diff --git a/management/cmd/management.go b/management/cmd/management.go
index 00b6805a4..b61c3a8d3 100644
--- a/management/cmd/management.go
+++ b/management/cmd/management.go
@@ -221,7 +221,7 @@ func applyEmbeddedIdPConfig(ctx context.Context, cfg *nbconfig.Config) error {
 	cfg.HttpConfig.OIDCConfigEndpoint = issuer + "/.well-known/openid-configuration"
 	cfg.HttpConfig.IdpSignKeyRefreshEnabled = true
 	callbackURL := strings.TrimSuffix(cfg.HttpConfig.AuthIssuer, "/oauth2")
-	cfg.HttpConfig.AuthCallbackURL = callbackURL + types.ProxyCallbackEndpoint
+	cfg.HttpConfig.AuthCallbackURL = callbackURL + types.ProxyCallbackEndpointFull
 
 	return nil
 }
diff --git a/management/server/http/handler.go b/management/server/http/handler.go
index d3d6dc3df..11b7a340e 100644
--- a/management/server/http/handler.go
+++ b/management/server/http/handler.go
@@ -84,7 +84,7 @@ func NewAPIHandler(ctx context.Context, accountManager account.Manager, networks
 		return nil, fmt.Errorf("failed to add bypass path: %w", err)
 	}
 	// OAuth callback for proxy authentication
-	if err := bypass.AddBypassPath(types.ProxyCallbackEndpoint); err != nil {
+	if err := bypass.AddBypassPath(types.ProxyCallbackEndpointFull); err != nil {
 		return nil, fmt.Errorf("failed to add bypass path: %w", err)
 	}
 
diff --git a/management/server/http/handlers/proxy/auth.go b/management/server/http/handlers/proxy/auth.go
index 17ed1772a..29ed3ea52 100644
--- a/management/server/http/handlers/proxy/auth.go
+++ b/management/server/http/handlers/proxy/auth.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gorilla/mux"
+	"github.com/netbirdio/netbird/management/server/types"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/oauth2"
 
@@ -25,7 +26,7 @@ func NewAuthCallbackHandler(proxyService *nbgrpc.ProxyServiceServer) *AuthCallba
 }
 
 func (h *AuthCallbackHandler) RegisterEndpoints(router *mux.Router) {
-	router.HandleFunc("/oauth/callback", h.handleCallback).Methods(http.MethodGet)
+	router.HandleFunc(types.ProxyCallbackEndpoint, h.handleCallback).Methods(http.MethodGet)
 }
 
 func (h *AuthCallbackHandler) handleCallback(w http.ResponseWriter, r *http.Request) {
diff --git a/management/server/types/proxy.go b/management/server/types/proxy.go
index 69582a963..1b80e80d1 100644
--- a/management/server/types/proxy.go
+++ b/management/server/types/proxy.go
@@ -1,4 +1,7 @@
 package types
 
 // ProxyCallbackEndpoint holds the proxy callback endpoint
-const ProxyCallbackEndpoint = "/api/reverse-proxy/callback"
+const ProxyCallbackEndpoint = "/reverse-proxy/callback"
+
+// ProxyCallbackEndpointFull holds the proxy callback endpoint with api suffix
+const ProxyCallbackEndpointFull = "/api" + ProxyCallbackEndpoint