diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 6c748bec5a..a092b1fcb4 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -934,12 +934,12 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
                 ->setPayload($response->output($session, Response::MODEL_SESSION))
             ;
 
-            // TODO: Remove this deprecated, undocumented workaround
+            // TODO: Remove this deprecated workaround - support only token
             if ($state['success']['path'] == $oauthDefaultSuccess) {
                 $query['project'] = $project->getId();
                 $query['domain'] = Config::getParam('cookieDomain');
                 $query['key'] = Auth::$cookieName;
-                $query['secret'] = $secret;
+                $query['secret'] = Auth::encodeSession($user->getId(), $secret);
             }
 
             $response