string
+  "acl.oidc.host": string
+  "acl.oidc.port": number
+  "acl.oidc.tls.enabled": boolean
   "acl.oidc.authorization.endpoint": string
   "acl.oidc.token.endpoint": string
   "acl.oidc.pkce.required": boolean