diff --git a/src/OidcClientSettings.ts b/src/OidcClientSettings.ts index 95bbb0956..da6689756 100644 --- a/src/OidcClientSettings.ts +++ b/src/OidcClientSettings.ts @@ -5,7 +5,7 @@ import { WebStorageStateStore } from "./WebStorageStateStore"; import { OidcMetadata } from "./OidcMetadata"; import { StateStore } from "./StateStore"; -const DefaultResponseType = "id_token"; +const DefaultResponseType = "code"; const DefaultScope = "openid"; const DefaultClientAuthentication = "client_secret_post"; // The default value must be client_secret_basic, as explained in https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication const DefaultStaleStateAgeInSeconds = 60 * 15; // seconds @@ -25,9 +25,9 @@ export interface OidcClientSettings { /** Your client application's identifier as registered with the OIDC/OAuth2 */ client_id: string; client_secret?: string; - /** The type of response desired from the OIDC/OAuth2 provider (default: 'id_token') */ + /** The type of response desired from the OIDC/OAuth2 provider (default: "code") */ response_type?: string; - /** The scope being requested from the OIDC/OAuth2 provider (default: 'openid') */ + /** The scope being requested from the OIDC/OAuth2 provider (default: "openid") */ scope?: string; /** The redirect URI of your client application to receive a response from the OIDC/OAuth2 provider */ redirect_uri: string; diff --git a/src/UserManagerSettings.ts b/src/UserManagerSettings.ts index db6344817..a4cc9e32e 100644 --- a/src/UserManagerSettings.ts +++ b/src/UserManagerSettings.ts @@ -25,13 +25,14 @@ export interface UserManagerSettings extends OidcClientSettings { silent_redirect_uri?: string; /** Number of seconds to wait for the silent renew to return before assuming it has failed or timed out (default: 10) */ silentRequestTimeoutInSeconds?: number; - /** Flag to indicate if there should be an automatic attempt to renew the access token prior to its expiration (default: false) */ + /** Flag to indicate if there should be an automatic attempt to renew the access token prior to its expiration (default: true) */ automaticSilentRenew?: boolean; + /** Flag to validate user.profile.sub in silent renew calls (default: true) */ validateSubOnSilentRenew?: boolean; - /** Flag to control if id_token is included as id_token_hint in silent renew calls (default: true) */ + /** Flag to control if id_token is included as id_token_hint in silent renew calls (default: false) */ includeIdTokenInSilentRenew?: boolean; - /** Will raise events for when user has performed a signout at the OP (default: true) */ + /** Will raise events for when user has performed a signout at the OP (default: false) */ monitorSession?: boolean; monitorAnonymousSession?: boolean; /** Interval in seconds to check the user's session (default: 2) */ @@ -79,18 +80,22 @@ export class UserManagerSettingsStore extends OidcClientSettingsStore { popupWindowFeatures, popupWindowTarget, redirectMethod, + silent_redirect_uri, silentRequestTimeoutInSeconds, - automaticSilentRenew = false, - validateSubOnSilentRenew = false, - includeIdTokenInSilentRenew = true, - monitorSession = true, + automaticSilentRenew = true, + validateSubOnSilentRenew = true, + includeIdTokenInSilentRenew = false, + + monitorSession = false, monitorAnonymousSession = false, checkSessionIntervalInSeconds = DefaultCheckSessionIntervalInSeconds, - stopCheckSessionOnError = true, query_status_response_type, + stopCheckSessionOnError = true, + revokeAccessTokenOnSignout = false, accessTokenExpiringNotificationTimeInSeconds = DefaultAccessTokenExpiringNotificationTimeInSeconds, + userStore = new WebStorageStateStore({ store: sessionStorage }) } = args; diff --git a/test/unit/OidcClientSettings.test.ts b/test/unit/OidcClientSettings.test.ts index 1367b1837..786365f08 100644 --- a/test/unit/OidcClientSettings.test.ts +++ b/test/unit/OidcClientSettings.test.ts @@ -64,7 +64,7 @@ describe("OidcClientSettings", () => { }); // assert - expect(subject.response_type).toEqual("id_token"); + expect(subject.response_type).toEqual("code"); }); }); diff --git a/test/unit/UserManagerSettings.test.ts b/test/unit/UserManagerSettings.test.ts index bea94dcea..174890ed1 100644 --- a/test/unit/UserManagerSettings.test.ts +++ b/test/unit/UserManagerSettings.test.ts @@ -138,11 +138,11 @@ describe("UserManagerSettings", () => { authority: "authority", client_id: "client", redirect_uri: "redirect", - automaticSilentRenew: true + automaticSilentRenew: false }); // assert - expect(subject.automaticSilentRenew).toEqual(true); + expect(subject.automaticSilentRenew).toEqual(false); }); it("should use default value", () => { @@ -154,7 +154,7 @@ describe("UserManagerSettings", () => { }); // assert - expect(subject.automaticSilentRenew).toEqual(false); + expect(subject.automaticSilentRenew).toEqual(true); }); }); @@ -167,11 +167,11 @@ describe("UserManagerSettings", () => { authority: "authority", client_id: "client", redirect_uri: "redirect", - validateSubOnSilentRenew: true + validateSubOnSilentRenew: false }); // assert - expect(subject.validateSubOnSilentRenew).toEqual(true); + expect(subject.validateSubOnSilentRenew).toEqual(false); }); it("should use default value", () => { @@ -183,7 +183,7 @@ describe("UserManagerSettings", () => { }); // assert - expect(subject.validateSubOnSilentRenew).toEqual(false); + expect(subject.validateSubOnSilentRenew).toEqual(true); }); }); @@ -202,19 +202,6 @@ describe("UserManagerSettings", () => { expect(subject.includeIdTokenInSilentRenew).toEqual(true); }); - it("should return false value from initial settings", () => { - // act - const subject = new UserManagerSettingsStore({ - authority: "authority", - client_id: "client", - redirect_uri: "redirect", - includeIdTokenInSilentRenew: false, - }); - - // assert - expect(subject.includeIdTokenInSilentRenew).toEqual(false); - }); - it("should use default value", () => { // act const subject = new UserManagerSettingsStore({ @@ -224,7 +211,7 @@ describe("UserManagerSettings", () => { }); // assert - expect(subject.includeIdTokenInSilentRenew).toEqual(true); + expect(subject.includeIdTokenInSilentRenew).toEqual(false); }); });