diff --git a/internal/bootstrap/app_bootstrap.go b/internal/bootstrap/app_bootstrap.go
index 64ec7b8d..2d102af3 100644
--- a/internal/bootstrap/app_bootstrap.go
+++ b/internal/bootstrap/app_bootstrap.go
@@ -294,6 +294,14 @@ func (app *BootstrapApp) Setup() error {
 	// runtime helpers
 	app.helpers.GetCookieDomain = app.getCookieDomain
 
+	err = app.dig.Provide(func() *model.RuntimeHelpers {
+		return &app.helpers
+	})
+
+	if err != nil {
+		return fmt.Errorf("failed to provide runtime helpers to container: %w", err)
+	}
+
 	// setup router
 	err = app.setupRouter()
 
diff --git a/internal/controller/oauth_controller.go b/internal/controller/oauth_controller.go
index 09c63bad..941fca11 100644
--- a/internal/controller/oauth_controller.go
+++ b/internal/controller/oauth_controller.go
@@ -28,6 +28,7 @@ type OAuthController struct {
 	config  *model.Config
 	runtime *model.RuntimeConfig
 	auth    *service.AuthService
+	helpers *model.RuntimeHelpers
 }
 
 type OAuthControllerInput struct {
@@ -36,6 +37,7 @@ type OAuthControllerInput struct {
 	Log           *logger.Logger
 	Config        *model.Config
 	RuntimeConfig *model.RuntimeConfig
+	Helpers       *model.RuntimeHelpers
 	RouterGroup   *gin.RouterGroup `name:"apiRouterGroup"`
 	AuthService   *service.AuthService
 }
@@ -46,6 +48,7 @@ func NewOAuthController(i OAuthControllerInput) *OAuthController {
 		config:  i.Config,
 		runtime: i.RuntimeConfig,
 		auth:    i.AuthService,
+		helpers: i.Helpers,
 	}
 
 	oauthGroup := i.RouterGroup.Group("/oauth")
diff --git a/internal/controller/oidc_controller.go b/internal/controller/oidc_controller.go
index 1e7be096..0da8d66d 100644
--- a/internal/controller/oidc_controller.go
+++ b/internal/controller/oidc_controller.go
@@ -35,6 +35,8 @@ type OIDCController struct {
 	log     *logger.Logger
 	oidc    *service.OIDCService
 	runtime *model.RuntimeConfig
+	helpers *model.RuntimeHelpers
+	config  *model.Config
 }
 
 type AuthorizeCallback struct {
@@ -91,6 +93,8 @@ type OIDCControllerInput struct {
 	RuntimeConfig *model.RuntimeConfig
 	RouterGroup   *gin.RouterGroup `name:"apiRouterGroup"`
 	MainRouter    *gin.RouterGroup `name:"mainRouterGroup"`
+	Helpers       *model.RuntimeHelpers
+	Config        *model.Config
 }
 
 func NewOIDCController(i OIDCControllerInput) *OIDCController {
@@ -98,6 +102,8 @@ func NewOIDCController(i OIDCControllerInput) *OIDCController {
 		log:     i.Log,
 		oidc:    i.OIDCService,
 		runtime: i.RuntimeConfig,
+		helpers: i.Helpers,
+		config:  i.Config,
 	}
 
 	i.MainRouter.POST("/authorize", controller.authorize)
diff --git a/internal/controller/oidc_controller_test.go b/internal/controller/oidc_controller_test.go
index 9b009271..b7e8370a 100644
--- a/internal/controller/oidc_controller_test.go
+++ b/internal/controller/oidc_controller_test.go
@@ -864,6 +864,8 @@ func TestOIDCController(t *testing.T) {
 				RuntimeConfig: &runtime,
 				RouterGroup:   group,
 				MainRouter:    &router.RouterGroup,
+				Helpers:       helpers,
+				Config:        &cfg,
 			})
 
 			recorder := httptest.NewRecorder()
diff --git a/internal/controller/proxy_controller_test.go b/internal/controller/proxy_controller_test.go
index b8f980ef..9dc5a8e4 100644
--- a/internal/controller/proxy_controller_test.go
+++ b/internal/controller/proxy_controller_test.go
@@ -721,6 +721,7 @@ func TestProxyController(t *testing.T) {
 		OAuthBroker:  broker,
 		Tailscale:    nil,
 		PolicyEngine: policyEngine,
+		Helpers:      helpers,
 	})
 
 	for _, test := range tests {
diff --git a/internal/controller/user_controller_test.go b/internal/controller/user_controller_test.go
index 72375955..82f779ae 100644
--- a/internal/controller/user_controller_test.go
+++ b/internal/controller/user_controller_test.go
@@ -555,6 +555,7 @@ func TestUserController(t *testing.T) {
 		OAuthBroker:  broker,
 		Tailscale:    nil,
 		PolicyEngine: policyEngine,
+		Helpers:      helpers,
 	})
 
 	beforeEach := func() {
diff --git a/internal/middleware/context_middleware_test.go b/internal/middleware/context_middleware_test.go
index cad87e2b..2f841b48 100644
--- a/internal/middleware/context_middleware_test.go
+++ b/internal/middleware/context_middleware_test.go
@@ -277,6 +277,7 @@ func TestContextMiddleware(t *testing.T) {
 		OAuthBroker:  broker,
 		Tailscale:    nil,
 		PolicyEngine: policyEngine,
+		Helpers:      helpers,
 	})
 
 	contextMiddleware := NewContextMiddleware(ContextMiddlewareInput{
diff --git a/internal/service/auth_service.go b/internal/service/auth_service.go
index 12d26f19..c6bb9437 100644
--- a/internal/service/auth_service.go
+++ b/internal/service/auth_service.go
@@ -62,6 +62,7 @@ type AuthService struct {
 	config  *model.Config
 	runtime *model.RuntimeConfig
 	ctx     context.Context
+	helpers *model.RuntimeHelpers
 
 	ldap         *LdapService
 	queries      repository.Store
@@ -99,6 +100,7 @@ type AuthServiceInput struct {
 	OAuthBroker  *OAuthBrokerService
 	Tailscale    *TailscaleService `optional:"true"`
 	PolicyEngine *PolicyEngine
+	Helpers      *model.RuntimeHelpers
 }
 
 func NewAuthService(i AuthServiceInput) *AuthService {
@@ -112,6 +114,7 @@ func NewAuthService(i AuthServiceInput) *AuthService {
 		oauthBroker:  i.OAuthBroker,
 		tailscale:    i.Tailscale,
 		policyEngine: i.PolicyEngine,
+		helpers:      i.Helpers,
 	}
 
 	// get the max login limits based on the number of users and the configured max retries