diff --git a/.env.example b/.env.example
index 865661081..158eec76d 100644
--- a/.env.example
+++ b/.env.example
@@ -13,6 +13,12 @@ GEMINI_API_KEY=your-gemini-api-key-here
 GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com
 GOOGLE_CLIENT_SECRET=your-client-secret
 
+# OAuth Redirect URI (must match Google OAuth credentials exactly)
+# For production with nginx routing through /admin:
+GOOGLE_OAUTH_REDIRECT_URI=https://sales-agent.scope3.com/admin/auth/google/callback
+# For local development (if using nginx):
+# GOOGLE_OAUTH_REDIRECT_URI=http://localhost/admin/auth/google/callback
+
 # Method 2: File path (legacy - not recommended)
 # GOOGLE_OAUTH_CREDENTIALS_FILE=/path/to/client_secret.json
 
diff --git a/src/admin/blueprints/auth.py b/src/admin/blueprints/auth.py
index 7730e4d9d..7a37ac5fd 100644
--- a/src/admin/blueprints/auth.py
+++ b/src/admin/blueprints/auth.py
@@ -136,17 +136,29 @@ def google_auth():
     # Get redirect URI - must match what's configured in Google OAuth credentials
     # Note: In production with nginx, the path is /admin/auth/google/callback
     # but Flask only knows about /auth/google/callback
+
+    # Debug: Log request context
+    logger.info(f"OAuth initiation - Request URL: {request.url}")
+    logger.info(f"OAuth initiation - Request host: {request.host}")
+    logger.info(f"OAuth initiation - Request scheme: {request.scheme}")
+
     redirect_uri = os.environ.get("GOOGLE_OAUTH_REDIRECT_URI")
-    if not redirect_uri:
+    if redirect_uri:
+        logger.info(f"Using GOOGLE_OAUTH_REDIRECT_URI from env: {redirect_uri}")
+    else:
         # Build the URL with /admin prefix for nginx routing
         base_url = url_for("auth.google_callback", _external=True)
+        logger.info(f"Generated base URL: {base_url}")
+
         # If the base URL doesn't already have /admin, prepend it
         if "/admin/" not in base_url:
             redirect_uri = base_url.replace("/auth/google/callback", "/admin/auth/google/callback")
+            logger.info(f"Added /admin prefix, final URI: {redirect_uri}")
         else:
             redirect_uri = base_url
+            logger.info(f"URL already has /admin prefix: {redirect_uri}")
 
-    logger.info(f"OAuth redirect URI: {redirect_uri}")
+    logger.warning(f"========== FINAL OAuth redirect URI: {redirect_uri} ==========")
 
     # Simple OAuth flow - no tenant context preservation needed
     return oauth.google.authorize_redirect(redirect_uri)
diff --git a/templates/choose_tenant.html b/templates/choose_tenant.html
index e17aa7c50..9b3f7fd05 100644
--- a/templates/choose_tenant.html
+++ b/templates/choose_tenant.html
@@ -13,10 +13,10 @@ <h2>Select Account</h2>
 
     <form method="POST" action="{{ url_for('auth.select_tenant') }}">
         <div style="margin-bottom: 2rem;">
-            {% for tenant_id, tenant_name in tenants %}
+            {% for tenant in tenants %}
             <label style="display: block; padding: 1rem; margin-bottom: 0.5rem; border: 1px solid #ddd; border-radius: 4px; cursor: pointer;">
-                <input type="radio" name="tenant_id" value="{{ tenant_id }}" style="margin-right: 0.5rem;">
-                <strong>{{ tenant_name }}</strong> <span style="color: #666;">({{ tenant_id }})</span>
+                <input type="radio" name="tenant_id" value="{{ tenant.tenant_id }}" style="margin-right: 0.5rem;">
+                <strong>{{ tenant.name }}</strong> <span style="color: #666;">({{ tenant.tenant_id }})</span>
             </label>
             {% endfor %}
         </div>