Better authorization URL handling

2026-03-27 11:51:29 +01:00 · 2025-07-18 14:48:45 -07:00
parent 5061e17700
commit a657c32445
4 changed files with 17 additions and 7 deletions
--- a/plugins/auth-oauth2/src/grants/authorizationCode.ts
+++ b/plugins/auth-oauth2/src/grants/authorizationCode.ts
@@ -52,7 +52,12 @@ export async function getAuthorizationCode(
    return token;
  }

-  const authorizationUrl = new URL(`${authorizationUrlRaw ?? ''}`);
+  let authorizationUrl: URL;
+  try {
+    authorizationUrl = new URL(`${authorizationUrlRaw ?? ''}`);
+  } catch {
+    throw new Error('Invalid authorization URL: ' + authorizationUrlRaw);
+  }
  authorizationUrl.searchParams.set('response_type', 'code');
  authorizationUrl.searchParams.set('client_id', clientId);
  if (redirectUri) authorizationUrl.searchParams.set('redirect_uri', redirectUri);