From fb3fe419d705a22bf8cf356a5f67cf5162debf9e Mon Sep 17 00:00:00 2001
From: CallumWayve <callum.newton@wayve.ai>
Date: Wed, 29 Oct 2025 20:23:17 +0000
Subject: [PATCH] Update oauthproxy.go

Co-authored-by: Jan Larwig <jan@larwig.com>
Signed-off-by: Callum Newton <callum.newton@wayve.ai>
---
 oauthproxy.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/oauthproxy.go b/oauthproxy.go
index dd2dca10..60524935 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -1250,12 +1250,11 @@ func checkAllowedEmails(req *http.Request, s *sessionsapi.SessionState) bool {
 // encodeState builds the OAuth state param out of our nonce and
 // original application redirect
 func encodeState(nonce string, redirect string, encode bool) string {
-	redirectPart := redirect
 	if !encode {
-		redirectPart = url.QueryEscape(redirectPart)
+		redirect = url.QueryEscape(redirect)
 	}
 
-	rawString := fmt.Sprintf("%v:%v", nonce, redirectPart)
+	rawString := fmt.Sprintf("%v:%v", nonce, redirect)
 	if encode {
 		return base64.RawURLEncoding.EncodeToString([]byte(rawString))
 	}