diff --git a/public/oauth.php b/public/oauth.php
index 6e2b79f..4a4cde0 100644
--- a/public/oauth.php
+++ b/public/oauth.php
@@ -23,7 +23,8 @@ session_set_cookie_params([
 session_start();
 
 $authToken = $_GET['auth'] ?? '';
-$errorRedirect = isSafeRedirect($_GET['redirect'] ?? '') ? $_GET['redirect'] : '/';
+$rawRedirect = $_GET['redirect'] ?? '/';
+$errorRedirect = isSafeRedirect($rawRedirect) ? $rawRedirect : '/';
 
 if (!$authToken) {
     $_SESSION['auth_error'] = 'Missing authentication token.';
@@ -83,6 +84,6 @@ $_SESSION['telegram_id'] = $data['telegram_id'] ?? '';
 $_SESSION['user_token'] = $userToken;
 unset($_SESSION['auth_error']);
 
-$redirect = isSafeRedirect($_GET['redirect'] ?? '') ? $_GET['redirect'] : '/';
+$redirect = isSafeRedirect($rawRedirect) ? $rawRedirect : '/';
 header('Location: ' . $redirect);
 exit;
\ No newline at end of file