fix: authts#9 change default settings to minimal + best practice

kyxyes · Sep 15, 2021 · 536dc68 · 536dc68
1 parent 949b273
commit 536dc68
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 32 deletions.
diff --git a/src/OidcClientSettings.ts b/src/OidcClientSettings.ts
@@ -5,7 +5,7 @@ import { WebStorageStateStore } from "./WebStorageStateStore";
 import { OidcMetadata } from "./OidcMetadata";
 import { StateStore } from "./StateStore";
 
-const DefaultResponseType = "id_token";
+const DefaultResponseType = "code";
 const DefaultScope = "openid";
 const DefaultClientAuthentication = "client_secret_post"; // The default value must be client_secret_basic, as explained in https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
 const DefaultStaleStateAgeInSeconds = 60 * 15; // seconds
@@ -25,9 +25,9 @@ export interface OidcClientSettings {
     /** Your client application's identifier as registered with the OIDC/OAuth2 */
     client_id: string;
     client_secret?: string;
-    /** The type of response desired from the OIDC/OAuth2 provider (default: 'id_token') */
+    /** The type of response desired from the OIDC/OAuth2 provider (default: "code") */
     response_type?: string;
-    /** The scope being requested from the OIDC/OAuth2 provider (default: 'openid') */
+    /** The scope being requested from the OIDC/OAuth2 provider (default: "openid") */
     scope?: string;
     /** The redirect URI of your client application to receive a response from the OIDC/OAuth2 provider */
     redirect_uri: string;

diff --git a/src/UserManagerSettings.ts b/src/UserManagerSettings.ts
@@ -25,13 +25,14 @@ export interface UserManagerSettings extends OidcClientSettings {
     silent_redirect_uri?: string;
     /** Number of seconds to wait for the silent renew to return before assuming it has failed or timed out (default: 10) */
     silentRequestTimeoutInSeconds?: number;
-    /** Flag to indicate if there should be an automatic attempt to renew the access token prior to its expiration (default: false) */
+    /** Flag to indicate if there should be an automatic attempt to renew the access token prior to its expiration (default: true) */
     automaticSilentRenew?: boolean;
+    /** Flag to validate user.profile.sub in silent renew calls (default: true) */
     validateSubOnSilentRenew?: boolean;
-    /** Flag to control if id_token is included as id_token_hint in silent renew calls (default: true) */
+    /** Flag to control if id_token is included as id_token_hint in silent renew calls (default: false) */
     includeIdTokenInSilentRenew?: boolean;
 
-    /** Will raise events for when user has performed a signout at the OP (default: true) */
+    /** Will raise events for when user has performed a signout at the OP (default: false) */
     monitorSession?: boolean;
     monitorAnonymousSession?: boolean;
     /** Interval in seconds to check the user's session (default: 2) */
@@ -79,18 +80,22 @@ export class UserManagerSettingsStore extends OidcClientSettingsStore {
             popupWindowFeatures,
             popupWindowTarget,
             redirectMethod,
+
             silent_redirect_uri,
             silentRequestTimeoutInSeconds,
-            automaticSilentRenew = false,
-            validateSubOnSilentRenew = false,
-            includeIdTokenInSilentRenew = true,
-            monitorSession = true,
+            automaticSilentRenew = true,
+            validateSubOnSilentRenew = true,
+            includeIdTokenInSilentRenew = false,
+
+            monitorSession = false,
             monitorAnonymousSession = false,
             checkSessionIntervalInSeconds = DefaultCheckSessionIntervalInSeconds,
-            stopCheckSessionOnError = true,
             query_status_response_type,
+            stopCheckSessionOnError = true,
+
             revokeAccessTokenOnSignout = false,
             accessTokenExpiringNotificationTimeInSeconds = DefaultAccessTokenExpiringNotificationTimeInSeconds,
+
             userStore = new WebStorageStateStore({ store: sessionStorage })
         } = args;
 

diff --git a/test/unit/OidcClientSettings.test.ts b/test/unit/OidcClientSettings.test.ts
@@ -64,7 +64,7 @@ describe("OidcClientSettings", () => {
             });
 
             // assert
-            expect(subject.response_type).toEqual("id_token");
+            expect(subject.response_type).toEqual("code");
         });
 
     });

diff --git a/test/unit/UserManagerSettings.test.ts b/test/unit/UserManagerSettings.test.ts
@@ -138,11 +138,11 @@ describe("UserManagerSettings", () => {
                 authority: "authority",
                 client_id: "client",
                 redirect_uri: "redirect",
-                automaticSilentRenew: true
+                automaticSilentRenew: false
             });
 
             // assert
-            expect(subject.automaticSilentRenew).toEqual(true);
+            expect(subject.automaticSilentRenew).toEqual(false);
         });
 
         it("should use default value", () => {
@@ -154,7 +154,7 @@ describe("UserManagerSettings", () => {
             });
 
             // assert
-            expect(subject.automaticSilentRenew).toEqual(false);
+            expect(subject.automaticSilentRenew).toEqual(true);
         });
 
     });
@@ -167,11 +167,11 @@ describe("UserManagerSettings", () => {
                 authority: "authority",
                 client_id: "client",
                 redirect_uri: "redirect",
-                validateSubOnSilentRenew: true
+                validateSubOnSilentRenew: false
             });
 
             // assert
-            expect(subject.validateSubOnSilentRenew).toEqual(true);
+            expect(subject.validateSubOnSilentRenew).toEqual(false);
         });
 
         it("should use default value", () => {
@@ -183,7 +183,7 @@ describe("UserManagerSettings", () => {
             });
 
             // assert
-            expect(subject.validateSubOnSilentRenew).toEqual(false);
+            expect(subject.validateSubOnSilentRenew).toEqual(true);
         });
 
     });
@@ -202,19 +202,6 @@ describe("UserManagerSettings", () => {
             expect(subject.includeIdTokenInSilentRenew).toEqual(true);
         });
 
-        it("should return false value from initial settings", () => {
-            // act
-            const subject = new UserManagerSettingsStore({
-                authority: "authority",
-                client_id: "client",
-                redirect_uri: "redirect",
-                includeIdTokenInSilentRenew: false,
-            });
-
-            // assert
-            expect(subject.includeIdTokenInSilentRenew).toEqual(false);
-        });
-
         it("should use default value", () => {
             // act
             const subject = new UserManagerSettingsStore({
@@ -224,7 +211,7 @@ describe("UserManagerSettings", () => {
             });
 
             // assert
-            expect(subject.includeIdTokenInSilentRenew).toEqual(true);
+            expect(subject.includeIdTokenInSilentRenew).toEqual(false);
         });
     });
-Original file line number
+Diff line change
@@ Expand Up / @@ -64,7 +64,7 @@ describe("OidcClientSettings", () => { @@
                 });
                 // assert
-                expect(subject.response_type).toEqual("id_token");
+                expect(subject.response_type).toEqual("code");
             });
         });
@@ Expand Down @@