diff --git a/packages/backend/src/server/api/mastodon/endpoints/auth.ts b/packages/backend/src/server/api/mastodon/endpoints/auth.ts
index 267128a6a..98e2ad9e8 100644
--- a/packages/backend/src/server/api/mastodon/endpoints/auth.ts
+++ b/packages/backend/src/server/api/mastodon/endpoints/auth.ts
@@ -4,6 +4,7 @@ import { convertId, IdType } from "@/misc/convert-id.js";
 import { AuthConverter } from "@/server/api/mastodon/converters/auth.js";
 import { v4 as uuid } from "uuid";
 import { MastoApiError } from "@/server/api/mastodon/middleware/catch-errors.js";
+import { toSingleLast } from "@/prelude/array.js";
 
 export function setupEndpointsAuth(router: Router): void {
     router.post("/v1/apps", async (ctx) => {
@@ -29,7 +30,8 @@ export function setupEndpointsAuthRoot(router: Router): void {
         const { client_id, state, redirect_uri } = ctx.request.query;
         let param = "mastodon=true";
         if (state) param += `&state=${state}`;
-        if (redirect_uri) param += `&redirect_uri=${redirect_uri}`;
+        const final_redirect_uri = toSingleLast(redirect_uri);
+        if (final_redirect_uri) param += `&redirect_uri=${encodeURIComponent(final_redirect_uri)}`;
         const client = client_id ? client_id : "";
         ctx.redirect(`${Buffer.from(client.toString(), "base64").toString()}?${param}`);
     });
diff --git a/packages/client/src/pages/auth.vue b/packages/client/src/pages/auth.vue
index a090776e0..26b1e2dfc 100644
--- a/packages/client/src/pages/auth.vue
+++ b/packages/client/src/pages/auth.vue
@@ -106,15 +106,17 @@ export default defineComponent({
 					.split("&")
 					.reduce((result, query) => {
 						const [k, v] = query.split("=");
-						result[k] = decodeURI(v);
+						result[k] = decodeURIComponent(v);
 						return result;
 					}, {});
 			const isMastodon = !!getUrlParams().mastodon;
 			if (this.session.app.callbackUrl && isMastodon) {
-				const redirectUri = decodeURIComponent(getUrlParams().redirect_uri);
+				const redirectUri = getUrlParams().redirect_uri;
 				if (!this.session.app.callbackUrl.split('\n').some(p => p === redirectUri)){
 					this.state = "fetch-session-error";
 					this.fetching = false;
+					console.log(`redirect uri: ${redirectUri}`);
+					console.log(`reg_app uris: ${this.session.app.callbackUrl.split('\n').join(',')}`);
 					throw new Error("callback uri doesn't match registered app");
 				}
 				const callbackUrl = new URL(redirectUri)