fix: authts#158 default response mode is explicit query

ncats · Nov 2, 2021 · b442b84 · b442b84
1 parent ee1045c
commit b442b84
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 11 deletions.
diff --git a/docs/oidc-client-ts.api.md b/docs/oidc-client-ts.api.md
@@ -579,8 +579,8 @@ export class WebStorageStateStore implements StateStore {
 //
 // src/OidcClient.ts:114:88 - (ae-forgotten-export) The symbol "SigninState" needs to be exported by the entry point index.d.ts
 // src/OidcClient.ts:114:108 - (ae-forgotten-export) The symbol "SigninResponse" needs to be exported by the entry point index.d.ts
-// src/OidcClient.ts:184:89 - (ae-forgotten-export) The symbol "State" needs to be exported by the entry point index.d.ts
-// src/OidcClient.ts:184:115 - (ae-forgotten-export) The symbol "SignoutResponse" needs to be exported by the entry point index.d.ts
+// src/OidcClient.ts:181:89 - (ae-forgotten-export) The symbol "State" needs to be exported by the entry point index.d.ts
+// src/OidcClient.ts:181:115 - (ae-forgotten-export) The symbol "SignoutResponse" needs to be exported by the entry point index.d.ts
 
 // (No @packageDocumentation comment for this package)
 

diff --git a/src/OidcClient.ts b/src/OidcClient.ts
@@ -114,10 +114,7 @@ export class OidcClient {
     public async readSigninResponseState(url?: string, removeState = false): Promise<{ state: SigninState; response: SigninResponse }> {
         Log.debug("OidcClient.readSigninResponseState");
 
-        const useQuery = this.settings.response_mode === "query" ||
-            (!this.settings.response_mode && this.settings.response_type === "code");
-        const delimiter = useQuery ? "?" : "#";
-
+        const delimiter = this.settings.response_mode === "query" ? "?" : "#";
         const response = new SigninResponse(url, delimiter);
         const stateKey = response.state_id;
         if (!stateKey) {

diff --git a/src/OidcClientSettings.ts b/src/OidcClientSettings.ts
@@ -8,6 +8,7 @@ import type { StateStore } from "./StateStore";
 const DefaultResponseType = "code";
 const DefaultScope = "openid";
 const DefaultClientAuthentication = "client_secret_post"; // The default value must be client_secret_basic, as explained in https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
+const DefaultResponseMode = "query";
 const DefaultStaleStateAgeInSeconds = 60 * 15; // seconds
 const DefaultClockSkewInSeconds = 60 * 5;
 
@@ -93,7 +94,7 @@ export class OidcClientSettingsStore {
     public readonly ui_locales: string | undefined;
     public readonly acr_values: string | undefined;
     public readonly resource: string | undefined;
-    public readonly response_mode: "query" | "fragment" | undefined;
+    public readonly response_mode: "query" | "fragment";
 
     // behavior flags
     public readonly filterProtocolClaims: boolean;
@@ -117,7 +118,7 @@ export class OidcClientSettingsStore {
         redirect_uri, post_logout_redirect_uri,
         client_authentication = DefaultClientAuthentication,
         // optional protocol
-        prompt, display, max_age, ui_locales, acr_values, resource, response_mode,
+        prompt, display, max_age, ui_locales, acr_values, resource, response_mode = DefaultResponseMode,
         // behavior flags
         filterProtocolClaims = true,
         loadUserInfo = false,

diff --git a/src/UserManager.ts b/src/UserManager.ts
@@ -415,9 +415,7 @@ export class UserManager {
     }
     protected async _signinCallback(url: string | undefined, navigator: IFrameNavigator | PopupNavigator): Promise<void> {
         Log.debug("UserManager._signinCallback");
-        const useQuery = this.settings.response_mode === "query" ||
-            (!this.settings.response_mode && this.settings.response_type === "code");
-        const delimiter = useQuery ? "?" : "#";
+        const delimiter = this.settings.response_mode === "query" ? "?" : "#";
         await navigator.callback(url, false, delimiter);
     }