diff --git a/oauth/config.php b/oauth/config.php
new file mode 100644
index 0000000..4e46570
--- /dev/null
+++ b/oauth/config.php
@@ -0,0 +1,5 @@
+<?php
+
+$url_scheme = "https";
+
+?>
\ No newline at end of file
diff --git a/oauth/token.php b/oauth/token.php
index fc38279..f0d9223 100644
--- a/oauth/token.php
+++ b/oauth/token.php
@@ -6,14 +6,23 @@
 
 // include our OAuth2 Server object
 require_once __DIR__.'/server.php';
+require_once __DIR__.'/config.php';
+
 
-// Handle a request for an OAuth2.0 Access Token and send the response to the client
 error_log("token.php \$_POST = " . json_encode($_POST));
-// The Mattermost server seems to be returning bare http urls, even though there is no http url in the config.json
+/*
 
-if (substr($_POST["redirect_uri"],0,5) == "http:") {
-    $_POST["redirect_uri"] = "https" . substr($_POST["redirect_uri"],4);
+  The Mattermost server seems to be returning bare http urls, even
+  though there is no http url in the config.json.  If we are using
+  https we need to modify them.
+
+*/
+$redirect_url_scheme = substr($_POST["redirect_uri"], 0, 5);
+
+if ($url_scheme == "https" && $redirect_url_scheme == "http:") {
+    $_POST["redirect_uri"] = "https" . substr($_POST["redirect_uri"], 4);
 }
 
+// Handle a request for an OAuth2.0 Access Token and send the response to the client
 $server->handleTokenRequest(OAuth2\Request::createFromGlobals())->send();
 ?>