diff --git a/bin/matrixoidc.dart b/bin/matrixoidc.dart
index 7bbc11d..a910ed7 100644
--- a/bin/matrixoidc.dart
+++ b/bin/matrixoidc.dart
@@ -34,6 +34,7 @@ void main(List<String> argsRaw) async {
                 apiHelper.openidConfiguration,
               )
               ..get("/userinfo", apiHelper.userinfoHandler)
+              ..get("/bridge", apiHelper.bridgeHandler)
               ..post("/login", apiHelper.handleLogin)
               ..post("/token", apiHelper.tokenHandler))
             .call,
diff --git a/lib/helpers/api_helper.dart b/lib/helpers/api_helper.dart
index 70f243f..e706bbf 100644
--- a/lib/helpers/api_helper.dart
+++ b/lib/helpers/api_helper.dart
@@ -43,7 +43,13 @@ class ApiHelper {
         .read(AuthCodeController.provider.notifier)
         .set(code, MatrixUser(userId: userId, matrixToken: accessToken));
 
-    return Response.found("$redirectUri?code=$code&state=$state");
+    final uri = Uri.parse(redirectUri);
+
+    return Response.found(
+      uri.replace(
+        queryParameters: {...uri.queryParameters, "code": code, "state": state},
+      ),
+    );
   }
 
   Future<Response> tokenHandler(Request request) async {
@@ -96,6 +102,33 @@ class ApiHelper {
     );
   }
 
+  Future<Response> bridgeHandler(Request request) async {
+    final query = request.url.queryParameters;
+    final code = query['code'];
+    final redirectUri = query['redirect_uri'];
+
+    if (code == null || redirectUri == null) {
+      return Response(400, body: "Missing code or redirect_uri");
+    }
+
+    final tokenRes = await tokenHandler(
+      Request(
+        "POST",
+        Uri.base,
+        body: json.encode({"code": code, "client_id": "proxy"}),
+      ),
+    );
+
+    final uri = Uri.parse(redirectUri).replace(
+      queryParameters: {
+        ...Uri.parse(redirectUri).queryParameters,
+        ...json.decode(await tokenRes.readAsString()),
+      },
+    );
+
+    return Response.found(uri.toString());
+  }
+
   Future<Response> userinfoHandler(Request request) async {
     final auth = request.headers["authorization"];
     if (auth == null || !auth.startsWith("Bearer ")) {