diff --git a/shell.nix b/shell.nix
index 42c65ae1f..329dd7549 100644
--- a/shell.nix
+++ b/shell.nix
@@ -1,4 +1,4 @@
-# SPDX-FileCopyrightText: 2022-2023 Gregor Kleen <gregor@kleen.consulting>, Sarah Vaupel <sarah.vaupel@uniworx.de>, Steffen Jost <jost@tcs.ifi.lmu.de>
+# SPDX-FileCopyrightText: 2022-2024 Gregor Kleen <gregor@kleen.consulting>, Sarah Vaupel <sarah.vaupel@uniworx.de>, Steffen Jost <jost@tcs.ifi.lmu.de>, David Mosbach <david.mosbach@uniworx.de>
 #
 # SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -9,6 +9,12 @@ let
 
   haskellPackages = pkgs.haskellPackages;
 
+  oauth2Flake = (builtins.getFlake "git+https://gitlab.uniworx.de/mosbach/oauth2-mock-server/?rev=11548e5aacca29c6ba389a62bca3d7a80d54eb6f&ref=refresh-tokens").packages.x86_64-linux;
+
+  oauth2MockServer = oauth2Flake.default;
+  mkOauth2DB = oauth2Flake.mkOauth2DB;
+  killOauth2DB = oauth2Flake.killOauth2DB;
+
   postgresSchema = pkgs.writeText "schema.sql" ''
     CREATE USER uniworx WITH SUPERUSER;
     CREATE DATABASE uniworx_test;
@@ -21,6 +27,17 @@ let
     local all all trust
   '';
 
+  oauth2Schema = pkgs.writeText "oauth2_schema.sql" ''
+    CREATE USER oauth2mock WITH SUPERUSER;
+    CREATE DATABASE test_users;
+    GRANT ALL ON DATABASE test_users TO oauth2mock;
+  '';
+
+  oauth2Hba = pkgs.writeText "oauth2_hba_file" ''
+    local all all trust
+  '';
+
+
   develop = pkgs.writeScriptBin "develop" ''
     #!${pkgs.zsh}/bin/zsh -e
 
@@ -44,6 +61,7 @@ let
       type cleanup_cache_memcached &>/dev/null && cleanup_cache_memcached
       type cleanup_minio &>/dev/null && cleanup_minio
       type cleanup_maildev &>/dev/null && cleanup_maildev
+      [[ -z "$OAUTH2_PGDIR" ]] || source ${killOauth2DB}/bin/killOauth2DB
 
       [ -f "''${basePath}/.develop.env" ] && rm -vf "''${basePath}/.develop.env"
       set +x
@@ -53,6 +71,12 @@ let
 
     export PORT_OFFSET=$(((16#$(sha256sum <<<"$(hostname -f):''${basePath}" | head -c 16)) % 1000))
 
+    if [[ -z "$OAUTH2_PGHOST" ]]; then
+      set -xe
+      source ${mkOauth2DB}/bin/mkOauth2DB
+      set +xe
+    fi
+
     if [[ -z "$PGHOST" ]]; then
       set -xe
 
@@ -271,7 +295,9 @@ in pkgs.mkShell {
 
     export CHROME_BIN=${pkgs.chromium}/bin/chromium
   '';
-  nativeBuildInputs = [develop inDevelop killallUni2work diffRunning]
+  OAUTH2_HBA = oauth2Hba;
+  OAUTH2_DB_SCHEMA = oauth2Schema;
+  nativeBuildInputs = [develop inDevelop killallUni2work diffRunning oauth2MockServer]
   ++ (with pkgs;
     [ stack nodejs-14_x postgresql_12 openldap exiftool memcached minio minio-client
       gup reuse pre-commit
diff --git a/src/Auth/OAuth2.hs b/src/Auth/OAuth2.hs
index 9b4efdd5d..c3637c0f0 100644
--- a/src/Auth/OAuth2.hs
+++ b/src/Auth/OAuth2.hs
@@ -30,7 +30,7 @@ instance Exception AzureUserException
 ----------------------------------------
 
 mockPluginName :: Text
-mockPluginName = "uniworx_dev"
+mockPluginName = "dev-oauth2-mock"
 
 newtype UserID = UserID Text
 instance FromJSON UserID where
@@ -40,14 +40,14 @@ instance FromJSON UserID where
 oauth2MockServer :: YesodAuth m => AuthPlugin m
 oauth2MockServer =
   let oa = OAuth2
-            { oauth2ClientId = "uniworx"
-            , oauth2ClientSecret = Just "shh"
-            , oauth2AuthorizeEndpoint = fromString $ mockServerURL <> "/authorize"
+            { oauth2ClientId = "42"
+            , oauth2ClientSecret = Just "shhh"
+            , oauth2AuthorizeEndpoint = (fromString $ mockServerURL <> "/auth") `withQuery` [scopeParam " " ["ID", "Profile"]]
             , oauth2TokenEndpoint = fromString $ mockServerURL <> "/token"
             , oauth2RedirectUri = Nothing
             }
-      mockServerURL = "0.0.0.0/"
-      profileSrc = fromString $ mockServerURL <> "/foo"
+      mockServerURL = "http://localhost:9443"
+      profileSrc = fromString $ mockServerURL <> "/users/me"
   in  authOAuth2 mockPluginName oa $ \manager token -> do
         (UserID userID, userResponse) <- authGetProfile mockPluginName manager token profileSrc
         return Creds
diff --git a/src/Foundation/Instances.hs b/src/Foundation/Instances.hs
index 79fefdccf..20d10b2de 100644
--- a/src/Foundation/Instances.hs
+++ b/src/Foundation/Instances.hs
@@ -140,7 +140,7 @@ instance YesodAuth UniWorX where
         $(widgetFile "login")
 
     authenticate c@Creds{..}
-      | credsPlugin `elem` ["azureadv2", "uniworx_dev"] = UniWorX.oAuthenticate c
+      | credsPlugin `elem` ["azureadv2", "dev-oauth2-mock"] = UniWorX.oAuthenticate c
       | otherwise                                       = UniWorX.authenticate c
 
     authPlugins UniWorX{ appSettings' = AppSettings{..}, appLdapPool, appAuthPlugins } = appAuthPlugins ++ catMaybes
diff --git a/templates/login.hamlet b/templates/login.hamlet
index 7c1483d65..bb3ee704e 100644
--- a/templates/login.hamlet
+++ b/templates/login.hamlet
@@ -1,6 +1,6 @@
 $newline never
 
-$# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>
+$# SPDX-FileCopyrightText: 2022-2024 Gregor Kleen <gregor.kleen@ifi.lmu.de>,David Mosbach <david.mosbach@uniworx.de>
 $#
 $# SPDX-License-Identifier: AGPL-3.0-or-later
 
@@ -9,7 +9,7 @@ $forall AuthPlugin{apName, apLogin} <- plugins
     <section>
       <h2>Azure
       ^{apLogin toParent}
-  $elseif apName == "uniworx_dev"
+  $elseif apName == "dev-oauth2-mock"
     <section>
       <h2>_{MsgDummyLoginTitle}
       ^{apLogin toParent}