diff --git a/topics/threat/redirect.adoc b/topics/threat/redirect.adoc
index 0019d01387..2102035aa8 100644
--- a/topics/threat/redirect.adoc
+++ b/topics/threat/redirect.adoc
@@ -2,7 +2,7 @@
 [[_unspecific-redirect-uris]]
 === Unspecific Redirect URIs
 
-For the <<fake/../sso-protocols/oidc.adoc#_oidc-auth-flows,Authorization Code Flow>>, if you register redirect URIs that
+For the <<fake/../../sso-protocols/oidc.adoc#_oidc-auth-flows,Authorization Code Flow>>, if you register redirect URIs that
 are too general, then it would be possible for a rogue client to impersonate a different client that has a broader scope
 of access.  This could happen for instance if two clients live under the same domain.  So, its a good idea to make your
 registered redirect URIs as specific as feasible.