From d41bb0ff06b19d81f64682ffedecc87a7c34e3a3 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 29 Nov 2022 22:03:09 +0100 Subject: [PATCH] refactor!: change default on allowOmittingSingleRegisteredRedirectUri BREAKING CHANGE: Omitting a redirect_uri parameter when a single one is registered is now enabled by default (again). This can be reverted using the `allowOmittingSingleRegisteredRedirectUri` configuration option. --- docs/README.md | 2 +- lib/helpers/defaults.js | 2 +- test/default.config.js | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/README.md b/docs/README.md index f3b2f7231..73db6f326 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1954,7 +1954,7 @@ Allow omitting the redirect_uri parameter when only a single one is registered f _**default value**_: ```js -false +true ``` ### claims diff --git a/lib/helpers/defaults.js b/lib/helpers/defaults.js index b0ec57b86..dd7a5dfe7 100644 --- a/lib/helpers/defaults.js +++ b/lib/helpers/defaults.js @@ -729,7 +729,7 @@ function makeDefaults() { * * title: Allow omitting the redirect_uri parameter when only a single one is registered for a client. */ - allowOmittingSingleRegisteredRedirectUri: false, + allowOmittingSingleRegisteredRedirectUri: true, /* * acceptQueryParamAccessTokens diff --git a/test/default.config.js b/test/default.config.js index f0182c602..525d7e54c 100644 --- a/test/default.config.js +++ b/test/default.config.js @@ -54,7 +54,6 @@ export default () => ({ ], features: {}, enabledJWA: cloneDeep({ ...JWA }), - allowOmittingSingleRegisteredRedirectUri: true, pkce: { required: () => false, },