update for query response type; allow response_type settings param

brockallen · brockallen · commit 5fbce7cfe529 · 2018-12-09T12:04:38.000-05:00
diff --git a/index.d.ts b/index.d.ts
@@ -123,6 +123,7 @@ export interface OidcClientSettings {
   client_id?: string;
   client_secret?: string;
   readonly response_type?: string;
+  readonly response_mode?: string;
   readonly scope?: string;
   readonly redirect_uri?: string;
   readonly post_logout_redirect_uri?: string;
diff --git a/src/OidcClient.js b/src/OidcClient.js
@@ -44,7 +44,7 @@ export class OidcClient {
         // have round tripped, but people were getting confused, so i added state (since that matches the spec)
         // and so now if data is not passed, but state is then state will be used
         data, state, prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values,
-        resource, request, request_uri, extraQueryParams } = {},
+        resource, request, request_uri, response_mode, extraQueryParams } = {},
         stateStore
     ) {
         Log.debug("OidcClient.createSigninRequest");
@@ -61,6 +61,7 @@ export class OidcClient {
         ui_locales = ui_locales || this._settings.ui_locales;
         acr_values = acr_values || this._settings.acr_values;
         resource = resource || this._settings.resource;
+        response_mode = response_mode || this._settings.response_mode;
         extraQueryParams = extraQueryParams || this._settings.extraQueryParams;
 
         let authority = this._settings.authority;
@@ -81,7 +82,7 @@ export class OidcClient {
                 data: data || state,
                 authority,
                 prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values,
-                resource, request, request_uri, extraQueryParams,
+                resource, request, request_uri, extraQueryParams, response_mode
             });
 
             var signinState = signinRequest.state;
@@ -96,7 +97,12 @@ export class OidcClient {
     processSigninResponse(url, stateStore) {
         Log.debug("OidcClient.processSigninResponse");
 
-        var response = new SigninResponse(url);
+        let delimiter = "#";
+        if (this._settings.response_mode === "query" || SigninRequest.isCode(this._settings.response_type)) {
+            delimiter = "?";
+        }
+
+        var response = new SigninResponse(url, delimiter);
 
         if (!response.state) {
             Log.error("OidcClient.processSigninResponse: No state in response");
diff --git a/src/OidcClientSettings.js b/src/OidcClientSettings.js
@@ -21,7 +21,7 @@ export class OidcClientSettings {
         client_id, client_secret, response_type = DefaultResponseType, scope = DefaultScope,
         redirect_uri, post_logout_redirect_uri,
         // optional protocol
-        prompt, display, max_age, ui_locales, acr_values, resource,
+        prompt, display, max_age, ui_locales, acr_values, resource, response_mode,
         // behavior flags
         filterProtocolClaims = true, loadUserInfo = true,
         staleStateAge = DefaultStaleStateAge, clockSkew = DefaultClockSkewInSeconds,
@@ -51,6 +51,7 @@ export class OidcClientSettings {
         this._ui_locales = ui_locales;
         this._acr_values = acr_values;
         this._resource = resource;
+        this._response_mode = response_mode;
 
         this._filterProtocolClaims = !!filterProtocolClaims;
         this._loadUserInfo = !!loadUserInfo;
@@ -114,6 +115,9 @@ export class OidcClientSettings {
     get resource() {
         return this._resource;
     }
+    get response_mode() {
+        return this._response_mode;
+    }
 
 
     // metadata
diff --git a/src/SigninRequest.js b/src/SigninRequest.js
@@ -10,7 +10,7 @@ export class SigninRequest {
         // mandatory
         url, client_id, redirect_uri, response_type, scope, authority,
         // optional
-        data, prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values, resource,
+        data, prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values, resource, response_mode,
         request, request_uri, extraQueryParams,
     }) {
         if (!url) {
@@ -54,10 +54,9 @@ export class SigninRequest {
         if (code) {
             url = UrlUtility.addQueryParam(url, "code_challenge", this.state.code_challenge);
             url = UrlUtility.addQueryParam(url, "code_challenge_method", "S256");
-            url = UrlUtility.addQueryParam(url, "response_mode", "fragment");
         }
 
-        var optional = { prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values, resource, request, request_uri };
+        var optional = { prompt, display, max_age, ui_locales, id_token_hint, login_hint, acr_values, resource, request, request_uri, response_mode };
         for(let key in optional){
             if (optional[key]) {
                 url = UrlUtility.addQueryParam(url, key, optional[key]);
diff --git a/src/SigninResponse.js b/src/SigninResponse.js
@@ -6,9 +6,9 @@ import { UrlUtility } from './UrlUtility';
 const OidcScope = "openid";
 
 export class SigninResponse {
-    constructor(url) {
+    constructor(url, delimiter = "#") {
 
-        var values = UrlUtility.parseUrlFragment(url, "#");
+        var values = UrlUtility.parseUrlFragment(url, delimiter);
 
         this.error = values.error;
         this.error_description = values.error_description;
diff --git a/test/unit/OidcClient.spec.js b/test/unit/OidcClient.spec.js
@@ -120,6 +120,7 @@ describe("OidcClient", function () {
             var p = subject.createSigninRequest({
                 data: 'foo',
                 response_type: 'bar',
+                response_mode: 'mode',
                 scope: 'baz',
                 redirect_uri: 'quux',
                 prompt: 'p',
@@ -152,6 +153,7 @@ describe("OidcClient", function () {
                 url.should.contain("resource=res");
                 url.should.contain("request=req");
                 url.should.contain("request_uri=req_uri");
+                url.should.contain("response_mode=mode");
 
                 done();
             });
diff --git a/test/unit/OidcClientSettings.spec.js b/test/unit/OidcClientSettings.spec.js
@@ -163,6 +163,26 @@ describe("OidcClientSettings", function () {
         });
     });
 
+    describe("resource", function () {
+        it("should return value from initial settings", function () {
+            let subject = new OidcClientSettings({
+                client_id: 'client',
+                resource: "foo"
+            });
+            subject.resource.should.equal("foo");
+        });
+    });
+
+    describe("response_mode", function () {
+        it("should return value from initial settings", function () {
+            let subject = new OidcClientSettings({
+                client_id: 'client',
+                response_mode: "foo"
+            });
+            subject.response_mode.should.equal("foo");
+        });
+    });
+
     describe("authority", function () {
         it("should return value from initial settings", function () {
             let subject = new OidcClientSettings({
diff --git a/test/unit/SigninRequest.spec.js b/test/unit/SigninRequest.spec.js
@@ -175,6 +175,12 @@ describe("SigninRequest", function() {
             subject.url.should.contain("resource=foo");
         });
 
+        it("should include response_mode", function() {
+            settings.response_mode = "foo";
+            subject = new SigninRequest(settings);
+            subject.url.should.contain("response_mode=foo");
+        });
+
         it("should include request", function() {
             settings.request = "foo";
             subject = new SigninRequest(settings);
@@ -201,7 +207,6 @@ describe("SigninRequest", function() {
             subject = new SigninRequest(settings);
             subject.url.should.contain("code_challenge=");
             subject.url.should.contain("code_challenge_method=S256");
-            subject.url.should.contain("response_mode=fragment");
         });
         
         it("should include hybrid flow params", function() {
@@ -210,7 +215,6 @@ describe("SigninRequest", function() {
             subject.url.should.contain("nonce=");
             subject.url.should.contain("code_challenge=");
             subject.url.should.contain("code_challenge_method=S256");
-            subject.url.should.contain("response_mode=fragment");
         });
     });
 
