diff --git a/authentik/sources/oauth/clients/base.py b/authentik/sources/oauth/clients/base.py
index 4b81eb50b..0f4be42b1 100644
--- a/authentik/sources/oauth/clients/base.py
+++ b/authentik/sources/oauth/clients/base.py
@@ -9,6 +9,7 @@ from requests.models import Response
 from structlog.stdlib import get_logger
 
 from authentik import __version__
+from authentik.events.models import Event, EventAction
 from authentik.sources.oauth.models import OAuthSource
 
 LOGGER = get_logger()
@@ -59,7 +60,16 @@ class BaseOAuthClient:
         args.update(additional)
         params = urlencode(args)
         LOGGER.info("redirect args", **args)
-        return f"{self.source.authorization_url}?{params}"
+        base_url = self.source.authorization_url
+        if not self.source.type.urls_customizable:
+            base_url = self.source.type.authorization_url
+        if base_url == "":
+            Event.new(
+                EventAction.CONFIGURATION_ERROR,
+                source=self.source,
+                message="Source has an empty authorization URL.",
+            ).save()
+        return f"{base_url}?{params}"
 
     def parse_raw_token(self, raw_token: str) -> dict[str, Any]:
         "Parse token and secret from raw token response."
diff --git a/authentik/sources/oauth/clients/oauth1.py b/authentik/sources/oauth/clients/oauth1.py
index 191dc9b65..1c8fec181 100644
--- a/authentik/sources/oauth/clients/oauth1.py
+++ b/authentik/sources/oauth/clients/oauth1.py
@@ -28,9 +28,12 @@ class OAuthClient(BaseOAuthClient):
         if raw_token is not None and verifier is not None:
             token = self.parse_raw_token(raw_token)
             try:
+                access_token_url: str = self.source.access_token_url
+                if not self.source.type.urls_customizable:
+                    access_token_url = self.source.type.access_token_url or ""
                 response = self.do_request(
                     "post",
-                    self.source.access_token_url,
+                    access_token_url,
                     token=token,
                     headers=self._default_headers,
                     oauth_verifier=verifier,
@@ -48,9 +51,12 @@ class OAuthClient(BaseOAuthClient):
         "Fetch the OAuth request token. Only required for OAuth 1.0."
         callback = self.request.build_absolute_uri(self.callback)
         try:
+            request_token_url: str = self.source.request_token_url
+            if not self.source.type.urls_customizable:
+                request_token_url = self.source.type.request_token_url or ""
             response = self.do_request(
                 "post",
-                self.source.request_token_url,
+                request_token_url,
                 headers=self._default_headers,
                 oauth_callback=callback,
             )
diff --git a/authentik/sources/oauth/clients/oauth2.py b/authentik/sources/oauth/clients/oauth2.py
index 968f919cc..92dd34039 100644
--- a/authentik/sources/oauth/clients/oauth2.py
+++ b/authentik/sources/oauth/clients/oauth2.py
@@ -56,9 +56,12 @@ class OAuth2Client(BaseOAuthClient):
             LOGGER.warning("No code returned by the source")
             return None
         try:
+            access_token_url = self.source.access_token_url
+            if not self.source.type.urls_customizable:
+                access_token_url = self.source.type.access_token_url or ""
             response = self.session.request(
                 "post",
-                self.source.access_token_url,
+                access_token_url,
                 data=args,
                 headers=self._default_headers,
             )