Skip to content

fix: improve error message for invalid issuer URL in OAuth/OIDC flow … #13338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Eahtasham wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: improve error message for invalid issuer URL in OAuth/OIDC flow … #13338

Eahtasham wants to merge 1 commit into from
+17 −2

Conversation

@Eahtasham
Copy link

@Eahtasham Eahtasham commented Nov 29, 2025

…- Add try-catch block around URL constructor for issuer - Include the invalid URL value in error message - Provide helpful context about expected URL format - Makes debugging OAuth/OIDC configuration issues easier Before: 'Invalid URL' After: 'Invalid issuer URL: "invalid-url". The issuer must be a valid URL.' Fixes Issue number #13234

☕️ Reasoning

When an invalid URL is provided in the issuer configuration during OAuth/OIDC authentication setup, the error message only displays "Invalid URL" without showing which URL value was problematic. This makes debugging configuration issues unnecessarily difficult for developers.

This PR improves the error message by:

  • Adding try-catch block around new URL(provider.issuer!) constructor
  • Including the actual invalid URL value in the error message
  • Providing helpful context about expected URL format

Before:

[auth][error] TypeError: Invalid URL
    at new URL (node:internal/url:825:25)
    at getAuthorizationUrl (...)

After:

[auth][error] TypeError: Invalid issuer URL: "invalid-url-test". The issuer must be a valid URL.
    at getAuthorizationUrl (...)

Testing:

Tested locally using the dev app (pnpm dev) with various invalid URL formats:

  • "invalid-url-test" - missing protocol scheme
  • "not-a-valid-url" - completely invalid format
  • "https://signin/redirectTo=home" - malformed URL
  • Empty strings

All test cases now clearly display the problematic URL value in the error message, making it immediately obvious what needs to be fixed in the configuration.

This makes it immediately clear what configuration value needs to be fixed, significantly improving the developer experience.

🧢 Checklist

  • Documentation (not required - error message is self-documenting)
  • Tests - Manually tested with the following scenarios:
    • Invalid URL without protocol: "invalid-url-test"
    • Completely malformed URL: "not-a-valid-url"
    • URL with invalid structure: "https://signin/redirectTo=home"
    • Empty string values
    • All cases now show the invalid URL value in the error message
  • Ready to be merged

🎫 Affected issues

Fixes: #13234

📌 Resources

Screenshot 2025-11-29 201153

@Eahtasham
fix: improve error message for invalid issuer URL in OAuth/OIDC flow …
82cbf09 
…- Add try-catch block around URL constructor for issuer - Include the invalid URL value in error message - Provide helpful context about expected URL format - Makes debugging OAuth/OIDC configuration issues easier Before: 'Invalid URL' After: 'Invalid issuer URL: "invalid-url". The issuer must be a valid URL.' Fixes Issue number nextauthjs#13234
@vercel
Copy link

vercel bot commented Nov 29, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
auth-docs Ready Ready Preview Comment Nov 29, 2025 2:46pm
1 Skipped Deployment
Project Deployment Preview Comments Updated (UTC)
next-auth-docs Ignored Ignored Preview Nov 29, 2025 2:46pm

@vercel
Copy link

vercel bot commented Nov 29, 2025

@Eahtasham is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions bot added the core Refers to `@auth/core` label Nov 29, 2025
@github-actions
Copy link

github-actions bot commented Nov 29, 2025

Broken Link Checker

1 broken links found. Links organised below by source page, or page where they were found.

1) /getting-started/migrate-to-better-auth

Target Link Link Text
/docs "documentation"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ThangHuuVu ThangHuuVu Awaiting requested review from ThangHuuVu ThangHuuVu is a code owner

Assignees

No one assigned

Labels

core Refers to `@auth/core`

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add more details to the errors

1 participant

@Eahtasham