fix(auth): apply URL sanitization when opening authorization link

kangfenmao · kangfenmao · commit 6f73e93e9b48 · 2025-07-18T12:25:25.000+08:00
diff --git a/src/main/services/mcp/oauth/provider.ts b/src/main/services/mcp/oauth/provider.ts
@@ -4,8 +4,8 @@ import { loggerService } from '@logger'
 import { getConfigDir } from '@main/utils/file'
 import { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth'
 import { OAuthClientInformation, OAuthClientInformationFull, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth'
-import { sanitizeUrl } from 'strict-url-sanitise'
 import open from 'open'
+import { sanitizeUrl } from 'strict-url-sanitise'
 
 import { JsonFileStorage } from './storage'
 import { OAuthProviderOptions } from './types'
@@ -63,7 +63,7 @@ export class McpOAuthClientProvider implements OAuthClientProvider {
   async redirectToAuthorization(authorizationUrl: URL): Promise<void> {
     try {
       // Open the browser to the authorization URL
-      await open(authorizationUrl.toString())
+      await open(sanitizeUrl(authorizationUrl.toString()))
       logger.debug('Browser opened automatically.')
     } catch (error) {
       logger.error('Could not open browser automatically.')
