diff --git a/includes/openid-connect-generic-client-wrapper.php b/includes/openid-connect-generic-client-wrapper.php
index 5b5ae86..e3774fe 100644
--- a/includes/openid-connect-generic-client-wrapper.php
+++ b/includes/openid-connect-generic-client-wrapper.php
@@ -385,7 +385,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
 		$this->logger->log( "Successful login for: {$user->user_login} ({$user->ID})", 'login-success' );
 
 		// redirect back to the origin page if enabled
-		$redirect_url = isset( $_COOKIE[ $this->cookie_redirect_key ] ) ? esc_url( $_COOKIE[ $this->cookie_redirect_key ] ) : false;
+		$redirect_url = isset( $_COOKIE[ $this->cookie_redirect_key ] ) ? esc_url_raw( $_COOKIE[ $this->cookie_redirect_key ] ) : false;
 
 		if( $this->settings->redirect_user_back && !empty( $redirect_url ) ) {
 			do_action( 'openid-connect-generic-redirect-user-back', $redirect_url, $user );
diff --git a/includes/openid-connect-generic-login-form.php b/includes/openid-connect-generic-login-form.php
index 6d2b6ba..83f1095 100644
--- a/includes/openid-connect-generic-login-form.php
+++ b/includes/openid-connect-generic-login-form.php
@@ -77,7 +77,7 @@ class OpenID_Connect_Generic_Login_Form {
 				$redirect_url = admin_url();
 
 				if ( isset( $_REQUEST['redirect_to'] ) ) {
-					$redirect_url = esc_url( $_REQUEST[ 'redirect_to' ] );
+					$redirect_url = esc_url_raw( $_REQUEST[ 'redirect_to' ] );
 				}
 			}