diff --git management/univention-management-console/src/univention/management/console/oidc.py management/univention-management-console/src/univention/management/console/oidc.py
index c125531967c..76f44d64f29 100644
--- management/univention-management-console/src/univention/management/console/oidc.py
+++ management/univention-management-console/src/univention/management/console/oidc.py
@@ -85,6 +85,14 @@ class OIDCResource(OAuth2Mixin, Resource):
     """Base class for all OIDC resources."""
 
     requires_authentication = False
+    _http_client = None
+
+    @property
+    def http_client(self):
+        if self.__class__._http_client is None:
+            # TODO: make sure the connection is still valid
+            self.__class__._http_client = self.get_auth_http_client()
+        return self._http_client
 
     async def prepare(self):
         await super().prepare()
@@ -291,9 +299,8 @@ class OIDCResource(OAuth2Mixin, Resource):
                 "Authorization": "Bearer %s" % (bearer_token,),
             },
         )
-        http_client = self.get_auth_http_client()
         try:
-            user_info_res = await http_client.fetch(user_info_req)
+            user_info_res = await self.http_client.fetch(user_info_req)
         except HTTPClientError as exc:
             CORE.warn("Fetching user info failed: %s %s" % (user_info_req.url, exc))
             raise OpenIDProvideUnavailable(self._("Could not receive user information from OP."))
@@ -304,10 +311,9 @@ class OIDCResource(OAuth2Mixin, Resource):
 
     async def download_jwks(self):
         request = HTTPRequest(self._OAUTH_CERT_URL, method='GET')
-        http_client = self.get_auth_http_client()
 
         try:
-            response = await http_client.fetch(request, raise_error=False)
+            response = await self.http_client.fetch(request, raise_error=False)
         except HTTPClientError as exc:
             CORE.warn("Fetching certificate failed: %s %s" % (request.url, exc))
             raise OpenIDProvideUnavailable(self._("Could not receive certificate from OP."))
@@ -324,7 +330,6 @@ class OIDCResource(OAuth2Mixin, Resource):
         return await self._get_access_token(redirect_uri, {"refresh_token": refresh_token, "grant_type": "refresh_token"})
 
     async def _get_access_token(self, redirect_uri, data):
-        http_client = self.get_auth_http_client()
         body = urlencode(dict(
             data,
             redirect_uri=redirect_uri,
@@ -332,7 +337,7 @@ class OIDCResource(OAuth2Mixin, Resource):
             client_secret=self.client_secret,
         ))  # TODO: request specific AUD for ldap server
         try:
-            response = await http_client.fetch(
+            response = await self.http_client.fetch(
                 self._OAUTH_ACCESS_TOKEN_URL,
                 method="POST",
                 headers={"Content-Type": "application/x-www-form-urlencoded"},
@@ -340,8 +345,6 @@ class OIDCResource(OAuth2Mixin, Resource):
             )
         except HTTPClientError:
             raise  # handled in get()
-        # TODO: why do we need that, see univention/dev/ucs#2388
-        http_client.close()
         return escape.json_decode(response.body)
 
     async def refresh_session_tokens(self, user):
@@ -488,9 +491,8 @@ class OIDCLogout(_OIDCLogoutBase):
         if not id_token:
             raise BadRequest(self._("Not logged in"))
 
-        http_client = self.get_auth_http_client()
         try:
-            await http_client.fetch(
+            await self.http_client.fetch(
                 self._OAUTH_END_SESSION_URL,
                 method="POST",
                 headers={"Content-Type": "application/x-www-form-urlencoded"},