diff --git a/src/constants.js b/src/constants.js
index 3be8dd9da..812386305 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -19,8 +19,6 @@ exports = module.exports = {
 
     ADMIN_NAME: 'Settings',
 
-    ADMIN_CLIENT_ID: 'webadmin', // oauth client id
-
     NGINX_ADMIN_CONFIG_FILE_NAME: 'admin.conf',
 
     GHOST_USER_FILE: '/tmp/cloudron_ghost.json',
diff --git a/src/routes/oauth2.js b/src/routes/oauth2.js
index 9217d27c2..54955505f 100644
--- a/src/routes/oauth2.js
+++ b/src/routes/oauth2.js
@@ -362,10 +362,13 @@ function accountSetup(req, res, next) {
             // setPassword clears the resetToken
             users.setPassword(userObject.id, req.body.password, function (error) {
                 if (error && error.reason === UsersError.BAD_FIELD) return renderAccountSetupSite(res, req, userObject, error.message);
-
                 if (error) return next(new HttpError(500, error));
 
-                res.redirect(config.adminOrigin());
+                clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, function (error, result) {
+                    if (error) return next(new HttpError(500, error));
+
+                    res.redirect(`${config.adminOrigin()}?accessToken=${result.accessToken}&expiresAt=${result.expires}`);
+                });
             });
         });
     });
@@ -409,7 +412,11 @@ function passwordReset(req, res, next) {
             if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(406, error.message));
             if (error) return next(new HttpError(500, error));
 
-            res.redirect(config.adminOrigin());
+            clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, function (error, result) {
+                if (error) return next(new HttpError(500, error));
+
+                res.redirect(`${config.adminOrigin()}?accessToken=${result.accessToken}&expiresAt=${result.expires}`);
+            });
         });
     });
 }