diff --git a/syncserver/__init__.py b/syncserver/__init__.py
index d557463..7f17750 100644
--- a/syncserver/__init__.py
+++ b/syncserver/__init__.py
@@ -129,9 +129,15 @@ def includeme(config):
             settings["browserid.allowed_issuers"] = [idp_issuer]
     if "oauth.backend" not in settings:
         settings["oauth.backend"] = "tokenserver.verifiers.RemoteOAuthVerifier"
-        # If an IdP was specified, use it for oauth verification.
-        if idp is not None:
+        # If an explicit OAuth verifier was configured, use it.
+        # Otherwise take the URL from the IdP config, if present.
+        verifier_url = settings.get("syncserver.oauth_verifier")
+        if verifier_url is not None:
+            settings["oauth.server_url"] = verifier_url
+        elif idp is not None:
             settings["oauth.server_url"] = idp_config["oauth_server_base_url"]
+        # If an IdP was configured, it's the default issuer of OAuth tokens.
+        if idp is not None:
             settings["oauth.default_issuer"] = idp_issuer
     if "loggers" not in settings:
         # Default to basic logging config.
@@ -172,6 +178,7 @@ def import_settings_from_environment_variables(settings, environ=None):
         ("SYNCSERVER_SECRET", "syncserver.secret", str),
         ("SYNCSERVER_SQLURI", "syncserver.sqluri", str),
         ("SYNCSERVER_IDENTITY_PROVIDER", "syncserver.identity_provider", str),
+        ("SYNCSERVER_OAUTH_VERIFIER", "syncserver.oauth_verifier", str),
         ("SYNCSERVER_BROWSERID_VERIFIER",
          "syncserver.browserid_verifier",
          str),