mulesoft-labs · postatum · Jul 27, 2020 · Jul 23, 2020
diff --git a/src/client-oauth2.js b/src/client-oauth2.js
@@ -161,7 +161,9 @@ function createUri (options, tokenType) {
   // Check the required parameters are set.
   expects(options, 'clientId', 'authorizationUri')
 
-  return options.authorizationUri + '?' + Querystring.stringify(Object.assign({
+  const sep = options.authorizationUri.includes('?') ? '&' : '?'
+
+  return options.authorizationUri + sep + Querystring.stringify(Object.assign({
     client_id: options.clientId,
     redirect_uri: options.redirectUri,
     scope: sanitizeScope(options.scopes),

diff --git a/test/code.js b/test/code.js
@@ -1,4 +1,4 @@
-/* global describe, it */
+/* global describe, it, context */
 var expect = require('chai').expect
 var config = require('./support/config')
 var ClientOAuth2 = require('../')
@@ -24,6 +24,24 @@ describe('code', function () {
         'scope=notifications&response_type=code&state='
       )
     })
+    context('when authorizationUri contains query parameters', function () {
+      it('should preserve query string parameters', function () {
+        const authWithParams = new ClientOAuth2({
+          clientId: config.clientId,
+          clientSecret: config.clientSecret,
+          accessTokenUri: config.accessTokenUri,
+          authorizationUri: config.authorizationUri + '?bar=qux',
+          authorizationGrants: ['code'],
+          redirectUri: config.redirectUri,
+          scopes: 'notifications'
+        })
+        expect(authWithParams.code.getUri()).to.equal(
+          config.authorizationUri + '?bar=qux&client_id=abc&' +
+          'redirect_uri=http%3A%2F%2Fexample.com%2Fauth%2Fcallback&' +
+          'scope=notifications&response_type=code&state='
+        )
+      })
+    })
   })
 
   describe('#getToken', function () {

diff --git a/test/token.js b/test/token.js
@@ -1,4 +1,4 @@
-/* global describe, it */
+/* global describe, it, context */
 var expect = require('chai').expect
 var config = require('./support/config')
 var ClientOAuth2 = require('../')
@@ -22,6 +22,22 @@ describe('token', function () {
         'scope=notifications&response_type=token&state='
       )
     })
+    context('when authorizationUri contains query parameters', function () {
+      it('should preserve query string parameters', function () {
+        const authWithParams = new ClientOAuth2({
+          clientId: config.clientId,
+          authorizationUri: config.authorizationUri + '?bar=qux',
+          authorizationGrants: ['token'],
+          redirectUri: config.redirectUri,
+          scopes: ['notifications']
+        })
+        expect(authWithParams.token.getUri()).to.equal(
+          config.authorizationUri + '?bar=qux&client_id=abc&' +
+          'redirect_uri=http%3A%2F%2Fexample.com%2Fauth%2Fcallback&' +
+          'scope=notifications&response_type=token&state='
+        )
+      })
+    })
   })
 
   describe('#getToken', function () {