diff --git a/api/composer.json b/api/composer.json
index 54d79f335c..caae83f0d0 100644
--- a/api/composer.json
+++ b/api/composer.json
@@ -29,7 +29,7 @@
         "gesdinet/jwt-refresh-token-bundle": "1.5.0",
         "google/recaptcha": "1.3.1",
         "guzzlehttp/guzzle": "7.10.0",
-        "knpuniversity/oauth2-client-bundle": "2.19.0",
+        "knpuniversity/oauth2-client-bundle": "2.20.0",
         "league/oauth2-google": "4.0.1",
         "lexik/jwt-authentication-bundle": "3.1.1",
         "nelmio/cors-bundle": "2.6.0",
diff --git a/api/composer.lock b/api/composer.lock
index 36d4297921..d1b874b341 100644
--- a/api/composer.lock
+++ b/api/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "a976388a744684deb480a721c399496b",
+    "content-hash": "e3295580b76c3597a1dbb9938984a38c",
     "packages": [
         {
             "name": "api-platform/doctrine-common",
@@ -3841,31 +3841,32 @@
         },
         {
             "name": "knpuniversity/oauth2-client-bundle",
-            "version": "v2.19.0",
+            "version": "v2.20.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/knpuniversity/oauth2-client-bundle.git",
-                "reference": "cd1cb6945a46df81be6e94944872546ca4bf335c"
+                "reference": "cee929516df679473b42765ed3d50c5aa7e9a837"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/knpuniversity/oauth2-client-bundle/zipball/cd1cb6945a46df81be6e94944872546ca4bf335c",
-                "reference": "cd1cb6945a46df81be6e94944872546ca4bf335c",
+                "url": "https://api.github.com/repos/knpuniversity/oauth2-client-bundle/zipball/cee929516df679473b42765ed3d50c5aa7e9a837",
+                "reference": "cee929516df679473b42765ed3d50c5aa7e9a837",
                 "shasum": ""
             },
             "require": {
                 "league/oauth2-client": "^2.0",
                 "php": ">=8.1",
-                "symfony/dependency-injection": "^5.4|^6.0|^7.0",
-                "symfony/framework-bundle": "^5.4|^6.0|^7.0",
-                "symfony/http-foundation": "^5.4|^6.0|^7.0",
-                "symfony/routing": "^5.4|^6.0|^7.0"
+                "symfony/dependency-injection": "^6.4|^7.3|^8.0",
+                "symfony/framework-bundle": "^6.4|^7.3|^8.0",
+                "symfony/http-foundation": "^6.4|^7.3|^8.0",
+                "symfony/routing": "^6.4|^7.3|^8.0",
+                "symfony/security-core": "^6.4|^7.3|^8.0",
+                "symfony/security-http": "^6.4|^7.3|^8.0"
             },
             "require-dev": {
                 "league/oauth2-facebook": "^1.1|^2.0",
-                "symfony/phpunit-bridge": "^5.4|^6.0|^7.0",
-                "symfony/security-guard": "^5.4",
-                "symfony/yaml": "^5.4|^6.0|^7.0"
+                "symfony/phpunit-bridge": "^7.3",
+                "symfony/yaml": "^6.4|^7.3|^8.0"
             },
             "suggest": {
                 "symfony/security-guard": "For integration with Symfony's Guard Security layer"
@@ -3894,9 +3895,9 @@
             ],
             "support": {
                 "issues": "https://github.com/knpuniversity/oauth2-client-bundle/issues",
-                "source": "https://github.com/knpuniversity/oauth2-client-bundle/tree/v2.19.0"
+                "source": "https://github.com/knpuniversity/oauth2-client-bundle/tree/v2.20.0"
             },
-            "time": "2025-09-17T15:00:36+00:00"
+            "time": "2025-11-07T10:44:56+00:00"
         },
         {
             "name": "lcobucci/clock",
diff --git a/api/src/OAuth/JWTStateOAuth2Client.php b/api/src/OAuth/JWTStateOAuth2Client.php
index 153e86f9f8..c02b7b0d1a 100644
--- a/api/src/OAuth/JWTStateOAuth2Client.php
+++ b/api/src/OAuth/JWTStateOAuth2Client.php
@@ -110,12 +110,13 @@ public function redirect(array $scopes = [], array $options = []): RedirectRespo
      */
     #[\Override]
     public function getAccessToken(array $options = []): AccessTokenInterface {
-        $jwt = $this->getCurrentRequest()->cookies->get(static::getCookieName($this->cookiePrefix));
+        $request = $this->getCurrentRequest();
+        $jwt = $request->cookies->get(static::getCookieName($this->cookiePrefix));
         if (null === $jwt) {
             throw new InvalidStateException('Expired state');
         }
 
-        $actualState = $this->getCurrentRequest()->get('state');
+        $actualState = $request->query->get('state');
 
         try {
             if ($this->decodeStateJWT($jwt) !== $actualState) {
diff --git a/api/tests/OAuth/JWTStateOAuth2ClientTest.php b/api/tests/OAuth/JWTStateOAuth2ClientTest.php
index df2c4048b1..94c4c9f47e 100644
--- a/api/tests/OAuth/JWTStateOAuth2ClientTest.php
+++ b/api/tests/OAuth/JWTStateOAuth2ClientTest.php
@@ -130,7 +130,7 @@ public function testGetAccessToken() {
         $cookieBag = new InputBag();
         $cookieBag->set('test_prefix_oauth_state_jwt', 'test jwt value');
         $requestMock->cookies = $cookieBag;
-        $requestMock->method('get')->willReturn($state);
+        $requestMock->query = new InputBag(['state' => $state, 'code' => $state]);
 
         $jwtEncoderMock = $this->createMock(JWTEncoderInterface::class);
         $jwtEncoderMock->expects($this->once())
@@ -175,7 +175,7 @@ public function testGetAccessTokenThrowsIfJWTCannotBeDecoded() {
         $cookieBag = new InputBag();
         $cookieBag->set('test_prefix_oauth_state_jwt', 'test jwt value');
         $requestMock->cookies = $cookieBag;
-        $requestMock->method('get')->willReturn($state);
+        $requestMock->query = new InputBag(['state' => $state, 'code' => $state]);
 
         $jwtEncoderMock = $this->createMock(JWTEncoderInterface::class);
         $jwtEncoderMock->expects($this->once())
@@ -220,7 +220,7 @@ public function testGetAccessTokenThrowsIfJWTStateDoesNotMatch() {
         $cookieBag = new InputBag();
         $cookieBag->set('test_prefix_oauth_state_jwt', 'test jwt value');
         $requestMock->cookies = $cookieBag;
-        $requestMock->method('get')->willReturn($state);
+        $requestMock->query = new InputBag(['state' => $state, 'code' => $state]);
 
         $jwtEncoderMock = $this->createMock(JWTEncoderInterface::class);
         $jwtEncoderMock->expects($this->once())
@@ -265,7 +265,7 @@ public function testGetAccessTokenThrowsIfNoMatchingStateEntryInTheDatabase() {
         $cookieBag = new InputBag();
         $cookieBag->set('test_prefix_oauth_state_jwt', 'test jwt value');
         $requestMock->cookies = $cookieBag;
-        $requestMock->method('get')->willReturn($state);
+        $requestMock->query = new InputBag(['state' => $state, 'code' => $state]);
 
         $jwtEncoderMock = $this->createMock(JWTEncoderInterface::class);
         $jwtEncoderMock->expects($this->once())
@@ -311,7 +311,7 @@ public function testGetAccessTokenThrowsIfMultipleMatchingStateEntriesInTheDatab
         $cookieBag = new InputBag();
         $cookieBag->set('test_prefix_oauth_state_jwt', 'test jwt value');
         $requestMock->cookies = $cookieBag;
-        $requestMock->method('get')->willReturn($state);
+        $requestMock->query = new InputBag(['state' => $state, 'code' => $state]);
 
         $jwtEncoderMock = $this->createMock(JWTEncoderInterface::class);
         $jwtEncoderMock->expects($this->once())
@@ -357,7 +357,7 @@ public function testGetAccessTokenRemovesSavedStateFromDatabase() {
         $cookieBag = new InputBag();
         $cookieBag->set('test_prefix_oauth_state_jwt', 'test jwt value');
         $requestMock->cookies = $cookieBag;
-        $requestMock->method('get')->willReturn($state);
+        $requestMock->query = new InputBag(['state' => $state, 'code' => $state]);
 
         $jwtEncoderMock = $this->createMock(JWTEncoderInterface::class);
         $jwtEncoderMock->expects($this->once())