diff --git a/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java
index 6518a748..3986c618 100644
--- a/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java
+++ b/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java
@@ -357,15 +357,13 @@ public HttpResponse doCommenceLogin(StaplerRequest request, @QueryParameter Stri
         for (GitHubOAuthScope s : getJenkins().getExtensionList(GitHubOAuthScope.class)) {
             scopes.addAll(s.getScopesToRequest());
         }
-        String suffix="";
+        String serializedScopes = oauthScopes;
+        // We need repo scope in order to access private repos.
+        // See https://developer.github.com/v3/oauth/#scopes.
         if (!scopes.isEmpty()) {
-            suffix = "&scope="+Util.join(scopes,",")+"&state="+state;
-        } else {
-            // We need repo scope in order to access private repos
-            // See https://developer.github.com/v3/oauth/#scopes
-            suffix = "&scope=" + oauthScopes +"&state="+state;
+            serializedScopes = Util.join(scopes, ",");
         }
-
+        String suffix = "&scope=" + serializedScopes + "&state=" + state;
         return new HttpRedirect(githubWebUri + "/login/oauth/authorize?client_id="
                 + clientID + suffix);
     }
@@ -456,15 +454,15 @@ public HttpResponse doFinishLogin(StaplerRequest request)
     private String getAccessToken(@Nonnull String code) throws IOException {
         String content;
         try (CloseableHttpClient httpClient = HttpClients.createDefault()) {
-            HttpPost httpost = new HttpPost(githubWebUri
-                    + "/login/oauth/access_token?" + "client_id=" + clientID + "&"
-                    + "client_secret=" + clientSecret.getPlainText() + "&" + "code=" + code);
+            String suffix = "&client_secret=" + clientSecret.getPlainText() + "&code=" + code;
+            HttpPost httpPost = new HttpPost(githubWebUri + "/login/oauth/access_token?client_id="
+                    + clientID + suffix);
             HttpHost proxy = getProxy(httpost);
             if (proxy != null) {
                 RequestConfig requestConfig = RequestConfig.custom().setProxy(proxy).build();
-                httpost.setConfig(requestConfig);
+                httpPost.setConfig(requestConfig);
             }
-            org.apache.http.HttpResponse response = httpClient.execute(httpost);
+            org.apache.http.HttpResponse response = httpClient.execute(httpPost);
             HttpEntity entity = response.getEntity();
             content = EntityUtils.toString(entity);
 
@@ -499,7 +497,10 @@ private String getSecureRandomString(int n) {
      */
     private HttpHost getProxy(HttpUriRequest method) throws URIException {
         ProxyConfiguration proxy = getJenkins().proxy;
-        if (proxy==null)    return null;    // defensive check
+        if (proxy == null) {
+            // defensive check
+            return null;
+        }
 
         Proxy p = proxy.createProxy(method.getURI().getHost());
         switch (p.type()) {