diff --git a/src/constants.rs b/src/constants.rs
index e357dd2..5ee6a30 100644
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -80,3 +80,6 @@ pub const OIDC_PROVIDERS_STATE_DURATION: u64 = 60 * 15;
 
 /// OpenID providers configuration constants
 pub const OIDC_PROVIDERS_LIFETIME: u64 = 3600;
+
+/// OpenID provider callback URI
+pub const OIDC_PROVIDER_CB_URI: &str = "/prov_cb";
diff --git a/src/controllers/providers_controller.rs b/src/controllers/providers_controller.rs
index 50ca53b..c7624f3 100644
--- a/src/controllers/providers_controller.rs
+++ b/src/controllers/providers_controller.rs
@@ -5,7 +5,7 @@ use actix_web::{web, HttpResponse, Responder};
 
 use crate::actors::providers_states_actor;
 use crate::actors::providers_states_actor::{ProviderLoginState, ProvidersStatesActor};
-use crate::controllers::base_controller::build_fatal_error_page;
+use crate::controllers::base_controller::{build_fatal_error_page, redirect_user};
 use crate::data::action_logger::{Action, ActionLogger};
 use crate::data::login_redirect::LoginRedirect;
 use crate::data::provider::{ProviderID, ProvidersManager};
@@ -65,7 +65,9 @@ pub async fn start_login(
 
     log::debug!("Provider configuration: {:?}", config);
 
-    HttpResponse::Ok().body(state.state_id)
+    let url = config.auth_url(&provider, &state);
+    log::debug!("Redirect user on {url} for authorization",);
 
     // Redirect user
+    redirect_user(&url)
 }
diff --git a/src/data/provider_configuration.rs b/src/data/provider_configuration.rs
index c1ccd43..2fe1f92 100644
--- a/src/data/provider_configuration.rs
+++ b/src/data/provider_configuration.rs
@@ -1,7 +1,9 @@
+use crate::actors::providers_states_actor::ProviderLoginState;
 use std::cell::RefCell;
 use std::collections::HashMap;
 
-use crate::constants::OIDC_PROVIDERS_LIFETIME;
+use crate::constants::{OIDC_PROVIDERS_LIFETIME, OIDC_PROVIDER_CB_URI};
+use crate::data::app_config::AppConfig;
 use crate::data::jwt_signer::JsonWebKey;
 use crate::data::provider::Provider;
 use crate::utils::err::Res;
@@ -30,6 +32,18 @@ pub struct ProviderConfiguration {
     pub expire: u64,
 }
 
+impl ProviderConfiguration {
+    /// Get the URL where a user should be redirected to authenticate
+    pub fn auth_url(&self, provider: &Provider, state: &ProviderLoginState) -> String {
+        let authorization_url = &self.discovery.authorization_endpoint;
+        let client_id = urlencoding::encode(&provider.client_id).to_string();
+        let state = urlencoding::encode(&state.state_id).to_string();
+        let callback_url = AppConfig::get().full_url(OIDC_PROVIDER_CB_URI);
+
+        format!("{authorization_url}?response_type=code&scope=openid%20profile%20email&client_id={client_id}&state={state}&redirect_uri={callback_url}")
+    }
+}
+
 thread_local! {
     static THREAD_CACHE: RefCell<HashMap<String, ProviderConfiguration>> = RefCell::new(Default::default());
 }