From d800447cd68ece94a6f6798aec66763f85473550 Mon Sep 17 00:00:00 2001
From: Raphael Michel <michel@rami.io>
Date: Mon, 8 May 2023 10:27:15 +0200
Subject: [PATCH] Fix for #3130 -- OIDC with Azure AD issues (#3222)

---
 src/pretix/presale/views/customer.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pretix/presale/views/customer.py b/src/pretix/presale/views/customer.py
index 6faf0a8aea..54d07f9425 100644
--- a/src/pretix/presale/views/customer.py
+++ b/src/pretix/presale/views/customer.py
@@ -626,7 +626,7 @@ class SSOLoginView(RedirectBackMixin, View):
         })
 
         if self.provider.method == "oidc":
-            return redirect_to_url(oidc_authorize_url(self.provider, f'{nonce}§{next_url}', redirect_uri))
+            return redirect_to_url(oidc_authorize_url(self.provider, f'{nonce}%{next_url}', redirect_uri))
         else:
             raise Http404("Unknown SSO method.")
 
@@ -685,7 +685,7 @@ class SSOLoginReturnView(RedirectBackMixin, View):
                     popup_origin,
                 )
 
-            nonce, redirect_to = re.split("[#§]", request.GET['state'])  # Allow # for backwards-compatibility for a while
+            nonce, redirect_to = re.split("[%#§]", request.GET['state'])  # Allow § and # for backwards-compatibility for a while
 
             if nonce != request.session.get(f'pretix_customerauth_{self.provider.pk}_nonce'):
                 return self._fail(