diff --git a/pages/api/app.ts b/pages/api/app.ts
index 8d1cbce..f092a7e 100644
--- a/pages/api/app.ts
+++ b/pages/api/app.ts
@@ -28,8 +28,8 @@ export default function handler(req: NextApiRequest, res: NextApiResponse) {
     return res.status(405).send("Method Not Allowed");
   }
 
-  const clientId = `https://${req.headers.host}/api/app`;
-  const hostname = `https://${req.headers.host}/`;
+  const clientId = new URL("/api/app", `https://${req.headers.host}`);
+  const hostname = new URL("/", `https://${req.headers.host}`);
 
   const acceptedType = accepts(req).type([
     "application/ld+json",
diff --git a/scripts/updateClientId.ts b/scripts/updateClientId.ts
index 4c7c43a..4ead7a0 100644
--- a/scripts/updateClientId.ts
+++ b/scripts/updateClientId.ts
@@ -32,8 +32,8 @@ const clientSecret = process.env.CLIENT_SECRET;
 
 // build client id doc
 const clientIdDoc = buildClientIdentifierDoc(
-  "http://localhost:3000/",
-  CLIENT_ID_DOC_IRI
+  new URL("http://localhost:3000/"),
+  new URL(CLIENT_ID_DOC_IRI)
 );
 
 async function updateClientId() {
diff --git a/src/helpers/clientId/clientId.ts b/src/helpers/clientId/clientId.ts
index 4715ead..bdee129 100644
--- a/src/helpers/clientId/clientId.ts
+++ b/src/helpers/clientId/clientId.ts
@@ -21,19 +21,15 @@
 
 /* eslint-disable import/prefer-default-export */
 
-export function buildClientIdentifierDoc(hostname: string, clientId: string) {
+export function buildClientIdentifierDoc(hostname: URL, clientId: URL) {
   return {
     "@context": "https://www.w3.org/ns/solid/oidc-context.jsonld",
     client_id: clientId,
     client_name: "Inrupt AMC",
     // URLs the user will be redirected back to upon successful authentication:
-    redirect_uris: [hostname, hostname.concat("login")],
+    redirect_uris: [hostname, new URL("login", hostname)],
     // URLs the user can be redirected to back to upon successful logout:
-    post_logout_redirect_uris: [
-      hostname,
-      hostname.concat("login"),
-      hostname.concat("*"),
-    ],
+    post_logout_redirect_uris: [hostname, new URL("login", hostname)],
     // Support refresh_tokens for refreshing the session:
     grant_types: ["authorization_code", "refresh_token"],
     // The scope must be explicit, as the default doesn't include offline_access,
@@ -45,7 +41,7 @@ export function buildClientIdentifierDoc(hostname: string, clientId: string) {
     require_auth_time: false,
     tos_uri: "https://www.inrupt.com/terms-conditions",
     policy_uri: "https://www.inrupt.com/privacy-policy",
-    logo_uri: hostname.concat("inrupt-hex-filled.svg"),
+    logo_uri: new URL("inrupt-hex-filled.svg", hostname),
     client_uri: "https://www.inrupt.com/",
   };
 }