diff --git a/cluster-resources/policies/auth-sidecar-injector.yaml b/cluster-resources/policies/auth-sidecar-injector.yaml
index 7f98a78..e4bec97 100644
--- a/cluster-resources/policies/auth-sidecar-injector.yaml
+++ b/cluster-resources/policies/auth-sidecar-injector.yaml
@@ -10,16 +10,7 @@ metadata:
     policies.kyverno.io/severity: medium
     policies.kyverno.io/subject: Pod
     policies.kyverno.io/description: >-
-      Injects an auth sidecar container into Pods annotated with
-      policies.forteapps.io/auth: "true". Supports two auth modes controlled
-      by the policies.forteapps.io/auth-type annotation: "token" (default)
-      and "oidc". In token mode the sidecar reads credentials from a
-      mounted Secret volume. In OIDC mode the sidecar uses OpenID Connect
-      with authority and client-id provided via required annotations
-      (policies.forteapps.io/auth-oidc-authority and
-      policies.forteapps.io/auth-oidc-client-id) and secrets from an
-      auth-oidc Secret. A NetworkPolicy is generated to restrict ingress
-      to the sidecar port only.
+      Injects an auth sidecar container into Pods annotated with policies.forteapps.io/auth: "true". Supports two auth modes controlled by the policies.forteapps.io/auth-type annotation: "token" (default) and "oidc". In token mode the sidecar reads credentials from a mounted Secret volume. In OIDC mode the sidecar uses OpenID Connect with authority and client-id provided via required annotations (policies.forteapps.io/auth-oidc-authority and policies.forteapps.io/auth-oidc-client-id) and secrets from an auth-oidc Secret. A NetworkPolicy is generated to restrict ingress to the sidecar port only.
 spec:
   background: false
   rules:
@@ -225,6 +216,8 @@ spec:
               value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-authority\" }}"
             - name: AUTH_OIDC_CLIENT_ID
               value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-client-id\" }}"
+            - name: AUTH_OIDC_CALLBACK_PATH
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\" }}"
             - name: AUTH_OIDC_SCOPES
               value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-scopes\" || 'openid,profile,email'  }}"
             - name: AUTH_OIDC_COOKIE_SECRET