diff --git a/gui/src/lib.rs b/gui/src/lib.rs
index d4a4c12..cf7cfeb 100644
--- a/gui/src/lib.rs
+++ b/gui/src/lib.rs
@@ -534,17 +534,26 @@ struct OidcQuery {
 
 #[derive(PartialEq, Props)]
 struct OidcProps {
-    token: String,
-    username: String,
+    info: String,
 }
 
 fn OidcRedirect(cx: Scope<OidcProps>) -> Element {
+    let (username, token) = cx
+        .props
+        .info
+        .split("---")
+        .collect_tuple()
+        .expect("invalid token kind");
     cx.render({
         match LocalStorage::set(
             "token",
             LoginInfo {
-                token: cx.props.token.clone(),
-                name: cx.props.username.clone(),
+                token: urlencoding::decode(token)
+                    .expect("token urldecode")
+                    .to_string(),
+                name: urlencoding::decode(username)
+                    .expect("username urldecode")
+                    .to_string(),
             },
         ) {
             Ok(_) => {
@@ -564,8 +573,8 @@ use recipe::{RecipeCreator, RecipeList, RecipeView};
 enum Route {
     #[route("/login")]
     Login,
-    #[route("/login/oidc?:token?:username")]
-    OidcRedirect { token: String, username: String },
+    #[route("/login/oidc/:info")]
+    OidcRedirect { info: String, },
 
     #[layout(LoginRedirect)]
         #[route("/household_selection")]
diff --git a/src/routes/mod.rs b/src/routes/mod.rs
index 8b32fc9..efeca5e 100644
--- a/src/routes/mod.rs
+++ b/src/routes/mod.rs
@@ -239,10 +239,10 @@ async fn oidc_login_finish(
             let token = state.jwt_secret.0.authenticate(claims)?;
 
             let redirect = format!(
-                "{}?token={}&username={}",
+                "{}/{}---{}",
                 account.source_url,
-                urlencoding::encode(&token),
                 urlencoding::encode(&user.name),
+                urlencoding::encode(&token),
             );
 
             Ok(Redirect::to(&redirect))