diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index a2980c79ec..4b63830fbd 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -21,24 +21,8 @@ security:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
         oauth_token:
-            pattern: ^/oauth/token$
+            pattern: ^/oauth/(token|authorize)$
             security: false
-        oauth_authorize:
-            pattern: ^/oauth/authorize$
-            security: true
-            entry_point: App\Security\Authenticator
-            guard:
-                authenticators:
-                    - App\Security\Authenticator
-            provider: local_user
-        oauth:
-            guard:
-                authenticators:
-                    - Trikoder\Bundle\OAuth2Bundle\Security\Guard\Authenticator\OAuth2Authenticator
-            provider: local_user
-            pattern: ^/oauth/
-            security: true
-            stateless: true
         api_apps:
             pattern: ^/api/v1/apps$
             security: false
diff --git a/src/Core/GNUsocial.php b/src/Core/GNUsocial.php
index aed88fb345..e101fbd172 100644
--- a/src/Core/GNUsocial.php
+++ b/src/Core/GNUsocial.php
@@ -80,6 +80,7 @@ use Symfony\Contracts\HttpClient\HttpClientInterface;
 use Symfony\Contracts\Translation\TranslatorInterface;
 use SymfonyCasts\Bundle\ResetPassword\ResetPasswordHelperInterface;
 use SymfonyCasts\Bundle\VerifyEmail\VerifyEmailHelperInterface;
+use Trikoder\Bundle\OAuth2Bundle\Event\AuthorizationRequestResolveEvent;
 use Trikoder\Bundle\OAuth2Bundle\Event\UserResolveEvent;
 use Trikoder\Bundle\OAuth2Bundle\OAuth2Events;
 use Twig\Environment;
@@ -286,6 +287,12 @@ class GNUsocial implements EventSubscriberInterface
         $event->setUser($user);
     }
 
+    public function authRequestResolve(AuthorizationRequestResolveEvent $event): void
+    {
+        // TODO: if using 3rd party clients, make sure the user approves access
+        $event->resolveAuthorization(true);
+    }
+
     /**
      * Tell Symfony which events we want to listen to, which Symfony detects and auto-wires
      * due to this implementing the `EventSubscriberInterface`
@@ -293,9 +300,10 @@ class GNUsocial implements EventSubscriberInterface
     public static function getSubscribedEvents(): array
     {
         return [
-            KernelEvents::REQUEST      => 'onKernelRequest',
-            'console.command'          => 'onCommand',
-            OAuth2Events::USER_RESOLVE => 'userResolve',
+            KernelEvents::REQUEST                       => 'onKernelRequest',
+            'console.command'                           => 'onCommand',
+            OAuth2Events::USER_RESOLVE                  => 'userResolve',
+            OAuth2Events::AUTHORIZATION_REQUEST_RESOLVE => 'authRequestResolve',
         ];
     }
 }