diff --git a/apps/backend/.env.development b/apps/backend/.env.development
index a2ca03418..7ce918c51 100644
--- a/apps/backend/.env.development
+++ b/apps/backend/.env.development
@@ -42,4 +42,4 @@ STACK_ARTIFICIAL_DEVELOPMENT_DELAY_MS=50
 
 STACK_ENABLE_HARDCODED_PASSKEY_CHALLENGE_FOR_TESTING=yes
 
-STACK_NEON_INTEGRATION_CLIENTS_CONFIG=[{"client_id": "neon-local", "client_secret": "neon-local-secret", "id_token_signed_response_alg": "ES256", "redirect_uris": ["http://localhost:30000/api/v2/identity/authorize"]}]
+STACK_NEON_INTEGRATION_CLIENTS_CONFIG=[{"client_id": "neon-local", "client_secret": "neon-local-secret", "id_token_signed_response_alg": "ES256", "redirect_uris": ["http://localhost:30000/api/v2/identity/authorize", "http://localhost:30000/api/v2/auth/authorize"]}]
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
index b46c7c2d8..742981319 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/integrations/neon/oauth.test.ts
@@ -3,14 +3,14 @@ import { expect } from "vitest";
 import { it, updateCookiesFromResponse } from "../../../../../../helpers";
 import { ApiKey, Auth, Project, backendContext, niceBackendFetch } from "../../../../../backend-helpers";
 
-async function authorizePart1() {
+async function authorizePart1(redirectUri: string = "http://localhost:30000/api/v2/auth/authorize") {
   let cookies = "";
   const first = await niceBackendFetch("/api/v1/integrations/neon/oauth/authorize", {
     method: "GET",
     query: {
       response_type: "code",
       client_id: "neon-local",
-      redirect_uri: "http://localhost:30000/api/v2/identity/authorize",
+      redirect_uri: redirectUri,
       state: encodeBase64Url(new TextEncoder().encode(JSON.stringify({ details: { neon_project_name: 'neon-project' } }))),
       code_challenge: "xf6HY7PIgoaCf_eMniSt-45brYE2J_05C9BnfIbueik",
       code_challenge_method: "S256",
@@ -135,9 +135,9 @@ async function authorize(projectId: string) {
       },
       NiceResponse {
         "status": 303,
-        "body": "http://localhost:30000/api/v2/identity/authorize?code=%3Cstripped+query+param%3E&amp=",
+        "body": "http://localhost:30000/api/v2/auth/authorize?code=%3Cstripped+query+param%3E&amp=",
         "headers": Headers {
-          "location": "http://localhost:30000/api/v2/identity/authorize?code=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&iss=http%3A%2F%2Flocalhost%3A8102%2Fapi%2Fv1%2Fintegrations%2Fneon%2Foauth%2Fidp",
+          "location": "http://localhost:30000/api/v2/auth/authorize?code=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&iss=http%3A%2F%2Flocalhost%3A8102%2Fapi%2Fv1%2Fintegrations%2Fneon%2Foauth%2Fidp",
           "set-cookie": <setting cookie "_interaction_resume" at path "/api/v1/integrations/neon/oauth/idp/auth/<stripped auth UID>" to <stripped cookie value>>,
           "set-cookie": <setting cookie "_interaction_resume.sig" at path "/api/v1/integrations/neon/oauth/idp/auth/<stripped auth UID>" to <stripped cookie value>>,
           <some fields may have been hidden>,
@@ -156,6 +156,38 @@ it(`should redirect to the correct callback URL`, async ({}) => {
   await authorize(createdProject.projectId);
 });
 
+it(`should not redirect to the incorrect callback URL`, async ({}) => {
+  await Auth.Otp.signIn();
+  await Project.create();
+
+  const result = await authorizePart1("http://localhost:30000/api/v2/wrong-url/authorize");
+  expect(result).toMatchInlineSnapshot(`
+    {
+      "cookies": "",
+      "responses": [
+        NiceResponse {
+          "status": 307,
+          "headers": Headers {
+            "location": "http://localhost:8102/api/v1/integrations/neon/oauth/idp/auth?response_type=code&client_id=neon-local&redirect_uri=%3Cstripped+query+param%3E&state=%3Cstripped+query+param%3E&code_challenge=%3Cstripped+query+param%3E&code_challenge_method=S256&scope=openid",
+            <some fields may have been hidden>,
+          },
+        },
+        NiceResponse {
+          "status": 400,
+          "body": {
+            "error": "invalid_redirect_uri",
+            "error_description": "redirect_uri did not match any of the client's registered redirect_uris",
+            "iss": "http://localhost:8102/api/v1/integrations/neon/oauth/idp",
+            "state": "eyJkZXRhaWxzIjp7Im5lb25fcHJvamVjdF9uYW1lIjoibmVvbi1wcm9qZWN0In19",
+          },
+          "headers": Headers { <some fields may have been hidden> },
+        },
+        undefined,
+      ],
+    }
+  `);
+});
+
 it(`should exchange the authorization code for an admin API key that works`, async ({}) => {
   await Auth.Otp.signIn();
   const createdProject = await Project.create();
@@ -167,7 +199,7 @@ it(`should exchange the authorization code for an admin API key that works`, asy
       grant_type: "authorization_code",
       code: authorizationCode,
       code_verifier: "W2LPAD4M4ES-3wBjzU6J5ApykmuxQy5VTs3oSmtboDM",
-      redirect_uri: "http://localhost:30000/api/v2/identity/authorize",
+      redirect_uri: "http://localhost:30000/api/v2/auth/authorize",
     },
     headers: {
       "Authorization": "Basic bmVvbi1sb2NhbDpuZW9uLWxvY2FsLXNlY3JldA=="
@@ -221,7 +253,7 @@ it(`should not exchange the authorization code when the client secret is incorre
       grant_type: "authorization_code",
       code: authorizationCode,
       code_verifier: "W2LPAD4M4ES-3wBjzU6J5ApykmuxQy5VTs3oSmtboDM",
-      redirect_uri: "http://localhost:30000/api/v2/identity/authorize",
+      redirect_uri: "http://localhost:30000/api/v2/auth/authorize",
     },
     headers: {
       "Authorization": "Basic bmVvbi1sb2NhbDpuZW9uLWxvY2FsLXNlY2JldA=="