diff --git a/src/oidc.js b/src/oidc.js
index 555b1f433..a42fcdecf 100644
--- a/src/oidc.js
+++ b/src/oidc.js
@@ -2,7 +2,12 @@
 
 exports = module.exports = {
     getProvider,
-    attachInteractionRoutes
+    routes: {
+        renderInteractionPage,
+        interactionLogin,
+        interactionConfirm,
+        interactionAbort
+    }
 };
 
 const assert = require('assert'),
@@ -174,20 +179,11 @@ class CloudronAdapter {
     }
 }
 
-function attachInteractionRoutes(routePrefix, app, provider) {
+function renderInteractionPage(routePrefix, provider) {
     assert.strictEqual(typeof routePrefix, 'string');
-    assert.strictEqual(typeof app, 'function'); // express app
     assert.strictEqual(typeof provider, 'object');
 
-    function setNoCache(req, res, next) {
-        res.set('cache-control', 'no-store');
-        next();
-    }
-
-    // FIXME duplicate, all those routes should go to server.js
-    const json = middleware.json({ strict: true, limit: '2mb' }); // application/json
-
-    app.get(routePrefix + '/interaction/:uid', setNoCache, async (req, res, next) => {
+    return async function (req, res, next) {
         try {
             const { uid, prompt, params, session } = await provider.interactionDetails(req, res);
             console.log('details', await provider.interactionDetails(req, res));
@@ -236,9 +232,13 @@ function attachInteractionRoutes(routePrefix, app, provider) {
 
             return next(error);
         }
-    });
+    };
+}
 
-    app.post(routePrefix + '/interaction/:uid/login', json, setNoCache, async (req, res, next) => {
+function interactionLogin(provider) {
+    assert.strictEqual(typeof provider, 'object');
+
+    return async function(req, res, next) {
         const [detailsError, details] = await safe(provider.interactionDetails(req, res));
         if (detailsError) return next(new HttpError(500, detailsError));
 
@@ -277,9 +277,13 @@ function attachInteractionRoutes(routePrefix, app, provider) {
         debug(`route interaction login post result redirectTo:${redirectTo}`);
 
         res.status(200).send({ redirectTo });
-    });
+    };
+}
 
-    app.post(routePrefix + '/interaction/:uid/confirm', json, setNoCache, async (req, res, next) => {
+function interactionConfirm(provider) {
+    assert.strictEqual(typeof provider, 'object');
+
+    return async function (req, res, next) {
         try {
             const interactionDetails = await provider.interactionDetails(req, res);
             const { uid, prompt: { name, details }, params, session: { accountId } } = interactionDetails;
@@ -328,9 +332,13 @@ function attachInteractionRoutes(routePrefix, app, provider) {
         } catch (err) {
             next(err);
         }
-    });
+    };
+}
 
-    app.get(routePrefix + '/interaction/:uid/abort', setNoCache, async (req, res, next) => {
+function interactionAbort(provider) {
+    assert.strictEqual(typeof provider, 'object');
+
+    return async function (req, res, next) {
         debug(`route interaction abort`);
 
         try {
@@ -342,7 +350,7 @@ function attachInteractionRoutes(routePrefix, app, provider) {
         } catch (err) {
             next(err);
         }
-    });
+    };
 }
 
 /**
diff --git a/src/server.js b/src/server.js
index 1fa700714..6ab83e85d 100644
--- a/src/server.js
+++ b/src/server.js
@@ -39,6 +39,11 @@ async function initializeExpressSync() {
     const json = middleware.json({ strict: true, limit: QUERY_LIMIT }), // application/json
         urlencoded = middleware.urlencoded({ extended: false, limit: QUERY_LIMIT }); // application/x-www-form-urlencoded
 
+    function setNoCache(req, res, next) {
+        res.set('cache-control', 'no-store');
+        next();
+    }
+
     app.set('json spaces', 2); // pretty json
 
     // for rate limiting
@@ -373,11 +378,16 @@ async function initializeExpressSync() {
     // OpenID connect
     const oidcPrefix = '/api/v1/oidc';
     const oidcProvider = await oidc.getProvider(oidcPrefix);
-    oidc.attachInteractionRoutes(oidcPrefix, app, oidcProvider);
-    app.use(oidcPrefix, oidcProvider.callback());
     app.set('views', path.join(__dirname, 'oidc_templates'));
     app.set('view engine', 'ejs');
 
+    router.get ('/api/v1/oidc/interaction/:uid',          setNoCache,       oidc.routes.renderInteractionPage(oidcPrefix, oidcProvider));
+    router.post('/api/v1/oidc/interaction/:uid/login',    setNoCache, json, oidc.routes.interactionLogin(oidcProvider));
+    router.post('/api/v1/oidc/interaction/:uid/confirm',  setNoCache, json, oidc.routes.interactionConfirm(oidcProvider));
+    router.get ('/api/v1/oidc/interaction/:uid/abort',    setNoCache,       oidc.routes.interactionAbort(oidcProvider));
+
+    app.use(oidcPrefix, oidcProvider.callback());
+
     // disable server socket "idle" timeout. we use the timeout middleware to handle timeouts on a route level
     // we rely on nginx for timeouts on the TCP level (see client_header_timeout)
     httpServer.setTimeout(0);