diff --git a/core/server/web/oauth/app.js b/core/server/web/oauth/app.js
index 77a1ffb77c..68a37cd083 100644
--- a/core/server/web/oauth/app.js
+++ b/core/server/web/oauth/app.js
@@ -36,11 +36,10 @@ module.exports = function setupOAuthApp() {
      */
     function googleOAuthMiddleware(clientId, secret) {
         return (req, res, next) => {
-            // TODO: use url config instead of the string /ghost
+            const adminURL = urlUtils.urlFor('admin', true);
 
             //Create the callback url to be sent to Google
-            const callbackUrl = new URL(urlUtils.getSiteUrl());
-            callbackUrl.pathname = '/ghost/oauth/google/callback';
+            const callbackUrl = new URL('oauth/google/callback', adminURL);
 
             passport.authenticate(new GoogleStrategy({
                 clientID: clientId,
@@ -55,7 +54,7 @@ module.exports = function setupOAuthApp() {
                     const emails = profile.emails.filter(email => email.verified === true).map(email => email.value);
 
                     if (!emails.includes(req.user.get('email'))) {
-                        return res.redirect('/ghost/#/staff/?message=oauth-linking-failed');
+                        return res.redirect(new URL('#/staff?message=oauth-linking-failed', adminURL));
                     }
 
                     // TODO: configure the oauth data for this user (row in the oauth table)
@@ -70,7 +69,7 @@ module.exports = function setupOAuthApp() {
                     //TODO: instead find the oauth row with the email use the provider id
                     const emails = profile.emails.filter(email => email.verified === true);
                     if (emails.length < 1) {
-                        return res.redirect('/ghost/#/signin?message=login-failed');
+                        return res.redirect(new URL('#/signin?message=login-failed', adminURL));
                     }
                     const email = emails[0].value;
 
@@ -85,7 +84,7 @@ module.exports = function setupOAuthApp() {
                         let invite = await models.Invite.findOne({email, status: 'sent'}, options);
 
                         if (!invite || invite.get('expires') < Date.now()) {
-                            return res.redirect('/ghost/#/signin?message=login-failed');
+                            return res.redirect(new URL('#/signin?message=login-failed', adminURL));
                         }
 
                         //Accept invite
@@ -106,7 +105,7 @@ module.exports = function setupOAuthApp() {
 
                 await auth.session.sessionService.createSessionForUser(req, res, req.user);
 
-                return res.redirect('/ghost/');
+                return res.redirect(adminURL);
             }), {
                 scope: ['profile', 'email'],
                 session: false,
@@ -133,7 +132,7 @@ module.exports = function setupOAuthApp() {
 
     oauthApp.get('/:provider/callback', (req, res, next) => {
         // Set the referrer as the ghost instance domain so that the session is linked to the ghost instance domain
-        req.headers.referrer = urlUtils.getSiteUrl();
+        req.headers.referrer = urlUtils.getAdminUrl();
         next();
     }, auth.authenticate.authenticateAdminApi, (req, res, next) => {
         if (req.params.provider !== 'google') {