diff --git a/DysonNetwork.Pass/Auth/OidcProvider/Controllers/OidcProviderController.cs b/DysonNetwork.Pass/Auth/OidcProvider/Controllers/OidcProviderController.cs
index 0377e44..70da513 100644
--- a/DysonNetwork.Pass/Auth/OidcProvider/Controllers/OidcProviderController.cs
+++ b/DysonNetwork.Pass/Auth/OidcProvider/Controllers/OidcProviderController.cs
@@ -156,7 +156,7 @@ public class OidcProviderController(
             if (!string.IsNullOrEmpty(state)) queryParams["state"] = state;
 
             errorUri.Query = queryParams.ToString();
-            return Redirect(errorUri.Uri.ToString());
+            return Ok(new { redirectUri = errorUri.Uri.ToString() });
         }
 
         // Validate redirect_uri if provided
@@ -201,7 +201,7 @@ public class OidcProviderController(
 
             redirectBuilder.Query = queryParams.ToString();
 
-            return Redirect(redirectBuilder.Uri.ToString());
+            return Ok(new { redirectUri = redirectBuilder.Uri.ToString() });
         }
         catch (Exception ex)
         {
diff --git a/DysonNetwork.Pass/Client/src/views/authorize.vue b/DysonNetwork.Pass/Client/src/views/authorize.vue
index 170566c..aab15cd 100644
--- a/DysonNetwork.Pass/Client/src/views/authorize.vue
+++ b/DysonNetwork.Pass/Client/src/views/authorize.vue
@@ -169,15 +169,15 @@ function handleDeny() {
     error_description: 'The user denied the authorization request',
     state: state,
   })
-  window.location.href = `${redirectUri}?${params}`
+  window.open(`${redirectUri}?${params}`, "_self")
 }
 
 function openTerms() {
-  window.open(clientInfo.value?.terms_of_service_uri || 'https://example.com/terms', '_blank')
+  window.open(clientInfo.value?.terms_of_service_uri || '#', "_blank")
 }
 
 function openPrivacy() {
-  window.open(clientInfo.value?.privacy_policy_uri || 'https://example.com/privacy', '_blank')
+  window.open(clientInfo.value?.privacy_policy_uri || '#', "_blank")
 }
 
 // Lifecycle