fix(oauth2): avoid processing authorizationUrl when it is not a string (#10452)

glowcloud · web-flow · commit 119052eae626 · 2025-05-20T11:29:35.000+02:00
diff --git a/src/core/oauth2-authorize.js b/src/core/oauth2-authorize.js
@@ -109,7 +109,11 @@ export default function authorize ( { auth, authActions, errActions, configs, au
   } else {
     sanitizedAuthorizationUrl = sanitizeUrl(authorizationUrl)
   }
-  let url = [sanitizedAuthorizationUrl, query.join("&")].join(authorizationUrl.indexOf("?") === -1 ? "?" : "&")
+  let url = [sanitizedAuthorizationUrl, query.join("&")].join(
+    typeof authorizationUrl === "string" && !authorizationUrl.includes("?")
+      ? "?"
+      : "&"
+  )
 
   // pass action authorizeOauth2 and authentication data through window
   // to authorize with oauth2
