diff --git a/auth/oidc.go b/auth/oidc.go
index 11f234d3..f2b85540 100644
--- a/auth/oidc.go
+++ b/auth/oidc.go
@@ -8,7 +8,9 @@ import (
 	"math"
 	"math/big"
 	"net/http"
+	"net/url"
 	"os"
+	"strings"
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"golang.org/x/oauth2"
@@ -45,12 +47,13 @@ func (a OIDCAuth) LoginPage() bool {
 
 // OAuthClient describes the oidc connector parameters.
 type OAuthClient struct {
-	ClientID     string                `json:"clientID"`
-	ClientSecret string                `json:"clientSecret"`
-	Issuer       string                `json:"issuer"`
-	RedirectURL  string                `json:"redirectURL"`
-	OAuth2Config oauth2.Config         `json:"-"`
-	Verifier     *oidc.IDTokenVerifier `json:"-"`
+	ClientID               string                `json:"clientID"`
+	ClientSecret           string                `json:"clientSecret"`
+	Issuer                 string                `json:"issuer"`
+	RedirectURL            string                `json:"redirectURL"`
+	RedirectURLAppendQuery bool                  `json:"redirectURLAppendQuery"`
+	OAuth2Config           oauth2.Config         `json:"-"`
+	Verifier               *oidc.IDTokenVerifier `json:"-"`
 }
 
 // InitClient configures the connector via oidc discovery.
@@ -79,12 +82,14 @@ func (o *OAuthClient) InitAuthFlow(w http.ResponseWriter, r *http.Request) {
 	rand2, _ := rand.Int(rand.Reader, big.NewInt(math.MaxInt32))
 	state := fmt.Sprintf("%x", rand1)
 	nonce := fmt.Sprintf("%x", rand2)
-	o.OAuth2Config.RedirectURL += "?redirect=" + r.URL.Path
-	url := o.OAuth2Config.AuthCodeURL(state, oidc.Nonce(nonce))
+	if strings.HasPrefix(r.URL.Path, "/files/") && o.RedirectURLAppendQuery {
+		o.OAuth2Config.RedirectURL += "?redirect=" + url.QueryEscape(r.URL.Path)
+	}
+	redirect := o.OAuth2Config.AuthCodeURL(state, oidc.Nonce(nonce))
 
-	log.Println("oidc init flow ", url)
+	log.Println("oidc init flow ", redirect)
 	w.Header().Set("Set-Cookie", "state="+state+"; path=/")
-	http.Redirect(w, r, url, http.StatusMovedPermanently)
+	http.Redirect(w, r, redirect, http.StatusMovedPermanently)
 }
 
 // HandleAuthCallback manages code exchange and obtains the id token.
diff --git a/cmd/config.go b/cmd/config.go
index 3d044901..24266a69 100644
--- a/cmd/config.go
+++ b/cmd/config.go
@@ -45,6 +45,7 @@ func addConfigFlags(flags *pflag.FlagSet) {
 	flags.String("oidc.clientSecret", "", "Open ID Connect Client Secret for auth.method=oidc")
 	flags.String("oidc.issuer", "", "Open ID Connect Configuration Issuer URL for auth.method=oidc")
 	flags.String("oidc.redirectURL", "", "Open ID Connect Redirect URL for auth.method=oidc")
+	flags.Bool("oidc.redirectURLAppendQuery", false, "Whether to append '?redirect=...' to the redirectURL")
 
 	flags.String("branding.name", "", "replace 'File Browser' by this name")
 	flags.String("branding.color", "", "set the theme color")
@@ -132,13 +133,15 @@ func getAuthentication(flags *pflag.FlagSet, defaults ...interface{}) (settings.
 		secret := mustGetString(flags, "oidc.clientSecret")
 		url := mustGetString(flags, "oidc.issuer")
 		redirect := mustGetString(flags, "oidc.redirectURL")
+		appendQuery := mustGetBool(flags, "oidc.redirectURLAppendQuery")
 
 		if id != "" && secret != "" && url != "" && redirect != "" {
 			oidcAuth.OIDC = &auth.OAuthClient{
-				ClientID:     id,
-				ClientSecret: secret,
-				Issuer:       url,
-				RedirectURL:  redirect,
+				ClientID:               id,
+				ClientSecret:           secret,
+				Issuer:                 url,
+				RedirectURL:            redirect,
+				RedirectURLAppendQuery: appendQuery,
 			}
 		}
 		auther = oidcAuth
diff --git a/storage/bolt/importer/conf.go b/storage/bolt/importer/conf.go
index d63b296f..3d5f8a76 100644
--- a/storage/bolt/importer/conf.go
+++ b/storage/bolt/importer/conf.go
@@ -45,10 +45,11 @@ type oldConf struct {
 		Host   string `json:"host" yaml:"host" toml:"host"`
 	} `json:"recaptcha" yaml:"recaptcha" toml:"recaptcha"`
 	OIDC struct {
-		ClientID     string `json:"clientID" yaml:"clientID" toml:"clientID"`
-		ClientSecret string `json:"clientSecret" yaml:"clientSecret" toml:"clientSecret"`
-		Issuer       string `json:"issuer" yaml:"issuer" toml:"issuer"`
-		RedirectURL  string `json:"redirectURL" yaml:"redirectURL" toml:"redirectURL"`
+		ClientID               string `json:"clientID" yaml:"clientID" toml:"clientID"`
+		ClientSecret           string `json:"clientSecret" yaml:"clientSecret" toml:"clientSecret"`
+		Issuer                 string `json:"issuer" yaml:"issuer" toml:"issuer"`
+		RedirectURL            string `json:"redirectURL" yaml:"redirectURL" toml:"redirectURL"`
+		RedirectURLAppendQuery bool   `json:"redirectURLAppendQuery" yaml:"redirectURLAppendQuery" toml:"redirectURLAppendQuery"`
 	} `json:"oidc" yaml:"oidc" toml:"oidc"`
 	Auth oldAuth `json:"auth" yaml:"auth" toml:"auth"`
 }
@@ -159,10 +160,11 @@ func importConf(db *storm.DB, path string, sto *storage.Storage) error {
 	case "oidc":
 		auther = &auth.OIDCAuth{
 			OIDC: &auth.OAuthClient{
-				ClientID:     cfg.OIDC.ClientID,
-				ClientSecret: cfg.OIDC.ClientSecret,
-				Issuer:       cfg.OIDC.Issuer,
-				RedirectURL:  cfg.OIDC.RedirectURL,
+				ClientID:               cfg.OIDC.ClientID,
+				ClientSecret:           cfg.OIDC.ClientSecret,
+				Issuer:                 cfg.OIDC.Issuer,
+				RedirectURL:            cfg.OIDC.RedirectURL,
+				RedirectURLAppendQuery: cfg.OIDC.RedirectURLAppendQuery,
 			},
 		}
 		s.AuthMethod = auth.MethodOIDCAuth