diff --git a/areas/auth/auth.py b/areas/auth/auth.py
index b7a05ebde77d2da4086105ab2b1a8ed5cf8c69d7..098ed0aae544583234649683c295a5727af0a961 100644
--- a/areas/auth/auth.py
+++ b/areas/auth/auth.py
@@ -19,10 +19,14 @@ def login():
 @cross_origin()
 def hydra_callback():
     state = request.args.get("state")
+    code = request.args.get("code")
     if state == None:
         raise BadRequest("Missing state query param")
 
-    token = HydraOauth.get_token(state)
+    if code == None:
+        raise BadRequest("Missing code query param")
+
+    token = HydraOauth.get_token(state, code)
     access_token = create_access_token(
         identity=token, expires_delta=timedelta(days=365)
     )
diff --git a/helpers/hydra_oauth.py b/helpers/hydra_oauth.py
index cdf7923456ed73ac567d3e53a0123f967d192ee5..e29e10a45ac1aca99de0610c6123f58226b92d30 100644
--- a/helpers/hydra_oauth.py
+++ b/helpers/hydra_oauth.py
@@ -24,14 +24,14 @@ class HydraOauth:
             raise HydraError(str(err), 500)
 
     @staticmethod
-    def get_token(state):
+    def get_token(state, code):
         try:
             hydra = OAuth2Session(HYDRA_CLIENT_ID, state=state)
             token = hydra.fetch_token(
                 TOKEN_URL,
+                code=code,
+                state=state,
                 client_secret=HYDRA_CLIENT_SECRET,
-                authorization_response="https://dashboard.init.stackspin.net"
-                + request.path,
             )
 
             session["hydra_token"] = token