fix: correct authState.authorizationUrl type to URL

max-stytch · max-stytch · commit 71583caf3bd7 · 2025-09-05T18:40:48.000-07:00
diff --git a/client/src/components/AuthDebugger.tsx b/client/src/components/AuthDebugger.tsx
@@ -187,7 +187,7 @@ const AuthDebugger = ({
             JSON.stringify(currentState),
           );
           // Open the authorization URL automatically
-          window.location.href = currentState.authorizationUrl;
+          window.location.href = currentState.authorizationUrl.toString();
           break;
         }
       }
diff --git a/client/src/components/OAuthFlowProgress.tsx b/client/src/components/OAuthFlowProgress.tsx
@@ -240,7 +240,7 @@ export const OAuthFlowProgress = ({
               <p className="font-medium mb-2 text-sm">Authorization URL:</p>
               <div className="flex items-center gap-2">
                 <p className="text-xs break-all">
-                  {authState.authorizationUrl}
+                  {String(authState.authorizationUrl)}
                 </p>
                 <button
                   onClick={() => {
diff --git a/client/src/components/__tests__/AuthDebugger.test.tsx b/client/src/components/__tests__/AuthDebugger.test.tsx
@@ -482,7 +482,9 @@ describe("AuthDebugger", () => {
       await waitFor(() => {
         expect(updateAuthState).toHaveBeenCalledWith(
           expect.objectContaining({
-            authorizationUrl: expect.stringContaining("scope="),
+            authorizationUrl: expect.objectContaining({
+              href: "https://oauth.example.com/authorize?scope=read+write",
+            }),
           }),
         );
       });
@@ -496,7 +498,9 @@ describe("AuthDebugger", () => {
       await waitFor(() => {
         expect(updateAuthState).toHaveBeenCalledWith(
           expect.objectContaining({
-            authorizationUrl: expect.stringContaining("scope="),
+            authorizationUrl: expect.objectContaining({
+              href: "https://oauth.example.com/authorize?scope=read+write",
+            }),
           }),
         );
       });
diff --git a/client/src/lib/auth-types.ts b/client/src/lib/auth-types.ts
@@ -34,7 +34,7 @@ export interface AuthDebuggerState {
   authServerUrl: URL | null;
   oauthMetadata: OAuthMetadata | null;
   oauthClientInfo: OAuthClientInformationFull | OAuthClientInformation | null;
-  authorizationUrl: string | null;
+  authorizationUrl: URL | null;
   authorizationCode: string;
   latestError: Error | null;
   statusMessage: StatusMessage | null;
diff --git a/client/src/lib/oauth-state-machine.ts b/client/src/lib/oauth-state-machine.ts
@@ -132,7 +132,7 @@ export const oauthTransitions: Record<OAuthStep, StateTransition> = {
 
       context.provider.saveCodeVerifier(codeVerifier);
       context.updateState({
-        authorizationUrl: authorizationUrl.toString(),
+        authorizationUrl: authorizationUrl,
         oauthStep: "authorization_code",
       });
     },
diff --git a/client/src/utils/urlValidation.ts b/client/src/utils/urlValidation.ts
@@ -5,7 +5,7 @@
  * @param url - The URL string to validate
  * @throws Error if the URL has an unsafe protocol
  */
-export function validateRedirectUrl(url: string): void {
+export function validateRedirectUrl(url: string | URL): void {
   try {
     const parsedUrl = new URL(url);
     if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {

Original file line number	Diff line number	Diff line change
`@@ -187,7 +187,7 @@ const AuthDebugger = ({`
`187`	`187`	`JSON.stringify(currentState),`
`188`	`188`	`);`
`189`	`189`	`// Open the authorization URL automatically`
`190`		`- window.location.href = currentState.authorizationUrl;`
	`190`	`+ window.location.href = currentState.authorizationUrl.toString();`
`191`	`191`	`break;`
`192`	`192`	`}`
`193`	`193`	`}`