diff --git a/src/Plugin/OpenIDConnectClient/WindowsAad.php b/src/Plugin/OpenIDConnectClient/WindowsAad.php
index bbb49c5..2e6e422 100644
--- a/src/Plugin/OpenIDConnectClient/WindowsAad.php
+++ b/src/Plugin/OpenIDConnectClient/WindowsAad.php
@@ -236,11 +236,11 @@ as the mapping between Azure AD accounts and Drupal users.<br/>
   the user id. For example the Microsoft Graph API does not return the sub, but
   will return the oid in its "id" parameter. Also to sync databases between
   environments that use different app registrations, users will not map properly
-  if "sub" is used.</p>'
-  , [
-        ':url' => 'https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens',
-        ':issue_url' => 'https://www.drupal.org/i/3298472'
-      ]),
+  if "sub" is used.</p>',
+     [
+       ':url' => 'https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens',
+       ':issue_url' => 'https://www.drupal.org/i/3298472',
+     ]),
       '#required' => TRUE,
     ];
 
@@ -249,6 +249,7 @@ as the mapping between Azure AD accounts and Drupal users.<br/>
       '#type' => 'item',
       '#markup' => Url::fromRoute('openid_connect_windows_aad.sso', [], [
         'absolute' => TRUE,
+        'https' => TRUE,
         'language' => $this->languageManager->getLanguage(LanguageInterface::LANGCODE_NOT_APPLICABLE),
       ])->toString(),
     ];
@@ -325,10 +326,11 @@ as the mapping between Azure AD accounts and Drupal users.<br/>
       ];
       if (array_key_exists('expires_in', $response_data)) {
         $tokens['expire'] = \Drupal::time()
-            ->getRequestTime() + $response_data['expires_in'];
+          ->getRequestTime() + $response_data['expires_in'];
       }
       return $tokens;
-    } catch (RequestException $e) {
+    }
+    catch (RequestException $e) {
       $variables = [
         '@message' => 'Could not retrieve tokens',
         '@error_message' => $e->getMessage(),
@@ -452,7 +454,8 @@ as the mapping between Azure AD accounts and Drupal users.<br/>
         $profile_data['email'] = $profile_data['mail'];
       }
 
-    } catch (RequestException $e) {
+    }
+    catch (RequestException $e) {
       $variables = [
         '@error_message' => $e->getMessage(),
       ];
@@ -506,7 +509,8 @@ as the mapping between Azure AD accounts and Drupal users.<br/>
 
         // Group Information.
         $group_data = json_decode($response_data, TRUE);
-      } catch (RequestException $e) {
+      }
+      catch (RequestException $e) {
         $variables = [
           '@api' => $uri,
           '@error_message' => $e->getMessage(),
@@ -519,4 +523,15 @@ as the mapping between Azure AD accounts and Drupal users.<br/>
     return $group_data;
   }
 
+  /**
+   * Enforces SSL.
+   */
+  protected function getRedirectUrl(array $route_parameters = [], array $options = []): Url {
+    $options += [
+      'https' => TRUE,
+    ];
+
+    return parent::getRedirectUrl($route_parameters, $options);
+  }
+
 }