nixos/oauth2_proxy_nginx: fix URL escaping

1 files changed, 2 insertions, 2 deletions

diff --git a/nixos/modules/services/security/oauth2_proxy_nginx.nix b/nixos/modules/services/security/oauth2_proxy_nginx.nix
index 1b86656c7d4c5..91d846abb36e6 100644
--- a/nixos/modules/services/security/oauth2_proxy_nginx.nix
+++ b/nixos/modules/services/security/oauth2_proxy_nginx.nix
@@ -87,9 +87,9 @@ in
         "/oauth2/auth" = let
           maybeQueryArg = name: value:
             if value == null then null
-            else "${name}=${lib.concatStringsSep "," value}";
+            else "${name}=${lib.concatStringsSep "," (builtins.map lib.escapeURL value)}";
           allArgs = lib.mapAttrsToList maybeQueryArg conf;
-          cleanArgs = builtins.map lib.escapeURL (builtins.filter (x: x != null) allArgs);
+          cleanArgs = builtins.filter (x: x != null) allArgs;
           cleanArgsStr = lib.concatStringsSep "&" cleanArgs;
         in {
           # nginx doesn't support passing query string arguments to auth_request,