diff --git a/backend/src/routes/auth.routes.ts b/backend/src/routes/auth.routes.ts
index 584ade1..0609093 100644
--- a/backend/src/routes/auth.routes.ts
+++ b/backend/src/routes/auth.routes.ts
@@ -96,10 +96,10 @@ router.post("/token", async (req, res) => {
   try {
     await ensureOIDC();
 
-    const { code, state, code_verifier, redirect_uri } = req.body;
+    const { code, state, redirect_uri } = req.body;
 
-    if (!code || !state || !code_verifier || !redirect_uri) {
-      res.status(400).json({ error: "Missing required parameters: code, state, code_verifier, redirect_uri" });
+    if (!code || !state || !redirect_uri) {
+      res.status(400).json({ error: "Missing required parameters: code, state, redirect_uri" });
       return;
     }
 
diff --git a/ios/TimeTracker/TimeTracker/Core/Auth/AuthService.swift b/ios/TimeTracker/TimeTracker/Core/Auth/AuthService.swift
index 74d03ce..5763735 100644
--- a/ios/TimeTracker/TimeTracker/Core/Auth/AuthService.swift
+++ b/ios/TimeTracker/TimeTracker/Core/Auth/AuthService.swift
@@ -138,13 +138,11 @@ final class AuthService: NSObject {
         request.httpMethod = "POST"
         request.setValue("application/json", forHTTPHeaderField: "Content-Type")
         
-        // code_verifier is intentionally omitted — the backend uses its own verifier
-        // that was generated during /auth/login and stored in the server-side session.
         // state is sent so the backend can look up and validate the original session.
+        // code_verifier is not sent — the backend uses its own verifier from the session.
         let body: [String: Any] = [
             "code": code,
             "state": state,
-            "code_verifier": "", // kept for API compatibility; backend ignores it
             "redirect_uri": redirectUri
         ]
         request.httpBody = try JSONSerialization.data(withJSONObject: body)
diff --git a/ios/TimeTracker/TimeTracker/Info.plist b/ios/TimeTracker/TimeTracker/Info.plist
index 0ec5689..a643205 100644
--- a/ios/TimeTracker/TimeTracker/Info.plist
+++ b/ios/TimeTracker/TimeTracker/Info.plist
@@ -3,7 +3,7 @@
 <plist version="1.0">
 <dict>
 	<key>API_BASE_URL</key>
-	<string>https://timetracker.simon-franken.de/api</string>
+	<string>http://localhost:3001</string>
 	<key>CFBundleDevelopmentRegion</key>
 	<string>$(DEVELOPMENT_LANGUAGE)</string>
 	<key>CFBundleExecutable</key>