[GH-ISSUE #3621] [bug]: Wrong URL format for OAuth authentication when using Azure B2C #1253

Open
opened 2026-03-16 19:30:21 +03:00 by kerem · 2 comments
Owner

Originally created by @tigloo on GitHub (Dec 4, 2023).
Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/3621

Is there an existing issue for this?

  • I have searched the existing issues

Current behavior

When using Azure B2C for OAuth, the auth URL has the user flow appended as first parameter:

https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_user_flow_name

When Hoppscotch uses this URL to direct the user to the auth interface, it will append its parameters with ? but since the URL already contains ?, Hoppscotch should use the & character.

Steps to reproduce

  1. Create an Azure B2C tenant, setup a user flow.
  2. Enter auth and token URL into Hoppscotch
  3. Press "Get Token"

Observed URL in the browser:

https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_user_flow_name?other=parameters&go=here

Required URL:

https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_user_flow_name&other=parameters&go=here

(Notice the use of two question marks in the first URL and the use of the ampersand in the second URL)

Environment

Production

Version

Cloud

Originally created by @tigloo on GitHub (Dec 4, 2023). Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/3621 ### Is there an existing issue for this? - [X] I have searched the existing issues ### Current behavior When using Azure B2C for OAuth, the auth URL has the user flow appended as first parameter: `https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_user_flow_name` When Hoppscotch uses this URL to direct the user to the auth interface, it will append its parameters with `?` but since the URL already contains `?`, Hoppscotch should use the `&` character. ### Steps to reproduce 1. Create an Azure B2C tenant, setup a user flow. 2. Enter auth and token URL into Hoppscotch 3. Press "Get Token" Observed URL in the browser: `https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_user_flow_name?other=parameters&go=here` Required URL: `https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_user_flow_name&other=parameters&go=here` (Notice the use of two question marks in the first URL and the use of the ampersand in the second URL) ### Environment Production ### Version Cloud
Author
Owner

@poorna-prakash-sr commented on GitHub (Dec 5, 2023):

Hi, can I work on this issue to resolve?

<!-- gh-comment-id:1840488149 --> @poorna-prakash-sr commented on GitHub (Dec 5, 2023): Hi, can I work on this issue to resolve?
Author
Owner

@tigloo commented on GitHub (Dec 5, 2023):

Feel free! Seems to me like the problem is here: github.com/hoppscotch/hoppscotch@23afc201a1/packages/hoppscotch-common/src/helpers/oauth.ts (L210)

The URL is composed with a hard-coded question mark. This should be made smarter to check if authUrl already contains a question mark.

<!-- gh-comment-id:1841632609 --> @tigloo commented on GitHub (Dec 5, 2023): Feel free! Seems to me like the problem is here: https://github.com/hoppscotch/hoppscotch/blob/23afc201a12e221c01f79d731513fcfeff928fdd/packages/hoppscotch-common/src/helpers/oauth.ts#L210 The URL is composed with a hard-coded question mark. This should be made smarter to check if authUrl already contains a question mark.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hoppscotch#1253
No description provided.