diff --git a/core/server/services/public-config/site.js b/core/server/services/public-config/site.js
index 0195ff6b09..3d6e677e4e 100644
--- a/core/server/services/public-config/site.js
+++ b/core/server/services/public-config/site.js
@@ -2,6 +2,7 @@ const ghostVersion = require('@tryghost/version');
 const settingsCache = require('../../../shared/settings-cache');
 const config = require('../../../shared/config');
 const urlUtils = require('../../../shared/url-utils');
+const labs = require('../../../shared/labs');
 
 module.exports = function getSiteProperties() {
     const siteProperties = {
@@ -14,7 +15,7 @@ module.exports = function getSiteProperties() {
         version: ghostVersion.safe
     };
 
-    if (settingsCache.get('oauth_client_id') && settingsCache.get('oauth_client_secret')) {
+    if (labs.isSet('oauthLogin') && settingsCache.get('oauth_client_id') && settingsCache.get('oauth_client_secret')) {
         // Only set the oauth flag if oauth is enabled to avoid API changes
         siteProperties.oauth = true;
     }
diff --git a/core/server/web/oauth/app.js b/core/server/web/oauth/app.js
index 65a470e68b..77a1ffb77c 100644
--- a/core/server/web/oauth/app.js
+++ b/core/server/web/oauth/app.js
@@ -5,10 +5,10 @@ const GoogleStrategy = require('passport-google-oauth20').Strategy;
 const express = require('../../../shared/express');
 const urlUtils = require('../../../shared/url-utils');
 const shared = require('../shared');
-const config = require('../../../shared/config');
 const settingsCache = require('../../../shared/settings-cache');
 const models = require('../../models');
 const auth = require('../../services/auth');
+const labs = require('../../../shared/labs');
 
 function randomPassword() {
     return require('crypto').randomBytes(128).toString('hex');
@@ -17,10 +17,14 @@ function randomPassword() {
 module.exports = function setupOAuthApp() {
     debug('OAuth App setup start');
     const oauthApp = express('oauth');
-    if (!config.get('enableDeveloperExperiments')) {
-        debug('OAuth App setup skipped');
-        return oauthApp;
+
+    function labsMiddleware(req, res, next) {
+        if (labs.isSet('oauthLogin')) {
+            return next();
+        }
+        res.sendStatus(404);
     }
+    oauthApp.use(labsMiddleware);
 
     // send 503 json response in case of maintenance
     oauthApp.use(shared.middlewares.maintenance);
diff --git a/core/shared/labs.js b/core/shared/labs.js
index 701bf634ac..98a15d1702 100644
--- a/core/shared/labs.js
+++ b/core/shared/labs.js
@@ -26,7 +26,8 @@ const ALPHA_FEATURES = [
     'multipleProducts',
     'savedIndicator',
     'featureImgDragDrop',
-    'checkEmailList'
+    'checkEmailList',
+    'oauthLogin'
 ];
 
 module.exports.WRITABLE_KEYS_ALLOWLIST = [...BETA_FEATURES, ...ALPHA_FEATURES];