diff --git a/Oqtane.Client/Modules/Admin/Users/Index.razor b/Oqtane.Client/Modules/Admin/Users/Index.razor
index f36ed1dc..0a05bcf8 100644
--- a/Oqtane.Client/Modules/Admin/Users/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Index.razor
@@ -154,6 +154,12 @@ else
 							<input id="clientsecret" class="form-control" @bind="@_clientsecret" />
 						</div>
 					</div>
+					<div class="row mb-1 align-items-center">
+						<Label Class="col-sm-3" For="redirecturl" HelpText="The Redirect Url (or Callback Url) Which May Need To Be Registered With The OpenID Connect Provider" ResourceKey="RedirectUrl">Redirect Url:</Label>
+						<div class="col-sm-9">
+							<input id="redirecturl" class="form-control" @bind="@_redirecturl" readonly />
+						</div>
+					</div>
 					<div class="row mb-1 align-items-center">
 						<Label Class="col-sm-3" For="metadata" HelpText="The Discovery Endpoint For Obtaining Metadata. Only Specify If The OpenID Connect Provider Does Not Use The Standard Approach (ie. /.well-known/openid-configuration)" ResourceKey="Metadata">Metadata Address:</Label>
 						<div class="col-sm-9">
@@ -201,6 +207,7 @@ else
 	private string _authority;
 	private string _clientid;
 	private string _clientsecret;
+	private string _redirecturl;
 	private string _metadata;
 	private string _logouturl;
 	private string _allowsitelogin;
@@ -227,6 +234,7 @@ else
 		_authority = SettingService.GetSetting(settings, "OpenIdConnectOptions:Authority", "");
 		_clientid = SettingService.GetSetting(settings, "OpenIdConnectOptions:ClientId", "");
 		_clientsecret = SettingService.GetSetting(settings, "OpenIdConnectOptions:ClientSecret", "");
+		_redirecturl = PageState.Alias.Name + "/signin-oidc";
 		_metadata = SettingService.GetSetting(settings, "OpenIdConnectOptions:MetadataAddress", "");
 		_logouturl = SettingService.GetSetting(settings, "OpenIdConnectOptions:LogoutUrl", "");
 		_allowsitelogin = SettingService.GetSetting(settings, "AllowSiteLogin", "true");
diff --git a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
index 09953d86..b6a5f38e 100644
--- a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
@@ -81,12 +81,14 @@ namespace Oqtane.Extensions
 
         private static async Task OnTokenValidated(TokenValidatedContext context)
         {
-            var email = context.Principal.FindFirstValue(ClaimTypes.Email);
             var providerKey = context.Principal.FindFirstValue(ClaimTypes.NameIdentifier);
             var loginProvider = context.HttpContext.GetAlias().SiteSettings["OpenIdConnectOptions:Authority"];
             var alias = context.HttpContext.GetAlias();
             var _logger = context.HttpContext.RequestServices.GetRequiredService<ILogManager>();
 
+            // custom logic may be needed here to manipulate Principal sent by Provider - use interface similar to IClaimsTransformation
+
+            var email = context.Principal.FindFirstValue(ClaimTypes.Email);
             if (email != null)
             {
                 var _identityUserManager = context.HttpContext.RequestServices.GetRequiredService<UserManager<IdentityUser>>();
@@ -208,7 +210,7 @@ namespace Oqtane.Extensions
             }
             else
             {
-                _logger.Log(LogLevel.Information, nameof(OqtaneSiteAuthenticationBuilderExtensions), Enums.LogFunction.Security, "OpenId Connect Provider Did Not Return An Email Claim");
+                _logger.Log(LogLevel.Information, nameof(OqtaneSiteAuthenticationBuilderExtensions), Enums.LogFunction.Security, "OpenID Connect Provider Did Not Return An Email Claim To Uniquely Identify The User");
             }
         }
 
@@ -236,7 +238,7 @@ namespace Oqtane.Extensions
         private static Task OnAccessDenied(AccessDeniedContext context)
         {
             var _logger = context.HttpContext.RequestServices.GetRequiredService<ILogManager>();
-            _logger.Log(LogLevel.Information, nameof(OqtaneSiteAuthenticationBuilderExtensions), Enums.LogFunction.Security, "OpenId Connect Access Denied - User May Have Cancelled Their External Login Attempt");
+            _logger.Log(LogLevel.Information, nameof(OqtaneSiteAuthenticationBuilderExtensions), Enums.LogFunction.Security, "OpenID Connect Access Denied - User May Have Cancelled Their External Login Attempt");
             // redirect to login page
             var alias = context.HttpContext.GetAlias();
             context.Response.Redirect(alias.Path + "/login?returnurl=" + context.Properties.RedirectUri);
@@ -247,9 +249,10 @@ namespace Oqtane.Extensions
         private static Task OnRemoteFailure(RemoteFailureContext context)
         {
             var _logger = context.HttpContext.RequestServices.GetRequiredService<ILogManager>();
-            _logger.Log(LogLevel.Error, nameof(OqtaneSiteAuthenticationBuilderExtensions), Enums.LogFunction.Security, "OpenId Connect Remote Failure - {Error}", context.Failure.Message);
-            // redirect to original page
-            context.Response.Redirect(context.Properties.RedirectUri);
+            _logger.Log(LogLevel.Error, nameof(OqtaneSiteAuthenticationBuilderExtensions), Enums.LogFunction.Security, "OpenID Connect Remote Failure - {Error}", context.Failure.Message);
+            // redirect to login page
+            var alias = context.HttpContext.GetAlias();
+            context.Response.Redirect(alias.Path + "/login?returnurl=" + context.Properties.RedirectUri);
             context.HandleResponse();
             return Task.CompletedTask;
         }