diff --git a/core/src/main/scala/Config.scala b/core/src/main/scala/Config.scala
index c7287dc5..6d8f55a0 100644
--- a/core/src/main/scala/Config.scala
+++ b/core/src/main/scala/Config.scala
@@ -140,7 +140,7 @@ object ScmConfig {
       s"$oauth/token"
 
     val loginEndpoint: String =
-      s"$oauth/login/oauth/authorize?client_id=$clientId&redirect_uri=${encodeURI(redirectUri)}&scope=$scope"
+      s"$oauth/authorize?client_id=$clientId&redirect_uri=${encodeURI(redirectUri)}&response_type=code"
 
     val userEndpoint: String =
       s"$api/user"
diff --git a/etc/development/http/http.dev.cfg b/etc/development/http/http.dev.cfg
index eff73432..7cfeafaa 100644
--- a/etc/development/http/http.dev.cfg
+++ b/etc/development/http/http.dev.cfg
@@ -39,7 +39,7 @@ nelson {
     # with github. when set to `true` this will force the system to "auto-auth"
     # the system based on local environment variables. This really is for
     # development use only!
-    use-environment-session = true
+    use-environment-session = false
 
     # These provide out-of-box values for development, and mean that
     # all development environments can decrypt and verify tokens