From b442b844b348c4e3d4f95942cddf2a2ef9cc68ce Mon Sep 17 00:00:00 2001
From: pamapa <pamapa@users.noreply.github.com>
Date: Tue, 2 Nov 2021 12:58:19 +0100
Subject: [PATCH] fix: #158 default response mode is explicit query

---
 docs/oidc-client-ts.api.md | 4 ++--
 src/OidcClient.ts          | 5 +----
 src/OidcClientSettings.ts  | 5 +++--
 src/UserManager.ts         | 4 +---
 4 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/docs/oidc-client-ts.api.md b/docs/oidc-client-ts.api.md
index f92c0e5c1..c077a137a 100644
--- a/docs/oidc-client-ts.api.md
+++ b/docs/oidc-client-ts.api.md
@@ -579,8 +579,8 @@ export class WebStorageStateStore implements StateStore {
 //
 // src/OidcClient.ts:114:88 - (ae-forgotten-export) The symbol "SigninState" needs to be exported by the entry point index.d.ts
 // src/OidcClient.ts:114:108 - (ae-forgotten-export) The symbol "SigninResponse" needs to be exported by the entry point index.d.ts
-// src/OidcClient.ts:184:89 - (ae-forgotten-export) The symbol "State" needs to be exported by the entry point index.d.ts
-// src/OidcClient.ts:184:115 - (ae-forgotten-export) The symbol "SignoutResponse" needs to be exported by the entry point index.d.ts
+// src/OidcClient.ts:181:89 - (ae-forgotten-export) The symbol "State" needs to be exported by the entry point index.d.ts
+// src/OidcClient.ts:181:115 - (ae-forgotten-export) The symbol "SignoutResponse" needs to be exported by the entry point index.d.ts
 
 // (No @packageDocumentation comment for this package)
 
diff --git a/src/OidcClient.ts b/src/OidcClient.ts
index 7373c6502..ef8b86f12 100644
--- a/src/OidcClient.ts
+++ b/src/OidcClient.ts
@@ -114,10 +114,7 @@ export class OidcClient {
     public async readSigninResponseState(url?: string, removeState = false): Promise<{ state: SigninState; response: SigninResponse }> {
         Log.debug("OidcClient.readSigninResponseState");
 
-        const useQuery = this.settings.response_mode === "query" ||
-            (!this.settings.response_mode && this.settings.response_type === "code");
-        const delimiter = useQuery ? "?" : "#";
-
+        const delimiter = this.settings.response_mode === "query" ? "?" : "#";
         const response = new SigninResponse(url, delimiter);
         const stateKey = response.state_id;
         if (!stateKey) {
diff --git a/src/OidcClientSettings.ts b/src/OidcClientSettings.ts
index be84130e4..ec5624374 100644
--- a/src/OidcClientSettings.ts
+++ b/src/OidcClientSettings.ts
@@ -8,6 +8,7 @@ import type { StateStore } from "./StateStore";
 const DefaultResponseType = "code";
 const DefaultScope = "openid";
 const DefaultClientAuthentication = "client_secret_post"; // The default value must be client_secret_basic, as explained in https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
+const DefaultResponseMode = "query";
 const DefaultStaleStateAgeInSeconds = 60 * 15; // seconds
 const DefaultClockSkewInSeconds = 60 * 5;
 
@@ -93,7 +94,7 @@ export class OidcClientSettingsStore {
     public readonly ui_locales: string | undefined;
     public readonly acr_values: string | undefined;
     public readonly resource: string | undefined;
-    public readonly response_mode: "query" | "fragment" | undefined;
+    public readonly response_mode: "query" | "fragment";
 
     // behavior flags
     public readonly filterProtocolClaims: boolean;
@@ -117,7 +118,7 @@ export class OidcClientSettingsStore {
         redirect_uri, post_logout_redirect_uri,
         client_authentication = DefaultClientAuthentication,
         // optional protocol
-        prompt, display, max_age, ui_locales, acr_values, resource, response_mode,
+        prompt, display, max_age, ui_locales, acr_values, resource, response_mode = DefaultResponseMode,
         // behavior flags
         filterProtocolClaims = true,
         loadUserInfo = false,
diff --git a/src/UserManager.ts b/src/UserManager.ts
index 6eb242742..2bf2da714 100644
--- a/src/UserManager.ts
+++ b/src/UserManager.ts
@@ -415,9 +415,7 @@ export class UserManager {
     }
     protected async _signinCallback(url: string | undefined, navigator: IFrameNavigator | PopupNavigator): Promise<void> {
         Log.debug("UserManager._signinCallback");
-        const useQuery = this.settings.response_mode === "query" ||
-            (!this.settings.response_mode && this.settings.response_type === "code");
-        const delimiter = useQuery ? "?" : "#";
+        const delimiter = this.settings.response_mode === "query" ? "?" : "#";
         await navigator.callback(url, false, delimiter);
     }