diff --git a/src/gui/creds/oauth.cpp b/src/gui/creds/oauth.cpp
index 63f0b53232..44cd3bb1e0 100644
--- a/src/gui/creds/oauth.cpp
+++ b/src/gui/creds/oauth.cpp
@@ -100,9 +100,12 @@ void OAuth::start()
                 req.setAttribute(HttpCredentials::DontAddCredentialsAttribute, true);
 
                 auto requestBody = new QBuffer;
-                QUrlQuery arguments(QString(
-                    "grant_type=authorization_code&code=%1&redirect_uri=http://localhost:%2&code_verifier=%3&scope=openid offline_access")
-                                        .arg(code, QString::number(_server.serverPort()), _pkceCodeVerifier));
+                QUrlQuery arguments {
+                    { "grant_type", "authorization_code" },
+                    { "code" , code },
+                    { "redirect_uri", QString("http://localhost:%1").arg(_server.serverPort()) },
+                    { "code_verifier", _pkceCodeVerifier },
+                    { "scope", "openid offline_access" }};
                 requestBody->setData(arguments.query(QUrl::FullyEncoded).toLatin1());
                 auto job = _account->sendRequest("POST", requestToken, req, requestBody);
                 job->setTimeout(qMin(30 * 1000ll, job->timeoutMsec()));
@@ -121,7 +124,7 @@ void OAuth::start()
                         QString errorReason;
                         QString errorFromJson = json["error_description"].toString();
                         if (errorFromJson.isEmpty())
-                            QString errorFromJson = json["error"].toString();
+                            errorFromJson = json["error"].toString();
                         if (!errorFromJson.isEmpty()) {
                             errorReason = tr("Error returned from the server: <em>%1</em>")
                                               .arg(errorFromJson.toHtmlEscaped());
@@ -260,6 +263,7 @@ void OAuth::openBrowser()
 {
     authorisationLinkAsync([this](const QUrl &link) {
         if (!QDesktopServices::openUrl(link)) {
+            qCWarning(lcOauth) << "QDesktopServices::openUrl Failed";
             // We cannot open the browser, then we claim we don't support OAuth.
             emit result(NotSupported, QString());
         }
diff --git a/src/gui/creds/oauth.h b/src/gui/creds/oauth.h
index e4bf091344..a947d4671a 100644
--- a/src/gui/creds/oauth.h
+++ b/src/gui/creds/oauth.h
@@ -29,7 +29,8 @@ namespace OCC {
  *       |
  *       +----> fetchWellKnown() query the ".well-known/openid-configuration" endpoint
  *       |
- *       +----> openBrowser() open the browser to the login page after fetchWellKnown finished.
+ *       +----> openBrowser() open the browser after fetchWellKnown finished to the specified page
+ *       |                    (or the default 'oauth2/authorize' if fetchWellKnown does not exist)
  *       |                    Then the browser will redirect to http://localhost:xxx
  *       |
  *       +----> _server starts listening on a TCP port waiting for an HTTP request with a 'code'
diff --git a/src/libsync/creds/httpcredentials.cpp b/src/libsync/creds/httpcredentials.cpp
index 21f82c9903..b4e900f9c3 100644
--- a/src/libsync/creds/httpcredentials.cpp
+++ b/src/libsync/creds/httpcredentials.cpp
@@ -438,7 +438,7 @@ bool HttpCredentials::refreshAccessToken()
         req.setAttribute(HttpCredentials::DontAddCredentialsAttribute, true);
 
         auto requestBody = new QBuffer;
-        QUrlQuery arguments(QString("grant_type=refresh_token&refresh_token=%1").arg(_refreshToken));
+        QUrlQuery arguments{{"grant_type" , "refresh_token"}, { "refresh_token", _refreshToken}};
         requestBody->setData(arguments.query(QUrl::FullyEncoded).toLatin1());
 
         auto job = _account->sendRequest("POST", requestTokenUrl, req, requestBody);