diff --git a/CHANGES b/CHANGES
index 36fdfed34..ac13a0d81 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2688,4 +2688,5 @@
 * Update MongoDB to 5.0. Important: this release requires AVX support in CPU
 * turn: add ddos mitigation settings
 * api: return json when route not found
+* oidc: loginRedirectUri can be empty string
 
diff --git a/package-lock.json b/package-lock.json
index 4b8ffeb51..f3537bfec 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,7 +14,7 @@
         "aws-sdk": "^2.1426.0",
         "basic-auth": "^2.0.1",
         "body-parser": "^1.20.2",
-        "cloudron-manifestformat": "^5.20.0",
+        "cloudron-manifestformat": "^5.21.0",
         "connect": "^3.7.0",
         "connect-lastmile": "^2.1.1",
         "connect-timeout": "^1.9.0",
@@ -452,6 +452,11 @@
       "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.1.tgz",
       "integrity": "sha512-SZs7ekbP8CN0txVG2xVRH6EgKmEm31BOxA07vkFaETzZz1xh+cbt8BcI0slpymvwhx5dlFnQG2rTlPVQn+iRPQ=="
     },
+    "node_modules/@types/luxon": {
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/@types/luxon/-/luxon-3.3.2.tgz",
+      "integrity": "sha512-l5cpE57br4BIjK+9BSkFBOsWtwv6J9bJpC7gdXIzZyI0vuKvNTk0wZZrkQxMGsUAuGW9+WMNWF2IJMD7br2yeQ=="
+    },
     "node_modules/abab": {
       "version": "2.0.6",
       "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.6.tgz",
@@ -994,16 +999,16 @@
       }
     },
     "node_modules/cloudron-manifestformat": {
-      "version": "5.20.0",
-      "resolved": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-5.20.0.tgz",
-      "integrity": "sha512-pb9jEH/69OzGiGuRb5rM0Yg1Et3uO4xBdOjFISWbyKlRufXhijVBMdciWjZl+qMDY/8L5TRaExLmISWQ1/K+pQ==",
+      "version": "5.21.0",
+      "resolved": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-5.21.0.tgz",
+      "integrity": "sha512-FG3f2v1jq0GFbJnbTi6WOlHCCpZIrKdHC7uZBMbjcAkhMmEX505NUY/QZSmxyU+Eb3qwxX/UNI+zVfbJ9jOSDA==",
       "dependencies": {
-        "cron": "^2.3.0",
+        "cron": "^2.4.3",
         "java-packagename-regex": "^1.0.0",
         "safetydance": "2.2.0",
-        "semver": "^7.4.0",
+        "semver": "^7.5.4",
         "tv4": "^1.3.0",
-        "validator": "^13.9.0"
+        "validator": "^13.11.0"
       }
     },
     "node_modules/co": {
@@ -1281,11 +1286,12 @@
       }
     },
     "node_modules/cron": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/cron/-/cron-2.4.0.tgz",
-      "integrity": "sha512-Cx77ic1TyIAtUggr0oAhtS8MLzPBUqGNIvdDM7jE3oFIxfe8LXWI9q3iQN/H2CebAiMir53LQKWOhEKnzkJTAQ==",
+      "version": "2.4.3",
+      "resolved": "https://registry.npmjs.org/cron/-/cron-2.4.3.tgz",
+      "integrity": "sha512-YBvExkQYF7w0PxyeFLRyr817YVDhGxaCi5/uRRMqa4aWD3IFKRd+uNbpW1VWMdqQy8PZ7CElc+accXJcauPKzQ==",
       "dependencies": {
-        "luxon": "^3.2.1"
+        "@types/luxon": "~3.3.0",
+        "luxon": "~3.3.0"
       }
     },
     "node_modules/cross-spawn": {
@@ -5567,9 +5573,9 @@
       }
     },
     "node_modules/validator": {
-      "version": "13.9.0",
-      "resolved": "https://registry.npmjs.org/validator/-/validator-13.9.0.tgz",
-      "integrity": "sha512-B+dGG8U3fdtM0/aNK4/X8CXq/EcxU2WPrPEkJGslb47qyHsxmbggTWK0yEA4qnYVNF+nxNlN88o14hIcPmSIEA==",
+      "version": "13.11.0",
+      "resolved": "https://registry.npmjs.org/validator/-/validator-13.11.0.tgz",
+      "integrity": "sha512-Ii+sehpSfZy+At5nPdnyMhx78fEoPDkR2XW/zimHEL3MyGJQOCQ7WeP20jPYRz7ZCpcKLB21NxuXHF3bxjStBQ==",
       "engines": {
         "node": ">= 0.10"
       }
diff --git a/package.json b/package.json
index 24f257b25..48e983777 100644
--- a/package.json
+++ b/package.json
@@ -22,7 +22,7 @@
     "aws-sdk": "^2.1426.0",
     "basic-auth": "^2.0.1",
     "body-parser": "^1.20.2",
-    "cloudron-manifestformat": "^5.20.0",
+    "cloudron-manifestformat": "^5.21.0",
     "connect": "^3.7.0",
     "connect-lastmile": "^2.1.1",
     "connect-timeout": "^1.9.0",
diff --git a/src/routes/oidc.js b/src/routes/oidc.js
index e3a9f3028..902640082 100644
--- a/src/routes/oidc.js
+++ b/src/routes/oidc.js
@@ -26,7 +26,7 @@ async function add(req, res, next) {
     if (typeof req.body.id !== 'string' || !req.body.id) return next(new HttpError(400, 'id must be non-empty string'));
     if (typeof req.body.name !== 'string' || !req.body.name) return next(new HttpError(400, 'name must be non-empty string'));
     if (typeof req.body.secret !== 'string' || !req.body.secret) return next(new HttpError(400, 'secret must be non-empty string'));
-    if (typeof req.body.loginRedirectUri !== 'string' || !req.body.loginRedirectUri) return next(new HttpError(400, 'loginRedirectUri must be non-empty string'));
+    if (typeof req.body.loginRedirectUri !== 'string') return next(new HttpError(400, 'loginRedirectUri must be non-empty string'));
     if (req.body.tokenSignatureAlgorithm !== 'EdDSA' && req.body.tokenSignatureAlgorithm !== 'RS256') return next(new HttpError(400, 'tokenSignatureAlgorithm must be either EdDSA or RS256'));
 
     // clients with appId are internal only
diff --git a/src/services.js b/src/services.js
index 92ea2eb58..cfc22d972 100644
--- a/src/services.js
+++ b/src/services.js
@@ -1970,7 +1970,7 @@ async function setupOidc(app, options) {
 
     const data = {
         secret: hat(4 * 128),
-        loginRedirectUri: options.loginRedirectUri || '/auth/openid/callback',
+        loginRedirectUri: options.loginRedirectUri || '',
         logoutRedirectUri: options.logoutRedirectUri || '',
         tokenSignatureAlgorithm: options.tokenSignatureAlgorithm || 'RS256',
         name: '',