diff --git a/internal/library/anime/episode.go b/internal/library/anime/episode.go
index 7b4cdddb..4e10000d 100644
--- a/internal/library/anime/episode.go
+++ b/internal/library/anime/episode.go
@@ -267,7 +267,7 @@ func NewEpisodeMetadata(
 		md.Summary = epMetadata.Summary
 		md.Overview = epMetadata.Overview
 	} else {
-		md.Image = *media.GetBannerImage()
+		md.Image = media.GetBannerImageSafe()
 	}
 
 	return md
@@ -332,7 +332,7 @@ func NewSimpleMediaEntryEpisode(opts *NewSimpleMediaEntryEpisodeOptions) *MediaE
 			}
 		}
 
-		entryEp.EpisodeMetadata.Image = *opts.Media.GetCoverImage().GetLarge()
+		entryEp.EpisodeMetadata.Image = opts.Media.GetCoverImageSafe()
 
 	}
 
diff --git a/seanime-web/src/api/hooks/mal.hooks.ts b/seanime-web/src/api/hooks/mal.hooks.ts
index 26603327..f86d76cf 100644
--- a/seanime-web/src/api/hooks/mal.hooks.ts
+++ b/seanime-web/src/api/hooks/mal.hooks.ts
@@ -5,11 +5,12 @@ import { MalAuthResponse } from "@/api/generated/types"
 import { useQueryClient } from "@tanstack/react-query"
 import { toast } from "sonner"
 
-export function useMALAuth(enabled: boolean) {
+export function useMALAuth(variables: Partial<MALAuth_Variables>, enabled: boolean) {
     return useServerQuery<MalAuthResponse, MALAuth_Variables>({
         endpoint: API_ENDPOINTS.MAL.MALAuth.endpoint,
         method: API_ENDPOINTS.MAL.MALAuth.methods[0],
         queryKey: [API_ENDPOINTS.MAL.MALAuth.key],
+        data: variables as MALAuth_Variables,
         enabled: enabled,
     })
 }
diff --git a/seanime-web/src/app/(main)/mal/auth/callback/page.tsx b/seanime-web/src/app/(main)/mal/auth/callback/page.tsx
index 232eddd3..65dfe0f3 100644
--- a/seanime-web/src/app/(main)/mal/auth/callback/page.tsx
+++ b/seanime-web/src/app/(main)/mal/auth/callback/page.tsx
@@ -13,13 +13,17 @@ export default function Page() {
 
     const { code, state, challenge } = React.useMemo(() => {
         const urlParams = new URLSearchParams(window?.location?.search || "")
-        const code = urlParams.get("code")
-        const state = urlParams.get("state")
-        const challenge = sessionStorage.getItem("mal-" + state)
+        const code = urlParams.get("code") || undefined
+        const state = urlParams.get("state") || undefined
+        const challenge = sessionStorage.getItem("mal-" + state) || undefined
         return { code, state, challenge }
     }, [])
 
-    const { data, isError } = useMALAuth(!!code && !!state && !!challenge)
+    const { data, isError } = useMALAuth({
+        code: code,
+        state: state,
+        code_verifier: challenge,
+    }, !!code && !!state && !!challenge)
 
     React.useEffect(() => {
         if (!!data?.access_token) {