diff --git a/internals/oauth/oauth.templ b/internals/oauth/oauth.templ
index 041506c..cc854d0 100644
--- a/internals/oauth/oauth.templ
+++ b/internals/oauth/oauth.templ
@@ -125,7 +125,7 @@ func (c DefaultOAuthClient) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 	http.SetCookie(w, &http.Cookie{
 		Name:     "__Host-OAUTH-" + strings.ToUpper(c.Name),
-		Value:    string(cv),
+		Value:    url.PathEscape(string(cv)),
 		SameSite: http.SameSiteStrictMode,
 		Path:     "/",
 		Secure:   true,