diff --git a/api/api.go b/api/api.go
index 7663008..7a238cb 100644
--- a/api/api.go
+++ b/api/api.go
@@ -12,6 +12,7 @@ import (
 	"log/slog"
 	"math/big"
 	"net/http"
+	"net/url"
 	"strings"
 	"sync"
 	"time"
@@ -2367,7 +2368,12 @@ func (h *handler) oauthCallback(c *gin.Context) {
 	if frontendURL == "" {
 		frontendURL = "http://localhost:3000"
 	}
-	targetURL := fmt.Sprintf("%s/login?public_token=%s", strings.TrimSuffix(frontendURL, "/"), publicToken)
+	targetURL := fmt.Sprintf("%s/login?public_token=%s&userId=%s&email=%s&role=%s",
+		strings.TrimSuffix(frontendURL, "/"),
+		publicToken,
+		user.ID,
+		url.QueryEscape(user.Email),
+		user.Role)
 	c.Redirect(http.StatusTemporaryRedirect, targetURL)
 }
 
diff --git a/cmd/accountsvc/main.go b/cmd/accountsvc/main.go
index abb5429..98a9685 100644
--- a/cmd/accountsvc/main.go
+++ b/cmd/accountsvc/main.go
@@ -261,17 +261,25 @@ func runServer(ctx context.Context, cfg *config.Config, logger *slog.Logger) err
 	oauthProviders := make(map[string]auth.OAuthProvider)
 	if cfg.Auth.Enable {
 		if cfg.Auth.OAuth.GitHub.ClientID != "" {
+			redirectURL := cfg.Auth.OAuth.GitHub.RedirectURL
+			if redirectURL == "" {
+				redirectURL = cfg.Auth.OAuth.RedirectURL
+			}
 			oauthProviders["github"] = auth.NewGitHubProvider(
 				cfg.Auth.OAuth.GitHub.ClientID,
 				cfg.Auth.OAuth.GitHub.ClientSecret,
-				cfg.Auth.OAuth.RedirectURL,
+				redirectURL,
 			)
 		}
 		if cfg.Auth.OAuth.Google.ClientID != "" {
+			redirectURL := cfg.Auth.OAuth.Google.RedirectURL
+			if redirectURL == "" {
+				redirectURL = cfg.Auth.OAuth.RedirectURL
+			}
 			oauthProviders["google"] = auth.NewGoogleProvider(
 				cfg.Auth.OAuth.Google.ClientID,
 				cfg.Auth.OAuth.Google.ClientSecret,
-				cfg.Auth.OAuth.RedirectURL,
+				redirectURL,
 			)
 		}
 	}
diff --git a/config/account.yaml b/config/account.yaml
index 3a9e810..810f316 100644
--- a/config/account.yaml
+++ b/config/account.yaml
@@ -7,11 +7,20 @@ auth:
   enable: true
   token:
     # Fixed token authentication mechanism
-    publicToken: "xcontrol-public-token-2024"
-    refreshSecret: "xcontrol-refresh-secret-2024"
-    accessSecret: "xcontrol-access-secret-2024"
-    accessExpiry: "1h"
-    refreshExpiry: "168h"
+    publicToken: "${AUTH_TOKEN_PUBLIC_TOKEN:-xcontrol-public-token-2024}"
+    refreshSecret: "${AUTH_TOKEN_REFRESH_SECRET:-xcontrol-refresh-secret-2024}"
+    accessSecret: "${AUTH_TOKEN_ACCESS_SECRET:-xcontrol-access-secret-2024}"
+    accessExpiry: "${AUTH_TOKEN_ACCESS_EXPIRY:-1h}"
+    refreshExpiry: "${AUTH_TOKEN_REFRESH_EXPIRY:-168h}"
+  oauth:
+    redirectUrl: "${OAUTH_REDIRECT_URL}"
+    frontendUrl: "${OAUTH_FRONTEND_URL:-https://console.svc.plus}"
+    github:
+      clientId: "${GITHUB_CLIENT_ID}"
+      clientSecret: "${GITHUB_CLIENT_SECRET}"
+    google:
+      clientId: "${GOOGLE_CLIENT_ID}"
+      clientSecret: "${GOOGLE_CLIENT_SECRET}"
 
 server:
   addr: ":8080"
diff --git a/config/config.go b/config/config.go
index 1142ce7..b5ebda6 100644
--- a/config/config.go
+++ b/config/config.go
@@ -93,6 +93,7 @@ type OAuth struct {
 type OAuthProvider struct {
 	ClientID     string `yaml:"clientId"`
 	ClientSecret string `yaml:"clientSecret"`
+	RedirectURL  string `yaml:"redirectUrl"`
 }
 
 // Token defines token authentication configuration.