diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d5d79f0..8159921 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -26,10 +26,10 @@ RPM:
   parallel:
     matrix:
       - RUNNER:
-          - aws/fedora-34-x86_64
-          - aws/fedora-34-aarch64
-          - aws/rhel-8.5-ga-x86_64
-          - aws/rhel-8.5-ga-aarch64
+          - aws/fedora-36-x86_64
+          - aws/fedora-36-aarch64
+          - aws/rhel-8.6-ga-x86_64
+          - aws/rhel-8.6-ga-aarch64
 
 Testing:
   stage: test
@@ -45,10 +45,10 @@ Testing:
       - RUNNER:
           # https://quay.io/repository/osbuild/postgres available only for x86_64
           # - aws/fedora-33-aarch64
-          - aws/fedora-34-x86_64
+          - aws/fedora-36-x86_64
           # - aws/fedora-34-aarch64
       - RUNNER:
-          - aws/rhel-8.5-ga-x86_64
+          - aws/rhel-8.6-ga-x86_64
           # - aws/rhel-8.4-ga-aarch64
         INTERNAL_NETWORK: ["true"]
 
diff --git a/schutzbot/deploy.sh b/schutzbot/deploy.sh
index 4beb040..88b7b25 100755
--- a/schutzbot/deploy.sh
+++ b/schutzbot/deploy.sh
@@ -20,8 +20,8 @@ function retry {
 
 # Variables for where to find osbuild-composer RPMs to test against
 DNF_REPO_BASEURL=http://osbuild-composer-repos.s3-website.us-east-2.amazonaws.com
-OSBUILD_COMMIT=bb30ffa0629e16ecff103aaaeb7e931f3f8ff79e             # release 46
-OSBUILD_COMPOSER_COMMIT=346486cd3f06856efee5e982553e28fb387558e6    # commit that contains repo package sets
+OSBUILD_COMMIT=376cbffd136bc4ba86fc7c63697fa5b88fe3acef             # release 62
+OSBUILD_COMPOSER_COMMIT=2d13050ba84a2bb30d9dd980639ee78354fe90f3    # release 59-dev (includes mock openid server fix)
 
 # Get OS details.
 source /etc/os-release
@@ -93,6 +93,3 @@ fi
 
 # Installing koji-osbuild-tests package
 retry sudo dnf -y install koji-osbuild-tests
-
-# Start services.
-sudo systemctl enable --now osbuild-composer-api.socket
diff --git a/schutzbot/terraform b/schutzbot/terraform
index 04c2b61..ed0d14f 100644
--- a/schutzbot/terraform
+++ b/schutzbot/terraform
@@ -1 +1 @@
-fdfd0f7f4cf26907e15d35757f8f61f318db626c
+2227384b389f78fcd024a721cbf18371b8ec4a03
diff --git a/test/copy-creds.sh b/test/copy-creds.sh
index c6fe85b..592d431 100755
--- a/test/copy-creds.sh
+++ b/test/copy-creds.sh
@@ -31,6 +31,8 @@ mkdir -p /etc/osbuild-worker
 cp ${TEST_DATA}/osbuild-worker.toml \
    /etc/osbuild-worker/
 
+echo "koji" > /etc/osbuild-worker/oauth-secret
+
 echo "Copying system kerberos configuration"
 cp ${TEST_DATA}/krb5.local.conf \
    /etc/krb5.conf.d/local
diff --git a/test/data/osbuild-composer.toml b/test/data/osbuild-composer.toml
index c2acf9d..3293991 100644
--- a/test/data/osbuild-composer.toml
+++ b/test/data/osbuild-composer.toml
@@ -3,14 +3,20 @@ ca = "/etc/osbuild-composer/ca-crt.pem"
 enable_tls = true
 enable_mtls = false
 enable_jwt = true
-jwt_keys_url = "https://localhost:8081/certs"
+jwt_keys_urls = ["https://localhost:8081/certs"]
 jwt_ca_file = "/etc/osbuild-composer/ca-crt.pem"
 jwt_acl_file = ""
+jwt_tenant_provider_fields = ["rh-org-id"]
 
 [koji.servers.localhost.kerberos]
 principal = "osbuild-krb@LOCAL"
 keytab = "/etc/osbuild-composer/client.keytab"
 
 [worker]
-allowed_domains = ["localhost", "client.osbuild.local"]
-ca = "/etc/osbuild-composer/ca-crt.pem"
+enable_artifacts = false
+enable_tls = true
+enable_mtls = false
+enable_jwt = true
+jwt_keys_urls = ["https://localhost:8081/certs"]
+jwt_ca_file = "/etc/osbuild-composer/ca-crt.pem"
+jwt_tenant_provider_fields = ["rh-org-id"]
diff --git a/test/data/osbuild-worker.toml b/test/data/osbuild-worker.toml
index cd5224c..5fd3c2b 100644
--- a/test/data/osbuild-worker.toml
+++ b/test/data/osbuild-worker.toml
@@ -1,3 +1,8 @@
+[authentication]
+oauth_url = "https://localhost:8081/token"
+client_id = "koji"
+client_secret = "/etc/osbuild-worker/oauth-secret"
+
 [koji.localhost.kerberos]
 principal = "osbuild-krb@LOCAL"
 keytab = "/etc/osbuild-worker/client.keytab"
diff --git a/test/integration.sh b/test/integration.sh
index ec8f4e2..1a7b939 100755
--- a/test/integration.sh
+++ b/test/integration.sh
@@ -26,12 +26,6 @@ sudo dnf -y \
 greenprint "Creating composer SSL certificates"
 sudo /usr/libexec/koji-osbuild-tests/make-certs.sh /usr/share/koji-osbuild-tests
 
-greenprint "Starting osbuild-composer's socket"
-sudo systemctl enable --now osbuild-composer-api.socket
-
-greenprint "Starting mock OpenID server"
-sudo /usr/libexec/koji-osbuild-tests/run-openid.sh start
-
 greenprint "Building containers"
 sudo /usr/libexec/koji-osbuild-tests/build-container.sh /usr/share/koji-osbuild-tests
 
@@ -41,12 +35,27 @@ sudo /usr/libexec/koji-osbuild-tests/run-koji-container.sh start
 greenprint "Print logs"
 sudo podman logs org.osbuild.koji.koji
 
-greenprint "Copying credentials and certificates"
-sudo /usr/libexec/koji-osbuild-tests/copy-creds.sh /usr/share/koji-osbuild-tests
-
 greenprint "Testing Koji hub API access"
 koji --server=http://localhost:8080/kojihub --user=osbuild --password=osbuildpass --authtype=password hello
 
+greenprint "Copying credentials, certificates and configuration files"
+sudo /usr/libexec/koji-osbuild-tests/copy-creds.sh /usr/share/koji-osbuild-tests
+
+greenprint "Starting mock OpenID server"
+sudo /usr/libexec/koji-osbuild-tests/run-openid.sh start
+
+greenprint "Starting osbuild-composer's Cloud API socket and a remote worker"
+# Start services.
+sudo systemctl stop 'osbuild*'
+# make sure that the local worker is not running
+sudo systemctl mask osbuild-worker@1.service
+# enable remote worker API
+sudo systemctl start osbuild-remote-worker.socket
+# enable Cloud API
+sudo systemctl start osbuild-composer-api.socket
+# start a remote worker
+sudo systemctl start osbuild-remote-worker@localhost:8700.service
+
 greenprint "Starting koji builder"
 sudo /usr/libexec/koji-osbuild-tests/run-builder.sh start /usr/share/koji-osbuild-tests
 
diff --git a/test/run-builder.sh b/test/run-builder.sh
index e8c35bd..d38b825 100755
--- a/test/run-builder.sh
+++ b/test/run-builder.sh
@@ -23,11 +23,7 @@ fi
 
 builder_start() {
   source /etc/os-release
-  if [[ $ID == rhel ]]; then
-    GATEWAY_IP=$(${CONTAINER_RUNTIME} network inspect org.osbuild.koji | jq -r ".[0].subnets[0].gateway")
-  else
-    GATEWAY_IP=$(${CONTAINER_RUNTIME} network inspect org.osbuild.koji | jq -r ".[0].plugins[0].ipam.ranges[0][0].gateway")
-  fi
+  GATEWAY_IP=$(${CONTAINER_RUNTIME} network inspect org.osbuild.koji | jq -r ".[0].subnets[0].gateway")
   echo "Gateway IP is $GATEWAY_IP"
 
   # maybe copy the 'builder' plugin to the share dir
diff --git a/test/run-openid.sh b/test/run-openid.sh
index 3a63c39..a22079a 100755
--- a/test/run-openid.sh
+++ b/test/run-openid.sh
@@ -15,7 +15,7 @@ server_start() {
   -a ":${SERVER_PORT}" \
   -expires 10 &
 
-  until curl --output /dev/null --silent --fail "https://localhost:${SERVER_PORT}/token"; do
+  until curl --data "grant_type=refresh_token" --output /dev/null --silent --fail "https://localhost:${SERVER_PORT}/token"; do
     sleep 0.5
   done