Move the 'remove_query_param' to the application controller

app/controllers/application_controller.rb

@@ -9,4 +9,33 @@ class ApplicationController < ActionController::Base
 
   # CSRF protection
   protect_from_forgery with: :exception
+
+  helper_method :remove_query_param
+
+  private
+
+  # Remove a query parameter from a URL using proper URI parsing
+  # More robust than regex - handles URL encoding, edge cases, etc.
+  #
+  # @param url [String] The URL to modify
+  # @param param_name [String] The query parameter name to remove
+  # @return [String] The URL with the parameter removed
+  #
+  # @example
+  #   remove_query_param("https://example.com?foo=bar&baz=qux", "foo")
+  #   # => "https://example.com?baz=qux"
+  def remove_query_param(url, param_name)
+    uri = URI.parse(url)
+    return url unless uri.query
+
+    # Parse query string into hash
+    params = CGI.parse(uri.query)
+    params.delete(param_name)
+
+    # Rebuild query string (empty string if no params left)
+    uri.query = params.any? ? URI.encode_www_form(params) : nil
+    uri.to_s
+  rescue URI::InvalidURIError
+    url
+  end
 end

app/controllers/oidc_controller.rb

@@ -1115,23 +1115,6 @@ class OidcController < ApplicationController
     end
   end
 
-  # Remove a query parameter from a URL using proper URI parsing
-  # More robust than regex - handles URL encoding, edge cases, etc.
-  def remove_query_param(url, param_name)
-    uri = URI.parse(url)
-    return url unless uri.query
-
-    # Parse query string into hash
-    params = CGI.parse(uri.query)
-    params.delete(param_name)
-
-    # Rebuild query string (empty string if no params left)
-    uri.query = params.any? ? URI.encode_www_form(params) : nil
-    uri.to_s
-  rescue URI::InvalidURIError
-    url
-  end
-
   def send_backchannel_logout_notifications(user)
     # Find all active OIDC consents for this user
     consents = OidcUserConsent.where(user: user).includes(:application)