diff --git a/cmd/owl/web/auth_test.go b/cmd/owl/web/auth_test.go
index 844b598..78ea651 100644
--- a/cmd/owl/web/auth_test.go
+++ b/cmd/owl/web/auth_test.go
@@ -69,6 +69,7 @@ func TestAuthPostCorrectPassword(t *testing.T) {
 	assertions.AssertStatus(t, rr, http.StatusFound)
 	assertions.AssertContains(t, rr.Header().Get("Location"), "code=")
 	assertions.AssertContains(t, rr.Header().Get("Location"), "state=test_state")
+	assertions.AssertContains(t, rr.Header().Get("Location"), "iss="+user.FullUrl())
 	assertions.AssertContains(t, rr.Header().Get("Location"), "http://example.com/response")
 }
 
diff --git a/cmd/owl/web/handler.go b/cmd/owl/web/handler.go
index 0bf1d22..10e7d36 100644
--- a/cmd/owl/web/handler.go
+++ b/cmd/owl/web/handler.go
@@ -394,8 +394,9 @@ func userAuthVerifyHandler(repo *owl.Repository) func(http.ResponseWriter, *http
 			}
 			http.Redirect(w, r,
 				fmt.Sprintf(
-					"%s?code=%s&state=%s",
+					"%s?code=%s&state=%s&iss=%s",
 					redirect_uri, code, state,
+					user.AuthUrl(),
 				),
 				http.StatusFound,
 			)