diff --git a/src/lib/config.ts b/src/lib/config.ts
new file mode 100644
index 00000000..e58ca965
--- /dev/null
+++ b/src/lib/config.ts
@@ -0,0 +1,4 @@
+import { PUBLIC_SIERO_OAUTH_URL } from '$env/static/public'
+
+// Single source of truth for env-based URLs
+export const OAUTH_BASE = PUBLIC_SIERO_OAUTH_URL
diff --git a/src/routes/auth/refresh/+server.ts b/src/routes/auth/refresh/+server.ts
index 25ad6433..9367c58c 100644
--- a/src/routes/auth/refresh/+server.ts
+++ b/src/routes/auth/refresh/+server.ts
@@ -1,6 +1,6 @@
 import type { RequestHandler } from '@sveltejs/kit'
 import { json } from '@sveltejs/kit'
-import { PUBLIC_SIERO_OAUTH_URL } from '$env/static/public'
+import { OAUTH_BASE } from '$lib/config'
 import {
 	getRefreshFromCookies,
 	setAccountCookie,
@@ -27,7 +27,7 @@ export const POST: RequestHandler = async ({ cookies, fetch, url }) => {
 		return json({ error: 'no_refresh_token' }, { status: 401 })
 	}
 
-	const res = await fetch(`${PUBLIC_SIERO_OAUTH_URL}/token`, {
+	const res = await fetch(`${OAUTH_BASE}/token`, {
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json' },
 		body: JSON.stringify({