diff --git a/_infra/main.tf b/_infra/main.tf
index 2bbaf3d..578065a 100644
--- a/_infra/main.tf
+++ b/_infra/main.tf
@@ -98,6 +98,7 @@ resource "aws_apprunner_service" "this" {
         runtime_environment_secrets = {
           GOOGLE_CLIENT_SECRET="arn:aws:secretsmanager:us-east-2:310753928788:secret:drive-gooder-secrets-5lmhvt:GOOGLE_CLIENT_SECRET::"
           OPENAI_API_KEY="arn:aws:secretsmanager:us-east-2:310753928788:secret:drive-gooder-secrets-5lmhvt:OPENAI_API_KEY::"
+          MODAL_AUTH_TOKEN="arn:aws:secretsmanager:us-east-2:310753928788:secret:drive-gooder-secrets-5lmhvt:MODAL_AUTH_TOKEN::"
         }
         }
         image_identifier      = local.container_image
diff --git a/api/backend/app.py b/api/backend/app.py
index 57707af..7176a9f 100644
--- a/api/backend/app.py
+++ b/api/backend/app.py
@@ -132,10 +132,10 @@ def login():
     # scopes that let you retrieve user's profile from Google
     redirect_uri = "https://drive-gooder.com/api/login"
     # print(f'callback uri: {request.base_url + "/callback"}')
-    print(f'callback uri: {redirect_uri + "/callback"}')
+    print(f'callback uri: {request.base_url + "/callback"}')
     request_uri = client.prepare_request_uri(
         authorization_endpoint,
-        redirect_uri=redirect_uri + "/callback",
+        redirect_uri=request.base_url + "/callback",
         scope=["openid", "email", "profile"],
     )
     return redirect(request_uri)