diff --git a/server/routes/authRoutes.js b/server/routes/authRoutes.js
index fe66617..daecf06 100644
--- a/server/routes/authRoutes.js
+++ b/server/routes/authRoutes.js
@@ -7,6 +7,8 @@ import jwt from "jsonwebtoken";
 
 import { register, login } from "../controllers/authController.js";
 
+const CLIENT_URL = process.env.FRONTEND_URL || "http://localhost:5173";
+
 const router = express.Router();
 
 // Shared rate-limit handler that preserves CORS headers already set by
@@ -53,16 +55,18 @@ router.post('/refresh', async (req, res) => {
 });
 router.get("/google", passport.authenticate("google",{ scope: ["profile", "email"] }))
 
-router.get("/google/callback",
-    passport.authenticate("google", {failureRedirect: "http://localhost:5000/auth" }),
-    (req, res) => {
-      
-        const token = jwt.sign({ id: req.user._id }, process.env.JWT_SECRET, {
-            expiresIn: process.env.JWT_EXPIRES_IN || "7d",
-        })
-        // redirect back to frontend with token in query
-        res.redirect(`http://localhost:5173/app?token=${token}`)
-    }
-)
+router.get(
+	"/google/callback",
+	passport.authenticate("google", {
+		failureRedirect: `${CLIENT_URL}/auth?error=google_auth_failed`,
+	}),
+	(req, res) => {
+		const token = jwt.sign({ id: req.user._id }, process.env.JWT_SECRET, {
+			expiresIn: process.env.JWT_EXPIRES_IN || "7d",
+		});
+		// Redirect back to the frontend with token in query params.
+		res.redirect(`${CLIENT_URL}/app?token=${encodeURIComponent(token)}`);
+	},
+);
 
 export default router;