fix: repair sanitized redirect_uri test and prettier formatting

.gitignore

@@ -11,6 +11,7 @@ node_modules
 dist
 dist-ssr
 *.local
+package-lock.json
 
 # Editor directories and files
 .vscode/*

lib/sessionManager/types.ts

@@ -48,9 +48,9 @@ export type StorageSettingsType = {
   onRefreshHandler?: (refreshType: RefreshType) => Promise<RefreshTokenResult>;
 };
 
-export abstract class SessionBase<V extends string = StorageKeys>
-  implements SessionManager<V>
-{
+export abstract class SessionBase<
+  V extends string = StorageKeys,
+> implements SessionManager<V> {
   abstract asyncStore: boolean;
   private listeners: Set<StoreListener> = new Set();
   private notificationScheduled = false;

lib/utils/exchangeAuthCode.test.ts

@@ -620,22 +620,67 @@ describe("exchangeAuthCode", () => {
   });
 
   it("sends a sanitized redirect_uri so /token matches the /authorize value", async () => {
-  // Setup: stash valid state + codeVerifier, mock fetch, etc.
-  // (use the same setup helpers as the surrounding tests)
+    const store = new MemoryStorage();
+    setActiveStorage(store);
+
+    await store.setItems({
+      [StorageKeys.state]: "abc",
+      [StorageKeys.codeVerifier]: "verifier",
+    });
 
     const urlParams = new URLSearchParams({ state: "abc", code: "xyz" });
-
+
+    fetchMock.mockResponseOnce(
+      JSON.stringify({
+        access_token: "access_token",
+        refresh_token: "refresh_token",
+        id_token: "id_token",
+      }),
+    );
+
     await exchangeAuthCode({
       urlParams,
       domain: "https://example.kinde.com",
       clientId: "test-client",
-      // Trailing slash here is the key — must be stripped before POST.
       redirectURL: "https://app.example.com/",
     });
-  
-    const [, requestInit] = (global.fetch as jest.Mock).mock.calls.at(-1);
-    const body = new URLSearchParams(requestInit.body as string);
-  
+
+    const [, requestInit] = fetchMock.mock.calls.at(-1)!;
+    const body = requestInit?.body as URLSearchParams;
+
     expect(body.get("redirect_uri")).toBe("https://app.example.com");
   });
+
+  it("preserves raw redirect_uri when disableUrlSanitization is true", async () => {
+    const store = new MemoryStorage();
+    setActiveStorage(store);
+
+    await store.setItems({
+      [StorageKeys.state]: "abc",
+      [StorageKeys.codeVerifier]: "verifier",
+    });
+
+    const urlParams = new URLSearchParams({ state: "abc", code: "xyz" });
+
+    fetchMock.mockResponseOnce(
+      JSON.stringify({
+        access_token: "access_token",
+        refresh_token: "refresh_token",
+        id_token: "id_token",
+      }),
+    );
+
+    await exchangeAuthCode({
+      urlParams,
+      domain: "https://example.kinde.com",
+      clientId: "test-client",
+      redirectURL: "https://app.example.com/",
+      disableUrlSanitization: true,
+    });
+
+    const [, requestInit] = fetchMock.mock.calls.at(-1)!;
+    const body = requestInit?.body as URLSearchParams;
+
+    expect(body.get("redirect_uri")).toBe("https://app.example.com/");
+  });
 });

lib/utils/exchangeAuthCode.ts

@@ -29,6 +29,7 @@ interface ExchangeAuthCodeParams {
   redirectURL: string;
   autoRefresh?: boolean;
   onRefresh?: (data: RefreshTokenResult) => void;
+  disableUrlSanitization?: boolean;
 }
 
 type ExchangeAuthCodeResultSuccess = {
@@ -73,6 +74,7 @@ export const exchangeAuthCode = async ({
   redirectURL,
   autoRefresh = false,
   onRefresh,
+  disableUrlSanitization = false,
 }: ExchangeAuthCodeParams): Promise<ExchangeAuthCodeResult> => {
   const state = urlParams.get("state");
   const code = urlParams.get("code");
@@ -144,7 +146,9 @@ export const exchangeAuthCode = async ({
     code,
     code_verifier: codeVerifier,
     grant_type: "authorization_code",
-    redirect_uri: sanitizeUrl(redirectURL),
+    redirect_uri: disableUrlSanitization
+      ? redirectURL
+      : sanitizeUrl(redirectURL),
   });
 
   if (clientSecret) {