fix: #1010 make response mode optional

authts · Nov 15, 2023 · 73fb525 · 73fb525
1 parent b236525
commit 73fb525
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/docs/migration.md b/docs/migration.md
@@ -10,6 +10,7 @@ The API is largely backwards-compatible. The merge claims behavior has been impr
   - `refreshTokenCredentials` use `fetchRequestCredentials` since 2.1.0
 - the `mergeClaims` has been replaced by `mergeClaimsStrategy`
   - if the previous behavior is needed `mergeClaimsStrategy: { array: "merge" }` can be used
+- default of `response_mode` changed from `query` &rarr; `undefined`
 
 
 ## oidc-client v1.11.5 &rarr; oidc-client-ts v2.0.0

diff --git a/src/OidcClientSettings.ts b/src/OidcClientSettings.ts
@@ -9,7 +9,6 @@ import { InMemoryWebStorage } from "./InMemoryWebStorage";
 const DefaultResponseType = "code";
 const DefaultScope = "openid";
 const DefaultClientAuthentication = "client_secret_post";
-const DefaultResponseMode = "query";
 const DefaultStaleStateAgeInSeconds = 60 * 15;
 
 /**
@@ -72,7 +71,14 @@ export interface OidcClientSettings {
     /** optional protocol param */
     resource?: string | string[];
 
-    /** optional protocol param (default: "query") */
+    /**
+     * Optional protocol param (default: undefined)
+     * The response mode the authority server is using is defined by the response_type unless explicitly specified:
+     * - Response mode for the OAuth 2.0 "code" response type is the "query" encoding
+     * - Response mode for the OAuth 2.0 "token" response Type is the "fragment" encoding
+     *
+     * @see https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
+     */
     response_mode?: "query" | "fragment";
 
     /**
@@ -163,7 +169,7 @@ export class OidcClientSettingsStore {
     public readonly ui_locales: string | undefined;
     public readonly acr_values: string | undefined;
     public readonly resource: string | string[] | undefined;
-    public readonly response_mode: "query" | "fragment";
+    public readonly response_mode: "query" | "fragment" | undefined;
 
     // behavior flags
     public readonly filterProtocolClaims: boolean | string[];
@@ -191,7 +197,7 @@ export class OidcClientSettingsStore {
         redirect_uri, post_logout_redirect_uri,
         client_authentication = DefaultClientAuthentication,
         // optional protocol
-        prompt, display, max_age, ui_locales, acr_values, resource, response_mode = DefaultResponseMode,
+        prompt, display, max_age, ui_locales, acr_values, resource, response_mode,
         // behavior flags
         filterProtocolClaims = true,
         loadUserInfo = false,