diff --git a/assets/operate/oauth.png b/assets/operate/oauth.png
new file mode 100644
index 0000000000..87a10f1b60
Binary files /dev/null and b/assets/operate/oauth.png differ
diff --git a/docs/dev/tools/cli.md b/docs/dev/tools/cli.md
index b7157f2c49..65b2c3301e 100644
--- a/docs/dev/tools/cli.md
+++ b/docs/dev/tools/cli.md
@@ -1065,7 +1065,7 @@ viam organization auth-service [enable|disable] --org-id=<org-id>
 viam organization auth-service oauth-app [create|update] --client-authentication [required|unspecified|not_required|not_required_when_using_pkce] \
     --client-name <client-name> --enabled-grants [password|unspecified|refresh_token|implicit|device_code|authorization_code] \
     --logout-uri "https://logoipsum.com" --origin-uris https://logoipsum.com \
-    --pkce [required|not_required|unspecified|] --redirect-uris https://logoipsum.com/callback \
+    --pkce [required|not_required|unspecified] --redirect-uris https://logoipsum.com/callback \
     --url-validation [allow_wildcards] --org-id <org-id>
 viam organization auth-service oauth-app [list] --org-id=<org-id>
 viam organization auth-service oauth-app [read|delete] --org-id=<org-id> --client-id <client-id>
diff --git a/docs/operate/control/auth.md b/docs/operate/control/auth.md
index 1c3a241e17..3c83f914da 100644
--- a/docs/operate/control/auth.md
+++ b/docs/operate/control/auth.md
@@ -11,7 +11,7 @@ date: "2025-01-22"
 
 If you want to set up a custom login screen, where Viam provides authentication and manages users for you but the branding is yours, follow these steps:
 
-<!-- TODO screenshot of example unbranded login screen -->
+{{<imgproc src="/operate/oauth.png" resize="800x" declaredimensions=true alt="Example Oauth screenshot">}}
 
 ## Prerequisites
 
@@ -64,7 +64,7 @@ Create your OAuth application for your organization:
 
 ```sh {class="command-line" data-prompt="$" data-output="6-10"}
 viam organization auth-service oauth-app create --client-authentication required \
-    --client-name "OAuth Test App" --enabled-grants password \
+    --client-name "OAuth Test App" --enabled-grants "password, authorization_code" \
     --logout-uri "https://logoipsum.com/logout" --origin-uris https://logoipsum.com \
     --pkce not_required --redirect-uris https://logoipsum.com/callback \
     --url-validation allow_wildcards --org-id <org-id>
@@ -118,13 +118,17 @@ You can update any value after setup using `viam organization auth-service oauth
 ## Use the generated client ID and secret in your app
 
 Your authentication is built on top of FusionAuth.
-To continue, use the generated client secret and client ID with the  [Fusion Auth SDKs](https://fusionauth.io/docs/sdks/).
+To continue, use the generated client secret and client ID with the [Fusion Auth SDKs](https://fusionauth.io/docs/sdks/).
 
-## FAQ
+For a quick example, see [Get started with FusionAuth in 5 minutes](https://github.com/FusionAuth/fusionauth-example-5-minute-guide).
+
+{{< alert title="Base URL" color="tip" >}}
 
-### Can you update the link shown during authentication?
+When using the client ID and client secret, the base URL for your OAuth application is `https://auth.viam.com`.
 
-Currently it is not possible to update the link shown during authentication (`auth.viam.com`).
+{{< /alert >}}
+
+## FAQ
 
 ### Can I customize my login screen further?