diff --git a/Presenters/LoginPresenter.php b/Presenters/LoginPresenter.php
index 600f30861..ac504c4d6 100644
--- a/Presenters/LoginPresenter.php
+++ b/Presenters/LoginPresenter.php
@@ -385,7 +385,11 @@ public function GetKeycloakUrl()
     public function GetOauth2Url()
     {
         // Retrieve Oauth2 configuration values
-        $baseUrl = rtrim(Configuration::Instance()->GetKey(ConfigKeys::AUTHENTICATION_OAUTH2_URL_AUTHORIZE), '/');
+        $trailingSlash = Configuration::Instance()->GetKey(ConfigKeys::AUTHENTICATION_OAUTH2_TRAILING_SLASH);
+        $baseUrl = Configuration::Instance()->GetKey(ConfigKeys::AUTHENTICATION_OAUTH2_URL_AUTHORIZE);
+        if (!$trailingSlash) {
+            $baseUrl = rtrim($baseUrl, '/');
+        }
         $clientId = Configuration::Instance()->GetKey(ConfigKeys::AUTHENTICATION_OAUTH2_CLIENT_ID);
         $redirectUri = $this->buildRedirectUri(Configuration::Instance()->GetKey(ConfigKeys::AUTHENTICATION_OAUTH2_REDIRECT_URI));
 
diff --git a/config/config.dist.php b/config/config.dist.php
index e5cdd6a47..ce4242978 100644
--- a/config/config.dist.php
+++ b/config/config.dist.php
@@ -705,6 +705,8 @@
             'oauth2.name' => 'OAuth2',
 
             # OAuth2 endpoint URLs and client credentials
+            # If true, keep the configured authorize URL's trailing slash; if false, trim it with rtrim()
+            'oauth2.trailing.slash' => false,
             'oauth2.url.authorize' => '',
             'oauth2.url.token' => '',
             'oauth2.url.userinfo' => '',
diff --git a/lib/Config/ConfigKeys.php b/lib/Config/ConfigKeys.php
index 99a14eb51..d997cca79 100644
--- a/lib/Config/ConfigKeys.php
+++ b/lib/Config/ConfigKeys.php
@@ -1491,6 +1491,14 @@ class ConfigKeys
         'description' => 'Display name for OAuth2 login',
         'section' => 'authentication'
     ];
+    public const AUTHENTICATION_OAUTH2_TRAILING_SLASH = [
+        'key' => 'authentication.oauth2.trailing.slash',
+        'type' => 'boolean',
+        'default' => false,
+        'label' => 'Preserve authorize URL trailing slash',
+        'description' => 'When enabled, preserves any trailing slash on the OAuth2 authorize URL; when disabled, removes a trailing slash if present. Does not affect token or userinfo URLs.',
+        'section' => 'authentication'
+    ];
     public const AUTHENTICATION_OAUTH2_URL_AUTHORIZE = [
         'key' => 'authentication.oauth2.url.authorize',
         'type' => 'string',