diff --git a/auth.php b/auth.php
index 0f29683..69943d4 100644
--- a/auth.php
+++ b/auth.php
@@ -642,7 +642,7 @@ public function logoutpage_hook() {
     public function user_logout_userkey() {
         global $CFG, $USER;
 
-        $redirect = required_param('return', PARAM_URL);
+        $redirect = required_param('return', PARAM_LOCALURL);
 
         // We redirect when user's session in Moodle already has expired
         // or the user is still logged in using "userkey" auth type.