fix: update config

docs/oidc-client-ts.api.md

@@ -341,6 +341,7 @@ export interface OidcClientSettings {
     clockSkewInSeconds?: number;
     disablePKCE?: boolean;
     display?: string;
+    enable_dpop?: boolean;
     extraQueryParams?: Record<string, string | number | boolean>;
     // (undocumented)
     extraTokenParams?: Record<string, unknown>;
@@ -392,6 +393,8 @@ export class OidcClientSettingsStore {
     // (undocumented)
     readonly display: string | undefined;
     // (undocumented)
+    readonly enable_dpop?: boolean;
+    // (undocumented)
     readonly extraQueryParams: Record<string, string | number | boolean>;
     // (undocumented)
     readonly extraTokenParams: Record<string, unknown>;
@@ -1018,6 +1021,8 @@ export interface UserManagerSettings extends OidcClientSettings {
     accessTokenExpiringNotificationTimeInSeconds?: number;
     automaticSilentRenew?: boolean;
     checkSessionIntervalInSeconds?: number;
+    // (undocumented)
+    enable_dpop?: boolean;
     iframeNotifyParentOrigin?: string;
     iframeScriptOrigin?: string;
     includeIdTokenInSilentRenew?: boolean;

src/OidcClientSettings.ts

@@ -130,6 +130,11 @@ export interface OidcClientSettings {
      * Only scopes in this list will be passed in the token refresh request.
      */
     refreshTokenAllowedScope?: string | undefined;
+
+    /**
+     * enable DPoP
+     */
+    enable_dpop?: boolean;
 }
 
 /**
@@ -154,6 +159,7 @@ export class OidcClientSettingsStore {
     public readonly redirect_uri: string;
     public readonly post_logout_redirect_uri: string | undefined;
     public readonly client_authentication: "client_secret_basic" | "client_secret_post";
+    public readonly enable_dpop?: boolean;
 
     // optional protocol params
     public readonly prompt: string | undefined;
@@ -209,6 +215,7 @@ export class OidcClientSettingsStore {
         // extra query params
         extraQueryParams = {},
         extraTokenParams = {},
+        enable_dpop = false,
     }: OidcClientSettings) {
 
         this.authority = authority;
@@ -272,5 +279,6 @@ export class OidcClientSettingsStore {
 
         this.extraQueryParams = extraQueryParams;
         this.extraTokenParams = extraTokenParams;
+        this.enable_dpop = enable_dpop;
     }
 }

src/TokenClient.ts

@@ -127,8 +127,8 @@ export class TokenClient {
         const url = await this._metadataService.getTokenEndpoint(false);
         logger.debug("got token endpoint");
 
-        const dpopHeader = await buildDPoPHeader(url, "POST", undefined);
-
+        const dpopHeader = this._settings.enable_dpop ? await buildDPoPHeader(url, "POST", undefined) : undefined;
+        
         const response = await this._jsonService.postForm(url, { body: params, basicAuth, initCredentials: this._settings.fetchRequestCredentials, dpopHeader });
         logger.debug("got response");
 

src/UserManagerSettings.ts

@@ -82,6 +82,7 @@ export interface UserManagerSettings extends OidcClientSettings {
      *  E.g. `userStore: new WebStorageStateStore({ store: window.localStorage })`
      */
     userStore?: WebStorageStateStore;
+    enable_dpop?: boolean;
 }
 
 /**