diff --git a/internal/authz/asgardeo.go b/internal/authz/asgardeo.go
index 598d1ca..647e570 100644
--- a/internal/authz/asgardeo.go
+++ b/internal/authz/asgardeo.go
@@ -42,31 +42,17 @@ func (p *asgardeoProvider) WellKnownHandler() http.HandlerFunc {
 			return
 		}
 
-		scheme := "http"
-		if r.TLS != nil {
-			scheme = "https"
-		}
-		if forwardedProto := r.Header.Get("X-Forwarded-Proto"); forwardedProto != "" {
-			scheme = forwardedProto
-		}
-		host := r.Host
-		if forwardedHost := r.Header.Get("X-Forwarded-Host"); forwardedHost != "" {
-			host = forwardedHost
-		}
-
-		baseURL := scheme + "://" + host
-
 		issuer := strings.TrimSuffix(p.cfg.AuthServerBaseURL, "/") + "/token"
 
 		response := map[string]interface{}{
 			"issuer":                                issuer,
-			"authorization_endpoint":                baseURL + "/authorize",
-			"token_endpoint":                        baseURL + "/token",
+			"authorization_endpoint":                p.cfg.BaseURL + "/authorize",
+			"token_endpoint":                        p.cfg.BaseURL + "/token",
 			"jwks_uri":                              p.cfg.JWKSURL,
 			"response_types_supported":              []string{"code"},
 			"grant_types_supported":                 []string{"authorization_code", "refresh_token"},
 			"token_endpoint_auth_methods_supported": []string{"client_secret_basic"},
-			"registration_endpoint":                 baseURL + "/register",
+			"registration_endpoint":                 p.cfg.BaseURL + "/register",
 			"code_challenge_methods_supported":      []string{"plain", "S256"},
 		}
 
diff --git a/internal/authz/default.go b/internal/authz/default.go
index 8b58fa0..4f6647d 100644
--- a/internal/authz/default.go
+++ b/internal/authz/default.go
@@ -40,31 +40,17 @@ func (p *defaultProvider) WellKnownHandler() http.HandlerFunc {
 				// Use configured response values
 				responseConfig := pathConfig.Response
 
-				// Get current host for proxy endpoints
-				scheme := "http"
-				if r.TLS != nil {
-					scheme = "https"
-				}
-				if forwardedProto := r.Header.Get("X-Forwarded-Proto"); forwardedProto != "" {
-					scheme = forwardedProto
-				}
-				host := r.Host
-				if forwardedHost := r.Header.Get("X-Forwarded-Host"); forwardedHost != "" {
-					host = forwardedHost
-				}
-				baseURL := scheme + "://" + host
-
 				authorizationEndpoint := responseConfig.AuthorizationEndpoint
 				if authorizationEndpoint == "" {
-					authorizationEndpoint = baseURL + "/authorize"
+					authorizationEndpoint = p.cfg.BaseURL + "/authorize"
 				}
 				tokenEndpoint := responseConfig.TokenEndpoint
 				if tokenEndpoint == "" {
-					tokenEndpoint = baseURL + "/token"
+					tokenEndpoint = p.cfg.BaseURL + "/token"
 				}
-				registraionEndpoint := responseConfig.RegistrationEndpoint
-				if registraionEndpoint == "" {
-					registraionEndpoint = baseURL + "/register"
+				registrationEndpoint := responseConfig.RegistrationEndpoint
+				if registrationEndpoint == "" {
+					registrationEndpoint = p.cfg.BaseURL + "/register"
 				}
 
 				// Build response from config
@@ -76,7 +62,7 @@ func (p *defaultProvider) WellKnownHandler() http.HandlerFunc {
 					"response_types_supported":              responseConfig.ResponseTypesSupported,
 					"grant_types_supported":                 responseConfig.GrantTypesSupported,
 					"token_endpoint_auth_methods_supported": []string{"client_secret_basic"},
-					"registration_endpoint":                 registraionEndpoint,
+					"registration_endpoint":                 registrationEndpoint,
 					"code_challenge_methods_supported":      responseConfig.CodeChallengeMethodsSupported,
 				}