diff --git a/packages/client/src/pages/auth.vue b/packages/client/src/pages/auth.vue
index 4ad7d08c66..34508610c1 100644
--- a/packages/client/src/pages/auth.vue
+++ b/packages/client/src/pages/auth.vue
@@ -88,8 +88,10 @@ export default defineComponent({
 			const getUrlParams = () => window.location.search.substring(1).split('&').reduce((result, query) => { const [k, v] = query.split('='); result[k] = decodeURI(v); return result; }, {});
 			const isMastodon = !!getUrlParams().mastodon
 			if (this.session.app.callbackUrl && isMastodon) {
-				const stateParam = !!getUrlParams().state ? `&state=$(getUrlParams().state)` : ''; 
-				location.href = `${this.session.app.callbackUrl}?code=${this.session.token}${stateParam}`;
+				const callbackUrl = new URL(this.session.app.callbackUrl);
+				callbackUrl.searchParams.append("code", this.session.token);
+				if (!!getUrlParams().state) callbackUrl.searchParams.append("state", getUrlParams().state);
+				location.href = callbackUrl.toString();
 			} else if (this.session.app.callbackUrl) {
 				const url = new URL(this.session.app.callbackUrl);
 				if (['javascript:', 'file:', 'data:', 'mailto:', 'tel:'].includes(url.protocol)) throw new Error('invalid url');