diff --git a/src/runtime/server/lib/oauth/zitadel.ts b/src/runtime/server/lib/oauth/zitadel.ts
index c2a85993..52610aac 100644
--- a/src/runtime/server/lib/oauth/zitadel.ts
+++ b/src/runtime/server/lib/oauth/zitadel.ts
@@ -1,6 +1,6 @@
 import type { H3Event } from 'h3'
 import { eventHandler, getQuery, sendRedirect } from 'h3'
-import { withQuery } from 'ufo'
+import { hasProtocol, withQuery } from 'ufo'
 import { defu } from 'defu'
 import type { RequestAccessTokenOptions } from '../utils'
 import { handleMissingConfiguration, handleAccessTokenErrorResponse, getOAuthRedirectURL, requestAccessToken, handleState, handlePkceVerifier, handleInvalidState } from '../utils'
@@ -65,8 +65,9 @@ export function defineOAuthZitadelEventHandler({ config, onSuccess, onError }: O
       return handleMissingConfiguration(event, 'zitadel', ['clientId', 'domain'], onError)
     }
 
-    const authorizationURL = `https://${config.domain}/oauth/v2/authorize`
-    const tokenURL = `https://${config.domain}/oauth/v2/token`
+    const domain = hasProtocol(config.domain as string) ? config.domain : `https://${config.domain}`
+    const authorizationURL = `${domain}/oauth/v2/authorize`
+    const tokenURL = `${domain}/oauth/v2/token`
     const redirectURL = config.redirectURL || getOAuthRedirectURL(event)
 
     // Create pkce verifier
@@ -123,7 +124,7 @@ export function defineOAuthZitadelEventHandler({ config, onSuccess, onError }: O
     const accessToken = tokens.access_token
     // Fetch user info
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    const user: any = await $fetch(`https://${config.domain}/oidc/v1/userinfo`, {
+    const user: any = await $fetch(`${domain}/oidc/v1/userinfo`, {
       headers: {
         Authorization: `Bearer ${accessToken}`,
         Accept: 'application/json',