diff --git a/README.md b/README.md
index 090f4e9..14435db 100644
--- a/README.md
+++ b/README.md
@@ -45,7 +45,7 @@ Our philosophy: **software should help people spend less time on administration
 - 🚧 Sorting & filtering  
 - 🚧 Roles & permissions (e.g. board, treasurer)  
 - ✅ Custom fields (flexible per club needs)  
-- ✅ SSO via OIDC (works with Authentik, Rauthy, Keycloak, etc.)  
+- ✅ SSO via OIDC (tested with Rauthy)  
 - 🚧 Self-service & online application  
 - 🚧 Accessibility, GDPR, usability improvements  
 - 🚧 Email sending  
@@ -147,26 +147,7 @@ Mila uses OIDC for Single Sign-On. In development, a local **Rauthy** instance i
 5. copy client secret to `.env` file
 6. abort and run `just run` again
 
-Now you can log in to Mila via OIDC!
-
-### OIDC with other providers (Authentik, Keycloak, etc.)
-
-Mila works with any OIDC-compliant provider. The internal strategy is named `:rauthy`, but this is just a name — it works with any provider.
-
-**Important:** The redirect URI must always end with `/auth/user/rauthy/callback`.
-
-Example for Authentik:
-1. Create an OAuth2/OpenID Provider in Authentik
-2. Set the redirect URI to: `https://your-domain.com/auth/user/rauthy/callback`
-3. Configure environment variables:
-   ```bash
-   DOMAIN=your-domain.com                    # or PHX_HOST=your-domain.com
-   OIDC_CLIENT_ID=your-client-id
-   OIDC_BASE_URL=https://auth.example.com/application/o/your-app
-   OIDC_CLIENT_SECRET=your-client-secret     # or use OIDC_CLIENT_SECRET_FILE
-   ```
-
-The `OIDC_REDIRECT_URI` is auto-generated as `https://{DOMAIN}/auth/user/rauthy/callback` if not explicitly set.  
+Now you can log in to Mila via OIDC!  
 
 ## ⚙️ Configuration
 
@@ -229,13 +210,13 @@ For testing the production Docker build locally:
    # Required variables:
    SECRET_KEY_BASE=<your-generated-secret>
    TOKEN_SIGNING_SECRET=<your-generated-secret>
-   DOMAIN=localhost                          # or PHX_HOST=localhost
+   PHX_HOST=localhost
    
-   # Optional OIDC configuration:
+   # Optional (have defaults in docker-compose.prod.yml):
    # OIDC_CLIENT_ID=mv
    # OIDC_BASE_URL=http://localhost:8080/auth/v1
-   # OIDC_CLIENT_SECRET=<from-your-oidc-provider>
-   # OIDC_REDIRECT_URI is auto-generated as https://{DOMAIN}/auth/user/rauthy/callback
+   # OIDC_REDIRECT_URI=http://localhost:4001/auth/user/rauthy/callback
+   # OIDC_CLIENT_SECRET=<from-rauthy-client>
    
    # Alternative: Use _FILE variables for Docker secrets (takes priority over regular vars):
    # SECRET_KEY_BASE_FILE=/run/secrets/secret_key_base
diff --git a/config/runtime.exs b/config/runtime.exs
index 06a2cd8..71138ef 100644
--- a/config/runtime.exs
+++ b/config/runtime.exs
@@ -112,21 +112,12 @@ if config_env() == :prod do
     You can generate one by calling: mix phx.gen.secret
     """)
 
-  # PHX_HOST or DOMAIN can be used to set the host for the application.
-  # DOMAIN is commonly used in deployment environments (e.g., Portainer templates).
-  host =
-    System.get_env("PHX_HOST") ||
-      System.get_env("DOMAIN") ||
-      raise "Please define the PHX_HOST or DOMAIN environment variable."
-
+  host = System.get_env("PHX_HOST") || raise "Please define the PHX_HOST environment variable."
   port = String.to_integer(System.get_env("PORT") || "4000")
 
   config :mv, :dns_cluster_query, System.get_env("DNS_CLUSTER_QUERY")
 
-  # OIDC configuration (works with any OIDC provider: Authentik, Rauthy, Keycloak, etc.)
-  # Note: The strategy is named :rauthy internally, but works with any OIDC provider.
-  # The redirect_uri callback path is always /auth/user/rauthy/callback regardless of provider.
-  #
+  # Rauthy OIDC configuration
   # Supports OIDC_CLIENT_SECRET or OIDC_CLIENT_SECRET_FILE for Docker secrets.
   # OIDC_CLIENT_SECRET is required only if OIDC is being used (indicated by explicit OIDC env vars).
   oidc_base_url = System.get_env("OIDC_BASE_URL")
@@ -143,15 +134,12 @@ if config_env() == :prod do
       get_env_or_file.("OIDC_CLIENT_SECRET", nil)
     end
 
-  # Build redirect_uri: use OIDC_REDIRECT_URI if set, otherwise build from host.
-  # Uses HTTPS since production runs behind TLS termination.
-  default_redirect_uri = "https://#{host}/auth/user/rauthy/callback"
-
   config :mv, :rauthy,
     client_id: oidc_client_id || "mv",
     base_url: oidc_base_url || "http://localhost:8080/auth/v1",
     client_secret: client_secret,
-    redirect_uri: System.get_env("OIDC_REDIRECT_URI") || default_redirect_uri
+    redirect_uri:
+      System.get_env("OIDC_REDIRECT_URI") || "http://#{host}:#{port}/auth/user/rauthy/callback"
 
   # Token signing secret from environment variable
   # This overrides the placeholder value set in prod.exs