diff --git a/changelog.d/9620.bugfix b/changelog.d/9620.bugfix
new file mode 100644
index 0000000000000000000000000000000000000000..427580f4adef7f513d21c647f4260e68cc8996f7
--- /dev/null
+++ b/changelog.d/9620.bugfix
@@ -0,0 +1 @@
+Fix a bug introduced in v1.28.0 where the OpenID Connect callback endpoint could error with a `MacaroonInitException`.
diff --git a/synapse/handlers/oidc_handler.py b/synapse/handlers/oidc_handler.py
index 01c91f9d1c5ef9fd51e2dea669386e0115f54fea..6d8551a6d61be12127c540e08e8f35a7515128d7 100644
--- a/synapse/handlers/oidc_handler.py
+++ b/synapse/handlers/oidc_handler.py
@@ -29,6 +29,7 @@ from authlib.oidc.discovery import OpenIDProviderMetadata, get_well_known_url
 from jinja2 import Environment, Template
 from pymacaroons.exceptions import (
     MacaroonDeserializationException,
+    MacaroonInitException,
     MacaroonInvalidSignatureException,
 )
 from typing_extensions import TypedDict
@@ -217,7 +218,7 @@ class OidcHandler:
             session_data = self._token_generator.verify_oidc_session_token(
                 session, state
             )
-        except (MacaroonDeserializationException, KeyError) as e:
+        except (MacaroonInitException, MacaroonDeserializationException, KeyError) as e:
             logger.exception("Invalid session for OIDC callback")
             self._sso_handler.render_error(request, "invalid_session", str(e))
             return