diff --git a/src/Web/Endpoints/Google.cs b/src/Web/Endpoints/Google.cs
index 640ac44..0a9a92d 100644
--- a/src/Web/Endpoints/Google.cs
+++ b/src/Web/Endpoints/Google.cs
@@ -1,5 +1,6 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Google;
+using Microsoft.AspNetCore.Mvc;
 
 namespace Hutopy.Web.Endpoints;
 
@@ -11,13 +12,15 @@ public class Google : EndpointGroupBase
             .MapGet("/o/sign-in", Callback);
     }
     
-    private static async Task Callback(ISender sender, HttpContext context)
+    private static async Task<IActionResult> Callback(ISender sender, HttpContext context)
     {
-        await context.ChallengeAsync(GoogleDefaults.AuthenticationScheme, 
-            new AuthenticationProperties
-            {
-                RedirectUri = "/signin-google",
-                ExpiresUtc = DateTimeOffset.UtcNow.AddDays(30),
-            });
+        var properties = new AuthenticationProperties
+        {
+            RedirectUri = "/signin-google", ExpiresUtc = DateTimeOffset.UtcNow.AddDays(30),
+        };
+        
+        await context.ChallengeAsync(GoogleDefaults.AuthenticationScheme, properties);
+        
+        return new ChallengeResult(GoogleDefaults.AuthenticationScheme, properties);
     }
 }
diff --git a/src/Web/Program.cs b/src/Web/Program.cs
index 0c0b449..b6c6745 100644
--- a/src/Web/Program.cs
+++ b/src/Web/Program.cs
@@ -5,10 +5,7 @@ using Hutopy.Infrastructure.Data;
 using Hutopy.Infrastructure.Services;
 using Hutopy.Web;
 using Azure.Identity;
-using Hutopy.Infrastructure.Identity;
 using Microsoft.AspNetCore.Authentication.Cookies;
-using Microsoft.AspNetCore.Authentication.Google;
-using Microsoft.AspNetCore.Identity;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -52,11 +49,16 @@ builder.Services.AddInfrastructureServices(builder.Configuration);
 builder.Services.AddWebServices();
 
 // OAuth
-builder.Services.AddAuthentication()
-    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme,options =>
+builder.Services.AddAuthorization();
+builder.Services.AddAuthentication(options =>
+    {
+        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+    })
+    .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
     {
         options.Cookie.Name = "Hutopy";
-        options.Cookie.SecurePolicy = builder.Environment.IsDevelopment() ? CookieSecurePolicy.None : CookieSecurePolicy.Always;
+        options.Cookie.SecurePolicy =
+            builder.Environment.IsDevelopment() ? CookieSecurePolicy.None : CookieSecurePolicy.Always;
         options.Cookie.SameSite = SameSiteMode.Strict;
         options.Cookie.HttpOnly = true;
         options.Cookie.IsEssential = true;
@@ -64,8 +66,10 @@ builder.Services.AddAuthentication()
     })
     .AddGoogle(options =>
     {
-        options.ClientId = builder.Configuration["Google:ClientId"] ?? throw new ArgumentNullException("The Google ClientId is missing.");
-        options.ClientSecret = builder.Configuration["Google:ClientSecret"] ?? throw new ArgumentNullException("The Google ClientSecret is missing.");
+        options.ClientId = builder.Configuration["Google:ClientId"] ??
+                           throw new ArgumentNullException("The Google ClientId is missing.");
+        options.ClientSecret = builder.Configuration["Google:ClientSecret"] ??
+                               throw new ArgumentNullException("The Google ClientSecret is missing.");
         options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
         options.Events.OnRedirectToAuthorizationEndpoint = context =>
         {
@@ -73,16 +77,15 @@ builder.Services.AddAuthentication()
             return Task.CompletedTask;
         };
     });
-    /*.AddFacebook(options =>
-    {
-        options.AppId = ""; // TODO
-        options.AppSecret = ""; // TODO
-    });*/ // We can add a lot more if needed, microsoft, twitter, etc.
 
+builder.Services.AddControllers();
 builder.Services.AddScoped<IUserService, UserService>();
 
 var app = builder.Build();
 
+app.UseAuthentication();
+app.UseAuthorization();
+
 app.UseCors("AllowAll");
 app.UseCors("AllowHutopyUi");
 app.UseCors("AllowHutopyUiPreview");
@@ -111,8 +114,6 @@ app.MapControllerRoute(
     name: "default",
     pattern: "{controller}/{action=Index}/{id?}");
 
-app.MapRazorPages();
-
 app.MapFallbackToFile("index.html");
 
 app.UseExceptionHandler(options => { });
diff --git a/src/Web/wwwroot/api/specification.json b/src/Web/wwwroot/api/specification.json
index c080bf3..79be20e 100644
--- a/src/Web/wwwroot/api/specification.json
+++ b/src/Web/wwwroot/api/specification.json
@@ -34,7 +34,15 @@
         "operationId": "GetApiGoogleOSignIn",
         "responses": {
           "200": {
-            "description": ""
+            "description": "",
+            "content": {
+              "application/octet-stream": {
+                "schema": {
+                  "type": "string",
+                  "format": "binary"
+                }
+              }
+            }
           }
         }
       }