Preserve custom url parameters in autoconnect

[joaquim-verges]

<pr_request_template><!--

[SDK] Fix: Preserve custom URL parameters in useAutoConnect hook

BLD-36

Notes for the reviewer

This PR modifies the useAutoConnect hook's getUrlToken function to only remove thirdweb-specific query parameters (authResult, walletId, authProvider, authCookie) from the URL, while preserving all other custom parameters.

Previously, the logic would strip all query parameters after processing the thirdweb ones, leading to loss of custom parameters as reported in the Slack thread.

How to test

Run the unit tests for get-url-token.test.tsx. New test cases have been added to specifically verify that custom parameters are preserved when thirdweb parameters are present.

pnpm test packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

--></pr_request_template>

---

Slack Thread

_{Learn more about Cursor Agents}

---

PR-Codex overview

This PR focuses on updating the URL parameter handling in the getUrlToken function to preserve custom parameters while removing thirdweb-specific ones. It also updates the corresponding tests to reflect these changes.

Detailed summary

• Removed direct deletion of specific URL parameters in get-url-token.ts.
• Introduced an array thirdwebParams to manage thirdweb-specific parameters.
• Updated URL using URLSearchParams to preserve custom parameters.
• Modified tests in get-url-token.test.tsx to check for correct URL updates and preservation of custom parameters.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• Bug Fixes
  • Improved handling of URL parameters to ensure that only thirdweb-specific authentication parameters are removed from the URL, while any custom parameters remain intact.
  • Enhanced tests to verify correct removal of thirdweb parameters and preservation of unrelated query parameters.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 3f7a071

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
docs-v2	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 1, 2025 9:31am
nebula	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 1, 2025 9:31am
thirdweb_playground	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 1, 2025 9:31am
thirdweb-www	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 1, 2025 9:31am
wallet-ui	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 1, 2025 9:31am

[coderabbitai]

Walkthrough

The logic for extracting thirdweb-specific authentication parameters from URLs was updated to ensure only those parameters are removed, while preserving unrelated custom parameters. The test suite was expanded to verify that custom parameters remain intact after processing, and that only thirdweb parameters are stripped from the URL.

Changes

Cohort / File(s)	Change Summary
Test enhancements for URL parameter handling packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx	Updated and expanded tests to verify that thirdweb-specific parameters are removed from URLs, while custom parameters are preserved. Added new test cases for various parameter combinations.
Logic update for selective parameter removal packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts	Modified logic to remove only thirdweb authentication parameters from the URL, preserving all other custom parameters. Refactored URL reconstruction to maintain unrelated query parameters.

Sequence Diagram(s)

sequenceDiagram
    participant Browser
    participant getUrlToken
    participant URL

    Browser->>getUrlToken: Call with current URL
    getUrlToken->>URL: Parse query parameters
    getUrlToken->>URL: Extract thirdweb-specific params (walletId, authCookie, etc.)
    getUrlToken->>URL: Remove only thirdweb params
    getUrlToken->>Browser: Update URL (preserve custom params)

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Preserve custom URL parameters in SiteLink component (BLD-36)	✅

Assessment against linked issues: Out-of-scope changes

No out-of-scope changes found.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e1ad7da and 3f7a071.

📒 Files selected for processing (2)

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx (2 hunks)
• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (4)

**/*.{ts,tsx}

📄 CodeRabbit Inference Engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

Files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts
• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit Inference Engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts
• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

packages/thirdweb/src/wallets/**

📄 CodeRabbit Inference Engine (CLAUDE.md)

packages/thirdweb/src/wallets/**: Unified Wallet and Account interfaces in wallet architecture
Support for in-app wallets (social/email login)
Smart wallets with account abstraction
EIP-1193, EIP-5792, EIP-7702 standard support in wallet modules

Files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts
• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

**/*.test.{ts,tsx}

📄 CodeRabbit Inference Engine (CLAUDE.md)

**/*.test.{ts,tsx}: Place tests alongside code: foo.ts ↔ foo.test.ts
Use real function invocations with stub data in tests; avoid brittle mocks
Use Mock Service Worker (MSW) for fetch/HTTP call interception in tests
Keep tests deterministic and side-effect free
Use FORKED_ETHEREUM_CHAIN for mainnet interactions and ANVIL_CHAIN for isolated tests

Files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

🧠 Learnings (15)

📓 Common learnings

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-07-18T19:20:32.530Z
Learning: Applies to dashboard/**/*client.tsx : Anything that consumes hooks from `@tanstack/react-query` or thirdweb SDKs.

Learnt from: Yash094
PR: thirdweb-dev/js#7608
File: apps/dashboard/src/@/api/team.ts:96-96
Timestamp: 2025-07-15T08:25:44.584Z
Learning: In the thirdweb dashboard codebase, the `getTeamById` function was actually a wrapper around `getTeamBySlug`, so removing it and calling `getTeamBySlug` directly doesn't change functionality. The `LAST_USED_TEAM_ID` cookie and related variables were storing slugs all along, not IDs.

📚 Learning: applies to apps/{dashboard,playground-web}/**/*.{ts,tsx} : use `authorization: bearer` header – neve...

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-18T19:19:55.613Z
Learning: Applies to apps/{dashboard,playground-web}/**/*.{ts,tsx} : Use `Authorization: Bearer` header – never embed tokens in URLs

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts
• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

📚 Learning: applies to dashboard/**/api/**/*.{ts,tsx} : pass the token in the `authorization: bearer` header – n...

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-07-18T19:20:32.530Z
Learning: Applies to dashboard/**/api/**/*.{ts,tsx} : Pass the token in the `Authorization: Bearer` header – never embed it in the URL.

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts
• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

📚 Learning: applies to apps/{dashboard,playground-web}/**/*.{ts,tsx} : keep tokens secret via internal api route...

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-18T19:19:55.613Z
Learning: Applies to apps/{dashboard,playground-web}/**/*.{ts,tsx} : Keep tokens secret via internal API routes or server actions

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts
• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

📚 Learning: applies to dashboard/**/api/**/*.{ts,tsx} : always call `getauthtoken()` to get the jwt from cookies...

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-07-18T19:20:32.530Z
Learning: Applies to dashboard/**/api/**/*.{ts,tsx} : Always call `getAuthToken()` to get the JWT from cookies.

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts
• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

📚 Learning: applies to apps/{dashboard,playground-web}/**/*.{ts,tsx} : always call `getauthtoken()` to retrieve ...

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-18T19:19:55.613Z
Learning: Applies to apps/{dashboard,playground-web}/**/*.{ts,tsx} : Always call `getAuthToken()` to retrieve JWT from cookies on server side

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts
• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

📚 Learning: applies to dashboard/**/*client.tsx : prefer api routes or server actions to keep tokens secret; the...

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-07-18T19:20:32.530Z
Learning: Applies to dashboard/**/*client.tsx : Prefer API routes or server actions to keep tokens secret; the browser only sees relative paths.

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts

📚 Learning: applies to packages/thirdweb/src/wallets/** : support for in-app wallets (social/email login)...

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-18T19:19:55.613Z
Learning: Applies to packages/thirdweb/src/wallets/** : Support for in-app wallets (social/email login)

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts
• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

📚 Learning: in the thirdweb dashboard codebase, the `getteambyid` function was actually a wrapper around `gettea...

Learnt from: Yash094
PR: thirdweb-dev/js#7608
File: apps/dashboard/src/@/api/team.ts:96-96
Timestamp: 2025-07-15T08:25:44.584Z
Learning: In the thirdweb dashboard codebase, the `getTeamById` function was actually a wrapper around `getTeamBySlug`, so removing it and calling `getTeamBySlug` directly doesn't change functionality. The `LAST_USED_TEAM_ID` cookie and related variables were storing slugs all along, not IDs.

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts
• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

📚 Learning: applies to dashboard/**/*.{ts,tsx} : reading cookies/headers with `next/headers` (`getauthtoken()`, ...

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-07-18T19:20:32.530Z
Learning: Applies to dashboard/**/*.{ts,tsx} : Reading cookies/headers with `next/headers` (`getAuthToken()`, `cookies()`).

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts

📚 Learning: in the logout flow in apps/dashboard/src/app/(app)/account/components/accountheader.tsx, when `dolog...

Learnt from: jnsdls
PR: thirdweb-dev/js#7364
File: apps/dashboard/src/app/(app)/account/components/AccountHeader.tsx:36-41
Timestamp: 2025-06-18T02:13:34.500Z
Learning: In the logout flow in apps/dashboard/src/app/(app)/account/components/AccountHeader.tsx, when `doLogout()` fails, the cleanup steps (resetAnalytics(), wallet disconnect, router refresh) should NOT execute. This is intentional to maintain consistency - if server-side logout fails, client-side cleanup should not occur.

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts

📚 Learning: applies to dashboard/**/*client.tsx : create light wrappers (e.g. `fetchjson`) that automatically at...

Learnt from: CR
PR: thirdweb-dev/js#0
File: .cursor/rules/dashboard.mdc:0-0
Timestamp: 2025-07-18T19:20:32.530Z
Learning: Applies to dashboard/**/*client.tsx : Create light wrappers (e.g. `fetchJson`) that automatically attach the JWT from cookies/session when calling internal API routes.

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts

📚 Learning: applies to test/src/test-wallets.ts : predefined test accounts are in `test/src/test-wallets.ts`...

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-18T19:19:55.613Z
Learning: Applies to test/src/test-wallets.ts : Predefined test accounts are in `test/src/test-wallets.ts`

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

📚 Learning: applies to packages/thirdweb/src/wallets/** : eip-1193, eip-5792, eip-7702 standard support in walle...

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-18T19:19:55.613Z
Learning: Applies to packages/thirdweb/src/wallets/** : EIP-1193, EIP-5792, EIP-7702 standard support in wallet modules

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

📚 Learning: applies to **/*.test.{ts,tsx} : keep tests deterministic and side-effect free...

Learnt from: CR
PR: thirdweb-dev/js#0
File: CLAUDE.md:0-0
Timestamp: 2025-07-18T19:19:55.613Z
Learning: Applies to **/*.test.{ts,tsx} : Keep tests deterministic and side-effect free

Applied to files:

• packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: E2E Tests (pnpm, esbuild)
• GitHub Check: Size
• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: E2E Tests (pnpm, vite)
• GitHub Check: Unit Tests
• GitHub Check: Lint Packages
• GitHub Check: Build Packages
• GitHub Check: Analyze (javascript)

🔇 Additional comments (7)

packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.ts (2)

35-42: LGTM! Clean implementation of selective parameter removal.

The approach of creating a new URLSearchParams instance and selectively removing only thirdweb-specific parameters is correct and preserves custom URL parameters as intended.

---

43-49: LGTM! Proper URL reconstruction with conditional query string handling.

The conditional logic correctly handles both scenarios - preserving custom parameters when they exist and removing the query string entirely when no parameters remain after thirdweb parameter removal.

packages/thirdweb/src/wallets/in-app/web/lib/get-url-token.test.tsx (5)

70-72: LGTM! Good addition to verify URL cleaning behavior.

The test correctly verifies that thirdweb parameters are removed from the URL after processing.

---

87-89: LGTM! Consistent verification of complete thirdweb parameter removal.

The test correctly verifies that all thirdweb parameters are removed from the URL when they're all present.

---

91-106: Excellent test coverage for the core requirement!

This test directly addresses the PR objective by verifying that custom parameters are preserved while thirdweb parameters are removed. The test comprehensively covers the mixed parameter scenario with realistic parameter names.

---

108-123: LGTM! Comprehensive test with realistic tracking parameters.

This test covers the complete scenario with all thirdweb parameters present and uses realistic tracking parameters (utm_source, ref) that are commonly found in production URLs.

---

125-134: LGTM! Important edge case coverage.

This test correctly covers the boundary condition where only custom parameters exist, ensuring the function returns undefined and leaves the URL unchanged when no thirdweb parameters are present.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cursor/preserve-custom-url-parameters-in-autoconnect-3bf4

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[graphite-app]

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge-queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

[github-actions]

size-limit report 📦

Path	Size	Loading time (3g)	Running time (snapdragon)	Total time
thirdweb (esm)	63.15 KB (0%)	1.3 s (0%)	182 ms (+123.81% 🔺)	1.5 s
thirdweb (cjs)	353.02 KB (0%)	7.1 s (0%)	609 ms (+4.33% 🔺)	7.7 s
thirdweb (minimal + tree-shaking)	5.7 KB (0%)	114 ms (0%)	73 ms (+1314.22% 🔺)	187 ms
thirdweb/chains (tree-shaking)	526 B (0%)	11 ms (0%)	50 ms (+3642.01% 🔺)	61 ms
thirdweb/react (minimal + tree-shaking)	19.3 KB (0%)	386 ms (0%)	56 ms (+509.95% 🔺)	442 ms