@@ -9,7 +9,6 @@ import { InMemoryWebStorage } from "./InMemoryWebStorage";
99const DefaultResponseType = "code" ;
1010const DefaultScope = "openid" ;
1111const DefaultClientAuthentication = "client_secret_post" ;
12- const DefaultResponseMode = "query" ;
1312const DefaultStaleStateAgeInSeconds = 60 * 15 ;
1413
1514/**
@@ -72,7 +71,14 @@ export interface OidcClientSettings {
7271 /** optional protocol param */
7372 resource ?: string | string [ ] ;
7473
75- /** optional protocol param (default: "query") */
74+ /**
75+ * Optional protocol param
76+ * The response mode used by the authority server is defined by the response_type unless explicitly specified:
77+ * - Response mode for the OAuth 2.0 response type "code" is the "query" encoding
78+ * - Response mode for the OAuth 2.0 response type "token" is the "fragment" encoding
79+ *
80+ * @see https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
81+ */
7682 response_mode ?: "query" | "fragment" ;
7783
7884 /**
@@ -163,7 +169,7 @@ export class OidcClientSettingsStore {
163169 public readonly ui_locales : string | undefined ;
164170 public readonly acr_values : string | undefined ;
165171 public readonly resource : string | string [ ] | undefined ;
166- public readonly response_mode : "query" | "fragment" ;
172+ public readonly response_mode : "query" | "fragment" | undefined ;
167173
168174 // behavior flags
169175 public readonly filterProtocolClaims : boolean | string [ ] ;
@@ -191,7 +197,7 @@ export class OidcClientSettingsStore {
191197 redirect_uri, post_logout_redirect_uri,
192198 client_authentication = DefaultClientAuthentication ,
193199 // optional protocol
194- prompt, display, max_age, ui_locales, acr_values, resource, response_mode = DefaultResponseMode ,
200+ prompt, display, max_age, ui_locales, acr_values, resource, response_mode,
195201 // behavior flags
196202 filterProtocolClaims = true ,
197203 loadUserInfo = false ,
0 commit comments