diff --git a/composer.json b/composer.json
index ed92e6cdd..f2076c84b 100644
--- a/composer.json
+++ b/composer.json
@@ -95,26 +95,26 @@
     "require": {
         "php":                            "^8.3",
         "symfony/deprecation-contracts":  "^3.0",
-        "symfony/framework-bundle":       "^6.4 || ^7.3",
-        "symfony/http-foundation":        "^6.4 || ^7.3",
-        "symfony/security-bundle":        "^6.4 || ^7.3",
-        "symfony/options-resolver":       "^6.4 || ^7.3",
-        "symfony/form":                   "^6.4 || ^7.3",
-        "symfony/http-client":            "^6.4 || ^7.3",
-        "symfony/routing":                "^6.4 || ^7.3",
-        "symfony/twig-bundle":            "^6.4 || ^7.3"
+        "symfony/framework-bundle":       "^6.4 || ^7.4 || ^8.0",
+        "symfony/http-foundation":        "^6.4 || ^7.4 || ^8.0",
+        "symfony/security-bundle":        "^6.4 || ^7.4 || ^8.0",
+        "symfony/options-resolver":       "^6.4 || ^7.4 || ^8.0",
+        "symfony/form":                   "^6.4 || ^7.4 || ^8.0",
+        "symfony/http-client":            "^6.4 || ^7.4 || ^8.0",
+        "symfony/routing":                "^6.4 || ^7.4 || ^8.0",
+        "symfony/twig-bundle":            "^6.4 || ^7.4 || ^8.0"
     },
 
     "require-dev": {
         "doctrine/doctrine-bundle":     "^2.4",
         "doctrine/orm":                 "^2.9",
-        "symfony/browser-kit":          "^6.4 || ^7.3",
-        "symfony/css-selector":         "^6.4 || ^7.3",
-        "symfony/property-access":      "^6.4 || ^7.3",
-        "symfony/validator":            "^6.4 || ^7.3",
-        "symfony/stopwatch":            "^6.4 || ^7.3",
-        "symfony/translation":          "^6.4 || ^7.3",
-        "symfony/yaml":                 "^6.4 || ^7.3",
+        "symfony/browser-kit":          "^6.4 || ^7.4 || ^8.0",
+        "symfony/css-selector":         "^6.4 || ^7.4 || ^8.0",
+        "symfony/property-access":      "^6.4 || ^7.4 || ^8.0",
+        "symfony/validator":            "^6.4 || ^7.4 || ^8.0",
+        "symfony/stopwatch":            "^6.4 || ^7.4 || ^8.0",
+        "symfony/translation":          "^6.4 || ^7.4 || ^8.0",
+        "symfony/yaml":                 "^6.4 || ^7.4 || ^8.0",
         "phpunit/phpunit":              "^12.3",
         "friendsofphp/php-cs-fixer":    "^3.23",
         "symfony/monolog-bundle":       "^3.4",
diff --git a/src/Controller/RedirectToServiceController.php b/src/Controller/RedirectToServiceController.php
index 13e2a11c4..bca665045 100644
--- a/src/Controller/RedirectToServiceController.php
+++ b/src/Controller/RedirectToServiceController.php
@@ -68,7 +68,7 @@ private function storeReturnPath(Request $request, string $authorizationUrl): vo
             $sessionKey = '_security.'.$firewallName.'.target_path';
             $sessionKeyFailure = '_security.'.$firewallName.'.failed_target_path';
 
-            if (!empty($param) && $targetUrl = $request->get($param)) {
+            if (!empty($param) && $targetUrl = $request->attributes->get($param) ?? $request->query->get($param) ?? $request->request->get($param)) {
                 if (!$this->domainWhitelist->isValidTargetUrl($targetUrl)) {
                     throw new AccessDeniedHttpException('Not allowed to redirect to '.$targetUrl);
                 }
diff --git a/src/Security/Http/Authenticator/OAuthAuthenticator.php b/src/Security/Http/Authenticator/OAuthAuthenticator.php
index f24ba0d02..2653f8b9e 100644
--- a/src/Security/Http/Authenticator/OAuthAuthenticator.php
+++ b/src/Security/Http/Authenticator/OAuthAuthenticator.php
@@ -112,8 +112,10 @@ public function authenticate(Request $request): Passport
             throw new LazyResponseException(new RedirectResponse(\sprintf('%s?code=%s&authenticated=true', $this->httpUtils->generateUri($request, 'hwi_oauth_connect_service'), $request->query->get('code'))));
         }
 
+        $state = $request->attributes->get('state') ?? $request->query->get('state') ?? $request->request->get('state');
+
         $resourceOwner->isCsrfTokenValid(
-            $this->extractCsrfTokenFromState($request->get('state'))
+            $this->extractCsrfTokenFromState($state)
         );
 
         $accessToken = $resourceOwner->getAccessToken(
diff --git a/src/Security/Http/Firewall/OAuthListener.php b/src/Security/Http/Firewall/OAuthListener.php
index 67080f664..0939d088c 100644
--- a/src/Security/Http/Firewall/OAuthListener.php
+++ b/src/Security/Http/Firewall/OAuthListener.php
@@ -85,8 +85,10 @@ protected function attemptAuthentication(Request $request)
             return new RedirectResponse(\sprintf('%s?code=%s&authenticated=true', $this->httpUtils->generateUri($request, 'hwi_oauth_connect_service'), $request->query->get('code')));
         }
 
+        $state = $request->attributes->get('state') ?? $request->query->get('state') ?? $request->request->get('state');
+
         $resourceOwner->isCsrfTokenValid(
-            $this->extractCsrfTokenFromState($request->get('state'))
+            $this->extractCsrfTokenFromState($state)
         );
 
         $accessToken = $resourceOwner->getAccessToken(
diff --git a/src/Security/Http/ResourceOwnerMap.php b/src/Security/Http/ResourceOwnerMap.php
index a73139fad..26374ca85 100644
--- a/src/Security/Http/ResourceOwnerMap.php
+++ b/src/Security/Http/ResourceOwnerMap.php
@@ -76,7 +76,8 @@ public function getResourceOwnerByRequest(Request $request): ?array
 
                 // save the round-tripped state to the resource owner
                 if (null !== $resourceOwner) {
-                    $resourceOwner->storeState(new State($request->get('state'), false));
+                    $state = $request->attributes->get('state') ?? $request->query->get('state') ?? $request->request->get('state');
+                    $resourceOwner->storeState(new State($state, false));
                 }
 
                 return [$resourceOwner, $checkPath];