diff --git a/frappe/integrations/doctype/connected_app/connected_app.py b/frappe/integrations/doctype/connected_app/connected_app.py
index d6b173d040..d571b2ba00 100644
--- a/frappe/integrations/doctype/connected_app/connected_app.py
+++ b/frappe/integrations/doctype/connected_app/connected_app.py
@@ -48,8 +48,7 @@ class ConnectedApp(Document):
 	def validate(self):
 		base_url = frappe.utils.get_url()
 		callback_path = (
-			"/api/method/frappe.integrations.doctype.connected_app.connected_app.callback"
-			+ f"?app={self.name}"
+			"/api/method/frappe.integrations.doctype.connected_app.connected_app.callback/" + self.name
 		)
 		self.redirect_uri = urljoin(base_url, callback_path)
 
@@ -149,7 +148,7 @@ class ConnectedApp(Document):
 
 
 @frappe.whitelist(methods=["GET"], allow_guest=True)
-def callback(code=None, state=None, app=None):
+def callback(code=None, state=None):
 	"""Handle client's code.
 
 	Called during the oauthorization flow by the remote oAuth2 server to
@@ -162,7 +161,11 @@ def callback(code=None, state=None, app=None):
 		frappe.local.response["location"] = "/login?" + urlencode({"redirect-to": frappe.request.url})
 		return
 
-	connected_app = frappe.get_doc("Connected App", app)
+	path = frappe.request.path[1:].split("/")
+	if len(path) != 4 or not path[3]:
+		frappe.throw(_("Invalid Parameters."))
+
+	connected_app = frappe.get_doc("Connected App", path[3])
 	token_cache = frappe.get_doc("Token Cache", connected_app.name + "-" + frappe.session.user)
 
 	if state != token_cache.state: