diff --git a/.env.example b/.env.example
index 6e72647..740a556 100644
--- a/.env.example
+++ b/.env.example
@@ -73,3 +73,9 @@ AWS_BUCKET=
 AWS_USE_PATH_STYLE_ENDPOINT=false
 
 VITE_APP_NAME="${APP_NAME}"
+
+# Weeztix OAuth (defaults match https://docs.weeztix.com — only set if you use Open Ticket / another issuer)
+# WEEZTIX_OAUTH_AUTHORIZE_URL=https://login.weeztix.com/login
+# WEEZTIX_AUTH_BASE_URL=https://auth.weeztix.com
+# WEEZTIX_USER_PROFILE_URL=https://auth.weeztix.com/users/me
+# WEEZTIX_API_BASE_URL=https://api.weeztix.com
diff --git a/app/Http/Controllers/Admin/WeeztixOAuthController.php b/app/Http/Controllers/Admin/WeeztixOAuthController.php
index be3afdf..e5f4bab 100644
--- a/app/Http/Controllers/Admin/WeeztixOAuthController.php
+++ b/app/Http/Controllers/Admin/WeeztixOAuthController.php
@@ -52,9 +52,9 @@ class WeeztixOAuthController extends Controller
             'state' => $state,
         ]);
 
-        $authorizeBase = rtrim(config('weeztix.auth_base_url'), '/').'/tokens/authorize';
+        $authorizeUrl = config('weeztix.oauth_authorize_url');
 
-        return redirect()->away($authorizeBase.'?'.$query);
+        return redirect()->away($authorizeUrl.'?'.$query);
     }
 
     public function callback(Request $request): RedirectResponse
diff --git a/config/weeztix.php b/config/weeztix.php
index 4f82888..ed6f13b 100644
--- a/config/weeztix.php
+++ b/config/weeztix.php
@@ -6,16 +6,34 @@ return [
 
     /*
     |--------------------------------------------------------------------------
-    | OAuth / token host (authorization code + refresh)
+    | OAuth login / authorization (browser redirect)
     |--------------------------------------------------------------------------
     |
-    | Defaults match the integration spec (Open Ticket auth). Token requests
-    | use {auth_base_url}/tokens; authorize URL is {auth_base_url}/tokens/authorize
-    | when using the same host layout as Weeztix/Open Ticket.
+    | Official Weeztix: users must be sent to login.weeztix.com with client_id,
+    | redirect_uri, response_type=code, and state. Do NOT use auth.../tokens/authorize
+    | unless your OAuth provider documents that path (e.g. some Open Ticket setups).
+    |
+    | Open Ticket example (if your client was created there):
+    | WEEZTIX_OAUTH_AUTHORIZE_URL=https://auth.openticket.tech/tokens/authorize
+    | WEEZTIX_AUTH_BASE_URL=https://auth.openticket.tech
     |
     */
 
-    'auth_base_url' => rtrim((string) env('WEEZTIX_AUTH_BASE_URL', 'https://auth.openticket.tech'), '/'),
+    'oauth_authorize_url' => rtrim((string) env(
+        'WEEZTIX_OAUTH_AUTHORIZE_URL',
+        'https://login.weeztix.com/login'
+    ), '/'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Token endpoint base (authorization code + refresh)
+    |--------------------------------------------------------------------------
+    |
+    | POST {auth_base_url}/tokens — official Weeztix: https://auth.weeztix.com/tokens
+    |
+    */
+
+    'auth_base_url' => rtrim((string) env('WEEZTIX_AUTH_BASE_URL', 'https://auth.weeztix.com'), '/'),
 
     /*
     |--------------------------------------------------------------------------
@@ -30,8 +48,7 @@ return [
     | Current user profile (token validity + company hints)
     |--------------------------------------------------------------------------
     |
-    | Documented at https://docs.weeztix.com/docs/introduction/issue-request/
-    | Uses auth.weeztix.com by default; override if your token issuer uses another host.
+    | Should match the issuer of your access_token (usually same host as auth_base_url).
     |
     */