diff --git a/core/server/services/auth/members/index.js b/core/server/services/auth/members/index.js
index a8ec9648d6..b0ffe17b7a 100644
--- a/core/server/services/auth/members/index.js
+++ b/core/server/services/auth/members/index.js
@@ -18,11 +18,11 @@ module.exports = {
             const {protocol, host} = url.parse(config.get('url'));
             const siteOrigin = `${protocol}//${host}`;
 
-            UNO_MEMBERINO = jwt({
+            UNO_MEMBERINO = membersService.getPublicConfig().then(({issuer}) => jwt({
                 credentialsRequired: false,
                 requestProperty: 'member',
                 audience: siteOrigin,
-                issuer: siteOrigin,
+                issuer,
                 algorithm: 'RS512',
                 secret(req, payload, done) {
                     membersService.getPublicConfig().then(({publicKey}) => {
@@ -42,8 +42,10 @@ module.exports = {
 
                     return credentials;
                 }
-            });
+            }));
         }
-        return UNO_MEMBERINO;
+        return function (req, res, next) {
+            UNO_MEMBERINO.then(fn => fn(req, res, next)).catch(next);
+        };
     }
 };
diff --git a/core/server/services/members/api.js b/core/server/services/members/api.js
index 99721fce41..d2ab5e94a0 100644
--- a/core/server/services/members/api.js
+++ b/core/server/services/members/api.js
@@ -116,16 +116,8 @@ const siteOrigin = doBlock(() => {
     return `${protocol}//${host}`;
 });
 
-const getApiUrl = ({version, type}) => {
-    const {href} = new url.URL(
-        urlUtils.getApiPath({version, type}),
-        siteUrl
-    );
-    return href;
-};
-
-const contentApiUrl = getApiUrl({version: 'v2', type: 'content'});
-const membersApiUrl = getApiUrl({version: 'v2', type: 'members'});
+const contentApiUrl = urlUtils.urlFor('api', {version: 'v2', type: 'content'}, true);
+const membersApiUrl = urlUtils.urlFor('api', {version: 'v2', type: 'members'}, true);
 
 const accessControl = {
     [siteOrigin]: {