diff --git a/src/routes.rs b/src/routes.rs
index 2922df6..92a22b5 100644
--- a/src/routes.rs
+++ b/src/routes.rs
@@ -9,7 +9,7 @@ use axum::{
 };
 
 use axum_extra::extract::{cookie::Cookie, CookieJar};
-use reqwest::{Proxy, StatusCode};
+use reqwest::{Proxy, StatusCode, Url};
 use serde::{Deserialize, Serialize};
 use serde_json::{json, Value};
 use tracing::{error, info};
@@ -221,8 +221,10 @@ pub(crate) async fn v2_auth(
     );
     // TODO: add permissions based on roles
 
+    let uri = Url::parse(&state.origin).expect("should be a valid url");
+
     let mut cookie = Cookie::new("access_token", token.clone());
-    cookie.set_path(format!("{}/", state.origin));
+    cookie.set_path(uri.path().to_string());
     cookie.set_secure(true);
 
     Ok((jar.add(cookie), Redirect::to(&format!("{}/", state.origin))))