diff --git a/packages/builder/src/pages/builder/portal/manage/auth/index.svelte b/packages/builder/src/pages/builder/portal/manage/auth/index.svelte
index 70abf7d376..13a5f3e04c 100644
--- a/packages/builder/src/pages/builder/portal/manage/auth/index.svelte
+++ b/packages/builder/src/pages/builder/portal/manage/auth/index.svelte
@@ -217,6 +217,10 @@
       }
       originalGoogleDoc = cloneDeep(googleDoc)
     } else {
+      // default activated to true for older configs
+      if (googleDoc.config.activated === undefined) {
+        googleDoc.config.activated = true
+      }
       originalGoogleDoc = cloneDeep(googleDoc)
       providers.google = googleDoc
     }
diff --git a/packages/worker/src/api/controllers/admin/auth.js b/packages/worker/src/api/controllers/admin/auth.js
index 2a641e6194..3cdfc1b774 100644
--- a/packages/worker/src/api/controllers/admin/auth.js
+++ b/packages/worker/src/api/controllers/admin/auth.js
@@ -144,7 +144,9 @@ async function oidcStrategyFactory(ctx, configId) {
 
   const chosenConfig = config.configs.filter(c => c.uuid === configId)[0]
 
-  const callbackUrl = `${ctx.protocol}://${ctx.host}/api/admin/auth/oidc/callback`
+  // require https callback in production
+  const protocol = process.env.NODE_ENV === "production" ? "https" : "http"
+  const callbackUrl = `${protocol}://${ctx.host}/api/admin/auth/oidc/callback`
 
   return oidc.strategyFactory(chosenConfig, callbackUrl)
 }