diff --git a/src/AuthCode.hs b/src/AuthCode.hs
index f8c78a9..6a42fe1 100644
--- a/src/AuthCode.hs
+++ b/src/AuthCode.hs
@@ -42,7 +42,7 @@ genUnencryptedCode client url expiration state = do
   now <- getCurrentTime
   let
     expiresAt = expiration `addUTCTime` now
-    simpleCode = replace "=" "%3D" . encodeBase64 . pack . filter (/= ' ') $ client <> url <> show now <> show expiresAt
+    simpleCode = replace "/" "%2F" . replace "=" "%3D" . encodeBase64 . pack . filter (/= ' ') $ client <> url <> show now <> show expiresAt
   success <- atomically . stateTVar state $ \s ->
     let mEntry = M.lookup simpleCode s.activeCodes
     in
diff --git a/src/Server.hs b/src/Server.hs
index 0861a32..56f7629 100644
--- a/src/Server.hs
+++ b/src/Server.hs
@@ -135,7 +135,7 @@ authServer = handleAuth
     addParams url (Just code) mState =
       let qPos = fromMaybe (length url) $ elemIndex '?' url
           (pre, post) = splitAt qPos url
-          rState = case mState of {Just s -> "&state=" ++ (unpack $ replace "=" "%3D" s); Nothing -> ""}
+          rState = case mState of {Just s -> "&state=" ++ (unpack . replace "/" "%2F" $ replace "=" "%3D" s); Nothing -> ""}
           post' = if not (null post) then '&' : tail post else post
       in Just . fromString $ pre ++ "?code=" ++ (unpack code) ++ post' ++ rState