diff --git a/src/backend/src/routers/auth/oidc.js b/src/backend/src/routers/auth/oidc.js
index a954815a0..039cac761 100644
--- a/src/backend/src/routers/auth/oidc.js
+++ b/src/backend/src/routers/auth/oidc.js
@@ -16,12 +16,11 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
-'use strict';
-const express = require('express');
-const router = new express.Router();
-const config = require('../../config');
-const jwt = require('jsonwebtoken');
-const { get_user } = require('../../helpers');
+import express from 'express';
+const router = express.Router();
+import config from '../../config.js';
+import jwt from 'jsonwebtoken';
+import { get_user, subdomain } from '../../helpers.js';
 
 const REVALIDATION_COOKIE_NAME = 'puter_revalidation';
 const REVALIDATION_EXPIRY_SEC = 300; // 5 minutes
@@ -68,7 +67,7 @@ const oidcCallbackPreamble_ = async (req, res, callbackRedirectUri) => {
 
 // GET /auth/oidc/providers - list enabled provider ids for frontend
 router.get('/auth/oidc/providers', async (req, res) => {
-    if ( require('../../helpers').subdomain(req) !== 'api' ) {
+    if ( subdomain(req) !== 'api' ) {
         return res.status(404).end();
     }
     const svc_oidc = req.services.get('oidc');
@@ -78,7 +77,7 @@ router.get('/auth/oidc/providers', async (req, res) => {
 
 // GET /auth/oidc/:provider/start - redirect to IdP authorization
 router.get('/auth/oidc/:provider/start', async (req, res) => {
-    if ( require('../../helpers').subdomain(req) !== '' ) {
+    if ( subdomain(req) !== '' ) {
         return res.status(404).end();
     }
     const svc_edgeRateLimit = req.services.get('edge-rate-limit');
@@ -117,7 +116,7 @@ router.get('/auth/oidc/:provider/start', async (req, res) => {
 
 // GET /auth/oidc/callback/login - login only: existing account or abort. Never creates a user.
 router.get('/auth/oidc/callback/login', async (req, res) => {
-    if ( require('../../helpers').subdomain(req) !== '' ) {
+    if ( subdomain(req) !== '' ) {
         return res.status(404).end();
     }
     const svc_edgeRateLimit = req.services.get('edge-rate-limit');
@@ -147,7 +146,7 @@ router.get('/auth/oidc/callback/login', async (req, res) => {
 
 // GET /auth/oidc/callback/signup - signup only: create new account or abort. Never logs in to existing account.
 router.get('/auth/oidc/callback/signup', async (req, res) => {
-    if ( require('../../helpers').subdomain(req) !== '' ) {
+    if ( subdomain(req) !== '' ) {
         return res.status(404).end();
     }
     const svc_edgeRateLimit = req.services.get('edge-rate-limit');
@@ -179,7 +178,7 @@ router.get('/auth/oidc/callback/signup', async (req, res) => {
 
 // GET /auth/oidc/callback/revalidate - re-validate identity for protected actions (e.g. change username). Sets short-lived cookie and redirects.
 router.get('/auth/oidc/callback/revalidate', async (req, res) => {
-    if ( require('../../helpers').subdomain(req) !== '' ) {
+    if ( subdomain(req) !== '' ) {
         return res.status(404).end();
     }
     const svc_edgeRateLimit = req.services.get('edge-rate-limit');
@@ -217,7 +216,7 @@ router.get('/auth/oidc/callback/revalidate', async (req, res) => {
 
 // GET /auth/revalidate-done - landing page after OIDC revalidate; posts to opener and closes (for popup flow).
 router.get('/auth/revalidate-done', (req, res) => {
-    if ( require('../../helpers').subdomain(req) !== '' ) {
+    if ( subdomain(req) !== '' ) {
         return res.status(404).end();
     }
     const origin = config.origin || '';
@@ -235,4 +234,4 @@ if (window.opener) {
 </script><p>Re-validated. Closing&hellip;</p></body></html>`);
 });
 
-module.exports = router;
+export default router;
diff --git a/src/backend/src/routers/signup_create_new_user.js b/src/backend/src/routers/signup_create_new_user.js
index fa577953a..902b82fbe 100644
--- a/src/backend/src/routers/signup_create_new_user.js
+++ b/src/backend/src/routers/signup_create_new_user.js
@@ -16,11 +16,10 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
-'use strict';
-const config = require('../config');
-const { DB_WRITE } = require('../services/database/consts');
-const { generate_identifier } = require('../util/identifier');
-const { v4: uuidv4 } = require('uuid');
+import config from '../config.js';
+import { DB_WRITE } from '../services/database/consts.js';
+import { generate_identifier } from '../util/identifier.js';
+import { v4 as uuidv4 } from 'uuid';
 
 /**
  * Create a new user for signup. Common behavior shared by POST /signup and OIDC signup.
@@ -124,4 +123,4 @@ async function signup_create_new_user (services, options) {
     return user;
 }
 
-module.exports = signup_create_new_user;
+export default signup_create_new_user;
diff --git a/src/backend/src/services/PuterAPIService.js b/src/backend/src/services/PuterAPIService.js
index a3e82406f..e7e3f4353 100644
--- a/src/backend/src/services/PuterAPIService.js
+++ b/src/backend/src/services/PuterAPIService.js
@@ -70,7 +70,7 @@ class PuterAPIService extends BaseService {
         // app.use(require('../routers/get-launch-apps'))
         app.use(require('../routers/itemMetadata'));
         app.use(require('../routers/login'));
-        app.use(require('../routers/auth/oidc'));
+        app.use(require('../routers/auth/oidc').default);
         app.use(require('../routers/logout'));
         app.use(require('../routers/open_item'));
         app.use(require('../routers/passwd'));