diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index 4f01c9e..452a6bf 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -96,7 +96,8 @@ quarkus.rest-client."unionflow-api".url=${unionflow.backend.url}
 quarkus.rest-client."unionflow-api".scope=jakarta.inject.Singleton
 quarkus.rest-client."unionflow-api".connect-timeout=5000
 quarkus.rest-client."unionflow-api".read-timeout=15000
-quarkus.rest-client."unionflow-api".providers=dev.lions.unionflow.client.service.RestClientExceptionMapper,dev.lions.unionflow.client.security.JwtClientRequestFilter
+quarkus.rest-client."unionflow-api".providers=dev.lions.unionflow.client.service.RestClientExceptionMapper
+# NOTE: JwtClientRequestFilter retiré - utilisation de AuthHeaderFactory via @RegisterClientHeaders
 
 # Configuration Keycloak OIDC - Production
 quarkus.oidc.enabled=true
@@ -104,8 +105,8 @@ quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.d
 quarkus.oidc.client-id=unionflow-client
 quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
 quarkus.oidc.application-type=web-app
-# Callback path - must match Keycloak Valid Redirect URIs configuration
-#quarkus.oidc.authentication.redirect-path=/auth/callback
+ Callback path - must match Keycloak Valid Redirect URIs configuration
+quarkus.oidc.authentication.redirect-path=/auth/callback
 # quarkus.oidc.authentication.redirect-path is NOT set - let Quarkus use its default
 quarkus.oidc.authentication.force-redirect-https-scheme=true
 quarkus.oidc.authentication.restore-path-after-redirect=true