diff --git a/app/services/agent_connect_service.rb b/app/services/agent_connect_service.rb
index 1838a72b7..3c608e776 100644
--- a/app/services/agent_connect_service.rb
+++ b/app/services/agent_connect_service.rb
@@ -27,21 +27,9 @@ class AgentConnectService
 
     access_token = client.access_token!(client_auth_method: :secret)
 
-    discover = find_discover
-    id_token = ResponseObject::IdToken.decode(access_token.id_token, discover.jwks)
-
-    id_token.verify!(
-      client_id: Rails.application.secrets.agent_connect[:identifier],
-      issuer: discover.issuer,
-      nonce: nonce
-    )
+    id_token = ResponseObject::IdToken.decode(access_token.id_token, AGENT_CONNECT[:jwks])
+    id_token.verify!(AGENT_CONNECT.merge(nonce: nonce))
 
     [access_token.userinfo!.raw_attributes, access_token.id_token]
   end
-
-  private
-
-  def self.find_discover
-    Discovery::Provider::Config.discover!("#{ENV.fetch('AGENT_CONNECT_BASE_URL')}/api/v2")
-  end
 end
diff --git a/config/initializers/agent_connect.rb b/config/initializers/agent_connect.rb
index 1e9f1d32c..bf671dfd2 100644
--- a/config/initializers/agent_connect.rb
+++ b/config/initializers/agent_connect.rb
@@ -1 +1,16 @@
-AGENT_CONNECT = Rails.application.secrets.agent_connect
+if ENV['AGENT_CONNECT_BASE_URL'].present?
+  discover = OpenIDConnect::Discovery::Provider::Config.discover!("#{ENV.fetch('AGENT_CONNECT_BASE_URL')}/api/v2")
+
+  AGENT_CONNECT = {
+    issuer: discover.issuer,
+    jwks: discover.jwks,
+    authorization_endpoint: discover.authorization_endpoint,
+    token_endpoint: discover.token_endpoint,
+    userinfo_endpoint: discover.userinfo_endpoint,
+    end_session_endpoint: discover.end_session_endpoint,
+    client_id: ENV.fetch('AGENT_CONNECT_ID'),
+    identifier: ENV.fetch('AGENT_CONNECT_ID'),
+    secret: ENV.fetch('AGENT_CONNECT_SECRET'),
+    redirect_uri: ENV.fetch('AGENT_CONNECT_REDIRECT')
+  }
+end
diff --git a/config/secrets.yml b/config/secrets.yml
index f3c3e50b8..efb986716 100644
--- a/config/secrets.yml
+++ b/config/secrets.yml
@@ -27,14 +27,6 @@ defaults: &defaults
     token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token
     userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo
     logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout
-  agent_connect:
-    identifier: <%= ENV['AGENT_CONNECT_ID'] %>
-    secret: <%= ENV['AGENT_CONNECT_SECRET'] %>
-    redirect_uri: <%= ENV['AGENT_CONNECT_REDIRECT'] %>
-    authorization_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/authorize
-    token_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/token
-    userinfo_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/userinfo
-    logout_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/session/end
   dolist:
     username: <%= ENV['DOLIST_USERNAME'] %>
     password: <%= ENV['DOLIST_PASSWORD'] %>