diff --git a/src/ApiFunction.ts b/src/ApiFunction.ts
index 239023d9..65309ec2 100644
--- a/src/ApiFunction.ts
+++ b/src/ApiFunction.ts
@@ -41,9 +41,6 @@ export class ApiFunction<T extends Lambda.Function> extends Construct {
       logRetention: retention,
       environment: {
         APPLICATION_URL_BASE: props.applicationUrlBase || '',
-        AUTH_URL_BASE: SSM.StringParameter.valueForStringParameter(this, Statics.ssmAuthUrlBaseParameter),
-        OIDC_CLIENT_ID: SSM.StringParameter.valueForStringParameter(this, Statics.ssmOIDCClientID),
-        OIDC_SCOPE: SSM.StringParameter.valueForStringParameter(this, Statics.ssmOIDCScope),
         SESSION_TABLE: props.table.tableName,
         ...props.environment,
       },
diff --git a/src/ApiStack.ts b/src/ApiStack.ts
index d7c0be7f..d95a8ed5 100644
--- a/src/ApiStack.ts
+++ b/src/ApiStack.ts
@@ -78,6 +78,11 @@ export class ApiStack extends Stack {
       applicationUrlBase: baseUrl,
       readOnlyRole,
       lambdaInsightsExtensionArn: insightsArn,
+      environment: {
+        AUTH_URL_BASE_SSM: Statics.ssmAuthUrlBaseParameter,
+        OIDC_CLIENT_ID_SSM: Statics.ssmOIDCClientID,
+        OIDC_SCOPE_SSM: Statics.ssmOIDCScope,
+      },
     }, LoginFunction);
     authBaseUrl.grantRead(loginFunction.lambda);
     odicClientId.grantRead(loginFunction.lambda);
@@ -101,6 +106,9 @@ export class ApiStack extends Stack {
       readOnlyRole,
       environment: {
         CLIENT_SECRET_ARN: oidcSecret.secretArn,
+        AUTH_URL_BASE_SSM: Statics.ssmAuthUrlBaseParameter,
+        OIDC_CLIENT_ID_SSM: Statics.ssmOIDCClientID,
+        OIDC_SCOPE_SSM: Statics.ssmOIDCScope,
       },
       lambdaInsightsExtensionArn: insightsArn,
     }, AuthFunction);
diff --git a/src/app/code/OpenIDConnect.ts b/src/app/code/OpenIDConnect.ts
index b8603c58..293150f8 100644
--- a/src/app/code/OpenIDConnect.ts
+++ b/src/app/code/OpenIDConnect.ts
@@ -16,19 +16,19 @@ export class OpenIDConnect {
   constructor() {}
 
   async init() {
-    if (!process.env.AUTH_URL_BASE || !process.env.OIDC_CLIENT_ID || !process.env.APPLICATION_URL_BASE || !process.env.OIDC_SCOPE) {
+    if (!process.env.AUTH_URL_BASE_SSM || !process.env.OIDC_CLIENT_ID_SSM || !process.env.APPLICATION_URL_BASE || !process.env.OIDC_SCOPE_SSM) {
       let errorMsg = 'Initalization failed: one of the folowing env variables is missing:';
       errorMsg += [
-        'AUTH_URL_BASE (ssm path)',
-        'OIDC_CLIENT_ID (ssm path)',
+        'AUTH_URL_BASE_SSM',
+        'OIDC_CLIENT_ID_SSM',
         'APPLICATION_URL_BASE',
-        'OIDC_SCOPE',
+        'OIDC_SCOPE_SSM',
       ].join(', ');
       throw Error(errorMsg);
     }
-    this.authBaseUrl = await AWS.getParameter(process.env.AUTH_URL_BASE);
-    this.oidcClientId = await AWS.getParameter(process.env.OIDC_CLIENT_ID);
-    this.oidcScope = await AWS.getParameter(process.env.OIDC_SCOPE);
+    this.authBaseUrl = await AWS.getParameter(process.env.AUTH_URL_BASE_SSM);
+    this.oidcClientId = await AWS.getParameter(process.env.OIDC_CLIENT_ID_SSM);
+    this.oidcScope = await AWS.getParameter(process.env.OIDC_SCOPE_SSM);
 
     this.issuer = this.getIssuer(this.authBaseUrl);
     this.applicationBaseUrl = process.env.APPLICATION_URL_BASE;
diff --git a/test/app/auth.test.ts b/test/app/auth.test.ts
index a622b836..583acee3 100644
--- a/test/app/auth.test.ts
+++ b/test/app/auth.test.ts
@@ -24,11 +24,11 @@ beforeAll( async () => {
 
   // Set env variables
   process.env.SESSION_TABLE = 'mijnuitkering-sessions';
-  process.env.AUTH_URL_BASE = 'https://authenticatie-accp.nijmegen.nl';
+  process.env.AUTH_URL_BASE_SSM = 'https://authenticatie-accp.nijmegen.nl';
   process.env.APPLICATION_URL_BASE = 'https://testing.example.com/';
   process.env.CLIENT_SECRET_ARN = '123';
-  process.env.OIDC_CLIENT_ID = '1234';
-  process.env.OIDC_SCOPE = 'openid';
+  process.env.OIDC_CLIENT_ID_SSM = '1234';
+  process.env.OIDC_SCOPE_SSM = 'openid';
 
   await OIDC.init();
 
diff --git a/test/app/login.test.ts b/test/app/login.test.ts
index 9f278997..fd743112 100644
--- a/test/app/login.test.ts
+++ b/test/app/login.test.ts
@@ -25,11 +25,11 @@ beforeAll( async () => {
 
   // Set env variables
   process.env.SESSION_TABLE = 'yivi-issue-sessions';
-  process.env.AUTH_URL_BASE = 'https://authenticatie-accp.nijmegen.nl';
+  process.env.AUTH_URL_BASE_SSM = 'https://authenticatie-accp.nijmegen.nl';
   process.env.APPLICATION_URL_BASE = 'https://testing.example.com/';
   process.env.OIDC_SECRET_ARN = '123';
-  process.env.OIDC_CLIENT_ID = '1234';
-  process.env.OIDC_SCOPE = 'openid';
+  process.env.OIDC_CLIENT_ID_SSM = '1234';
+  process.env.OIDC_SCOPE_SSM = 'openid';
 
   await OIDC.init();
 });
@@ -54,7 +54,7 @@ test('Return login page with correct link', async () => {
     expect('body' in result).toBe(true);
     return;
   }
-  expect(result.body).toContain(`${process.env.AUTH_URL_BASE}/broker/sp/oidc/authenticate`);
+  expect(result.body).toContain(`${process.env.AUTH_URL_BASE_SSM}/broker/sp/oidc/authenticate`);
   expect(result.body).toContain(encodeURIComponent(`${process.env.APPLICATION_URL_BASE}auth`));
   expect(result.statusCode).toBe(200);
   writeFile(path.join(__dirname, 'output', 'test.html'), result.body ?? '', () => { });