diff --git a/client/js/socket-events/auth.ts b/client/js/socket-events/auth.ts
index 8c598e32..56103c7c 100644
--- a/client/js/socket-events/auth.ts
+++ b/client/js/socket-events/auth.ts
@@ -29,6 +29,7 @@ socket.on("auth:failed", async function () {
 socket.on("auth:start", async function (data) {
 	const serverHash = data.serverHash;
 	const openidEnabled = data.openidEnabled;
+	const openidInit = data.openidInit;
 	// If we reconnected and serverHash differs, that means the server restarted
 	// And we will reload the page to grab the latest version
 	if (lastServerHash && serverHash !== lastServerHash) {
@@ -75,10 +76,11 @@ socket.on("auth:start", async function (data) {
 			openChannel,
 			hasConfig: store.state.serverConfiguration !== null,
 		});
-	} else if (openidEnabled) {
-		// TODO: OpenID check for parameters before sending
+	} else if (openidEnabled && window.location.search.includes("code=")) {
 		socket.emit("auth:perform", {user: "", password: window.location.href});
 		window.history.replaceState({}, document.title, "/");
+	} else if (openidEnabled) {
+		window.location.replace(openidInit);
 	} else {
 		await showSignIn();
 	}
diff --git a/server/server.ts b/server/server.ts
index de11ff9e..b5e55c78 100644
--- a/server/server.ts
+++ b/server/server.ts
@@ -76,6 +76,8 @@ var issuer: Issuer;
 
 var openidClient: BaseClient;
 
+var issuerURL: string;
+
 let manager: ClientManager | null = null;
 
 export default async function (
@@ -125,6 +127,7 @@ export default async function (
 		code_challenge_method: "S256",
 	});
 	log.info(redirectUrl);
+	issuerURL = redirectUrl;
 
 	if (Config.values.fileUpload.enable) {
 		Uploader.router(app);
@@ -272,6 +275,7 @@ export default async function (
 				socket.emit("auth:start", {
 					serverHash,
 					openidEnabled: Config.values.openid.enable && !Config.values.public,
+					openidInit: issuerURL,
 				});
 			}
 		});
@@ -1041,7 +1045,6 @@ async function performAuthentication(this: Socket, data) {
 	}
 
 	if (Config.values.openid.enable) {
-		log.info(data.password);
 		// TODO: OpenID handle error if data.password is invalid
 		try {
 			const tokenSet = await openidClient.callback(
@@ -1054,6 +1057,7 @@ async function performAuthentication(this: Socket, data) {
 			const userinfo = await openidClient.userinfo(tokenSet);
 			data.user = userinfo[Config.values.openid.usernameClaim];
 		} catch (e) {
+			// Guaranteed to fail, probably
 			data.user = "";
 			data.password = "";
 		}
diff --git a/server/types/socket-events.d.ts b/server/types/socket-events.d.ts
index 0a25cc26..b48ee0f6 100644
--- a/server/types/socket-events.d.ts
+++ b/server/types/socket-events.d.ts
@@ -19,7 +19,7 @@ type Session = {
 
 interface ServerToClientEvents {
 	"auth:failed": () => void;
-	"auth:start": (data: {serverHash: number; openidEnabled}) => void;
+	"auth:start": (data: {serverHash: number; openidEnabled; openidInit: string}) => void;
 	"auth:success": () => void;
 
 	"upload:auth": (token: string) => void;