Skip to content

Commit b5d3233

Browse files
authored
Merge pull request authts#1248 from authts/response-mode-optional
Response mode optional
2 parents 7e22407 + cb02d8a commit b5d3233

3 files changed

Lines changed: 12 additions & 5 deletions

File tree

docs/migration.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ The API is largely backwards-compatible. The merge claims behavior has been impr
1010
- `refreshTokenCredentials` use `fetchRequestCredentials` since 2.1.0
1111
- the `mergeClaims` has been replaced by `mergeClaimsStrategy`
1212
- if the previous behavior is needed `mergeClaimsStrategy: { array: "merge" }` can be used
13+
- default of `response_mode` changed from `query` → `undefined`
1314

1415

1516
## oidc-client v1.11.5 → oidc-client-ts v2.0.0

docs/oidc-client-ts.api.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -432,7 +432,7 @@ export class OidcClientSettingsStore {
432432
// (undocumented)
433433
readonly resource: string | string[] | undefined;
434434
// (undocumented)
435-
readonly response_mode: "query" | "fragment";
435+
readonly response_mode: "query" | "fragment" | undefined;
436436
// (undocumented)
437437
readonly response_type: string;
438438
// (undocumented)

src/OidcClientSettings.ts

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@ import { InMemoryWebStorage } from "./InMemoryWebStorage";
99
const DefaultResponseType = "code";
1010
const DefaultScope = "openid";
1111
const DefaultClientAuthentication = "client_secret_post";
12-
const DefaultResponseMode = "query";
1312
const DefaultStaleStateAgeInSeconds = 60 * 15;
1413

1514
/**
@@ -72,7 +71,14 @@ export interface OidcClientSettings {
7271
/** optional protocol param */
7372
resource?: string | string[];
7473

75-
/** optional protocol param (default: "query") */
74+
/**
75+
* Optional protocol param
76+
* The response mode used by the authority server is defined by the response_type unless explicitly specified:
77+
* - Response mode for the OAuth 2.0 response type "code" is the "query" encoding
78+
* - Response mode for the OAuth 2.0 response type "token" is the "fragment" encoding
79+
*
80+
* @see https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#ResponseModes
81+
*/
7682
response_mode?: "query" | "fragment";
7783

7884
/**
@@ -163,7 +169,7 @@ export class OidcClientSettingsStore {
163169
public readonly ui_locales: string | undefined;
164170
public readonly acr_values: string | undefined;
165171
public readonly resource: string | string[] | undefined;
166-
public readonly response_mode: "query" | "fragment";
172+
public readonly response_mode: "query" | "fragment" | undefined;
167173

168174
// behavior flags
169175
public readonly filterProtocolClaims: boolean | string[];
@@ -191,7 +197,7 @@ export class OidcClientSettingsStore {
191197
redirect_uri, post_logout_redirect_uri,
192198
client_authentication = DefaultClientAuthentication,
193199
// optional protocol
194-
prompt, display, max_age, ui_locales, acr_values, resource, response_mode = DefaultResponseMode,
200+
prompt, display, max_age, ui_locales, acr_values, resource, response_mode,
195201
// behavior flags
196202
filterProtocolClaims = true,
197203
loadUserInfo = false,

0 commit comments

Comments
 (0)