diff --git a/server/remote/gitlab/gitlab.go b/server/remote/gitlab/gitlab.go
index 45a5e0bc1..8165198f6 100644
--- a/server/remote/gitlab/gitlab.go
+++ b/server/remote/gitlab/gitlab.go
@@ -111,7 +111,11 @@ func (g *Gitlab) Login(ctx context.Context, res http.ResponseWriter, req *http.R
 	// get the OAuth code
 	code := req.FormValue("code")
 	if len(code) == 0 {
-		http.Redirect(res, req, config.AuthCodeURL("drone"), http.StatusSeeOther)
+		authCodeURL, err := config.AuthCodeURL("drone")
+		if err != nil {
+			return nil, fmt.Errorf("authCodeURL error: %v", err)
+		}
+		http.Redirect(res, req, authCodeURL, http.StatusSeeOther)
 		return nil, nil
 	}
 
diff --git a/server/remote/gitlab/gitlab_test.go b/server/remote/gitlab/gitlab_test.go
index d98d8ca4f..b90a09715 100644
--- a/server/remote/gitlab/gitlab_test.go
+++ b/server/remote/gitlab/gitlab_test.go
@@ -29,10 +29,10 @@ import (
 	"github.com/woodpecker-ci/woodpecker/server/remote/gitlab/testdata"
 )
 
-func load(config string) *Gitlab {
+func load(t *testing.T, config string) *Gitlab {
 	_url, err := url.Parse(config)
 	if err != nil {
-		panic(err)
+		t.FailNow()
 	}
 	params := _url.Query()
 	_url.RawQuery = ""
@@ -57,7 +57,7 @@ func Test_Gitlab(t *testing.T) {
 
 	env := server.URL + "?client_id=test&client_secret=test"
 
-	client := load(env)
+	client := load(t, env)
 
 	user := model.User{
 		Login: "test_user",
diff --git a/shared/oauth2/oauth2.go b/shared/oauth2/oauth2.go
index a22f06c18..5e5ec2dd8 100644
--- a/shared/oauth2/oauth2.go
+++ b/shared/oauth2/oauth2.go
@@ -213,13 +213,13 @@ func (t *Transport) transport() http.RoundTripper {
 
 // AuthCodeURL returns a URL that the end-user should be redirected to,
 // so that they may obtain an authorization code.
-func (c *Config) AuthCodeURL(state string) string {
+func (c *Config) AuthCodeURL(state string) (string, error) {
 	_url, err := url.Parse(c.AuthURL)
 	if err != nil {
-		panic("AuthURL malformed: " + err.Error())
+		return "", fmt.Errorf("AuthURL malformed: %v", err)
 	}
 	if err := _url.Query().Get("error"); err != "" {
-		panic("AuthURL contains error: " + err)
+		return "", fmt.Errorf("AuthURL contains error: %v", err)
 	}
 	q := url.Values{
 		"response_type":   {"code"},
@@ -235,7 +235,7 @@ func (c *Config) AuthCodeURL(state string) string {
 	} else {
 		_url.RawQuery += "&" + q
 	}
-	return _url.String()
+	return _url.String(), nil
 }
 
 func condVal(v string) []string {