diff --git a/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift.xcodeproj/project.xcworkspace/xcuserdata/velikho.xcuserdatad/UserInterfaceState.xcuserstate b/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift.xcodeproj/project.xcworkspace/xcuserdata/velikho.xcuserdatad/UserInterfaceState.xcuserstate
index 0e6d5ed2..f079310f 100644
Binary files a/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift.xcodeproj/project.xcworkspace/xcuserdata/velikho.xcuserdatad/UserInterfaceState.xcuserstate and b/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift.xcodeproj/project.xcworkspace/xcuserdata/velikho.xcuserdatad/UserInterfaceState.xcuserstate differ
diff --git a/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift/Core/Constants/Constants.swift b/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift/Core/Constants/Constants.swift
index c857cd39..28ab91ee 100644
--- a/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift/Core/Constants/Constants.swift
+++ b/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift/Core/Constants/Constants.swift
@@ -26,9 +26,17 @@ enum APIConfig {
     /// OAuth2 token endpoint (không có version prefix)
     static let tokenEndpoint = "/connect/token"
 
+    /// OAuth2 client ID for password grant
+    /// OAuth2 client ID cho password grant
+    static let oauthClientId = "password-client"
+
+    /// OAuth2 client secret for password grant
+    /// OAuth2 client secret cho password grant
+    static let oauthClientSecret = "password-client-secret"
+
     /// OAuth2 scope for authentication
     /// OAuth2 scope cho xác thực
-    static let oauthScope = "openid profile email offline_access"
+    static let oauthScope = "openid profile email api offline_access"
 
     /// Request timeout in seconds
     /// Thời gian timeout request (giây)
diff --git a/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift/Services/AuthManager.swift b/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift/Services/AuthManager.swift
index 90a15b19..6204c40b 100644
--- a/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift/Services/AuthManager.swift
+++ b/apps/app-client-base-swift/AppClientBaseSwift/AppClientBaseSwift/Services/AuthManager.swift
@@ -121,6 +121,8 @@ final class AuthManager: ObservableObject {
         // OAuth2 Password Grant
         let formData: [String: String] = [
             "grant_type": "password",
+            "client_id": APIConfig.oauthClientId,
+            "client_secret": APIConfig.oauthClientSecret,
             "username": email,
             "password": password,
             "scope": APIConfig.oauthScope
diff --git a/infra/traefik/dynamic/routes.yml b/infra/traefik/dynamic/routes.yml
index 8fb0eccd..3f261a58 100644
--- a/infra/traefik/dynamic/routes.yml
+++ b/infra/traefik/dynamic/routes.yml
@@ -22,6 +22,19 @@ http:
       entryPoints:
         - web
 
+    # EN: IdentityServer OAuth2/OIDC Endpoints
+    # VI: IdentityServer OAuth2/OIDC Endpoints
+    iam-oidc-router:
+      rule: "PathPrefix(`/connect`) || PathPrefix(`/.well-known`)"
+      service: iam-service
+      priority: 150
+      middlewares:
+        - auth-ratelimit
+        - cors
+        - secure-headers
+      entryPoints:
+        - web
+
     web-admin-router:
       rule: "Host(`admin.goodgo.vn`) || Host(`admin.localhost`)"
       service: web-admin
diff --git a/note.md b/note.md
index 00b2854b..597df68a 100644
--- a/note.md
+++ b/note.md
@@ -5,18 +5,23 @@ Mật Khẩu: Velik@2026
 admin@goodgo.com / 123456
 dotnet build -c Debug -f net10.0-ios -t:Run -p:_DeviceName=:v2:udid=D8A27496-0AFB-4314-96EC-E8B685575330
 
-curl -s -X POST "http
-://localhost:5001/connect/token" \
->   -H "Content-Type: application/x-www-fo
-rm-urlencoded" \
->   -d "grant_type=password" \
->   -d "client_id=password-client" \
->   -d "client_secret=password-client-secret" \
->   -d "username=hongochai10@icloud.com" \
+curl -s -X POST "http://localhost:5001/connect/token" \
+   -H "Content-Type: application/x-www-form-urlencoded" \
+   -d "grant_type=password" \
+   -d "client_id=password-client" \
+   -d "client_secret=password-client-secret" \
+   -d "username=hongochai10@icloud.com" \
+   -d "password=Velik@2026" \
+   -d "scope=openid profile email api offline_access" 2>&1 | jq .
 
->   -d "password=Velik@2026" \
->   -d "scope=openid profile email api offline_access" 2>
-&1 | jq .
+curl -s -X POST "http://localhost/connect/token" \
+   -H "Content-Type: application/x-www-form-urlencoded" \
+   -d "grant_type=password" \
+   -d "client_id=password-client" \
+   -d "client_secret=password-client-secret" \
+   -d "username=hongochai10@icloud.com" \
+   -d "password=Velik@2026" \
+   -d "scope=openid profile email api offline_access" 2>&1 | jq .
 
 1. Kiểm tra hỗ trợ cho MSSQL, PSQL, MongoDB