From 82cbf0914c4d5536cb6687e757524153106e32ce Mon Sep 17 00:00:00 2001 From: Eahtasham Date: Sat, 29 Nov 2025 19:59:58 +0530 Subject: [PATCH] fix: improve error message for invalid issuer URL in OAuth/OIDC flow - Add try-catch block around URL constructor for issuer - Include the invalid URL value in error message - Provide helpful context about expected URL format - Makes debugging OAuth/OIDC configuration issues easier Before: 'Invalid URL' After: 'Invalid issuer URL: "invalid-url". The issuer must be a valid URL.' Fixes Issue number #13234 --- .../lib/actions/signin/authorization-url.ts | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/packages/core/src/lib/actions/signin/authorization-url.ts b/packages/core/src/lib/actions/signin/authorization-url.ts index c67f209dba..ab74dc6f06 100644 --- a/packages/core/src/lib/actions/signin/authorization-url.ts +++ b/packages/core/src/lib/actions/signin/authorization-url.ts @@ -24,7 +24,15 @@ export async function getAuthorizationUrl( // If url is undefined, we assume that issuer is always defined // We check this in assert.ts - const issuer = new URL(provider.issuer!) + // Better error handling here with URL which throws a TypeError if the URL is invalid + let issuer: URL + try { + issuer = new URL(provider.issuer!) + } catch (error) { + throw new TypeError( + `Invalid issuer URL: "${provider.issuer}". The issuer must be a valid URL. Error: ${error}` + ) + } const discoveryResponse = await o.discoveryRequest(issuer, { [o.customFetch]: provider[customFetch], // TODO: move away from allowing insecure HTTP requests @@ -46,7 +54,14 @@ export async function getAuthorizationUrl( ) } - url = new URL(as.authorization_endpoint) + // Add validation here too + try { + url = new URL(as.authorization_endpoint) + } catch (error) { + throw new TypeError( + `Invalid authorization endpoint URL: "${as.authorization_endpoint}" Error: ${error}` + ) + } } const authParams = url.searchParams