Malicius google signin redirects

[lud99]

It is possible to craft a malicius sign in link that redirects to some malicious website

example:
https://server/auth/google?redirectUrl=https://badwebsite.com

How to fix: whitelist the redirect url to only allow the client origin