diff --git a/authenticate/handlers.go b/authenticate/handlers.go
index 7a53c3eb5..9e0fe8b67 100644
--- a/authenticate/handlers.go
+++ b/authenticate/handlers.go
@@ -97,7 +97,6 @@ func (a *Authenticate) mountDashboard(r *mux.Router) {
 	sr.Path("/sign_out").Handler(httputil.HandlerFunc(a.SignOut))
 	sr.Path("/signed_out").Handler(httputil.HandlerFunc(a.signedOut)).Methods(http.MethodGet)
 	sr.Path("/device_auth").Handler(httputil.HandlerFunc(a.DeviceAuthLogin)).
-		Queries(urlutil.QueryDeviceAuthRouteURI, "").
 		Methods(http.MethodGet, http.MethodPost)
 
 	// routes that need a session:
@@ -577,7 +576,7 @@ func (a *Authenticate) getRetryTokenForRequest(r *http.Request) []byte {
 	if err := r.ParseForm(); err != nil {
 		return nil
 	}
-	dec, _ := base64.URLEncoding.DecodeString(r.Form.Get(urlutil.QueryDeviceAuthRetryToken))
+	dec, _ := base64.StdEncoding.DecodeString(r.Form.Get(urlutil.QueryDeviceAuthRetryToken))
 	return dec
 }
 
diff --git a/proxy/handlers.go b/proxy/handlers.go
index ff3cb7740..04ffd2f5f 100644
--- a/proxy/handlers.go
+++ b/proxy/handlers.go
@@ -69,7 +69,6 @@ func (p *Proxy) registerDashboardHandlers(r *mux.Router, opts *config.Options) *
 		}))
 
 	a.Path("/v1/device_auth").Handler(httputil.HandlerFunc(p.DeviceAuthLogin)).
-		Queries(urlutil.QueryDeviceAuthRouteURI, "").
 		Methods(http.MethodGet, http.MethodPost)
 
 	return r
@@ -169,10 +168,7 @@ func (p *Proxy) DeviceAuthLogin(w http.ResponseWriter, r *http.Request) error {
 	options := p.currentOptions.Load()
 
 	params := url.Values{}
-	routeUri, err := urlutil.ParseAndValidateURL(r.FormValue(urlutil.QueryDeviceAuthRouteURI))
-	if err != nil {
-		return httputil.NewError(http.StatusBadRequest, err)
-	}
+	routeUri := urlutil.GetAbsoluteURL(r)
 	params.Set(urlutil.QueryDeviceAuthRouteURI, routeUri.String())
 
 	idp, err := options.GetIdentityProviderForRequestURL(routeUri.String())