From 1970af41dc0cd62d44efb1f0a48bdc2a70bcd608 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Mon, 30 Nov 2020 13:42:31 +0100
Subject: [PATCH] fix: push pkce <> response type resolution to the
 authenticate function

fixes #312
---
 lib/passport_strategy.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/passport_strategy.js b/lib/passport_strategy.js
index 8c9e5089..0fc3e4a0 100644
--- a/lib/passport_strategy.js
+++ b/lib/passport_strategy.js
@@ -29,7 +29,7 @@ function OpenIDConnectStrategy({
   params = {},
   passReqToCallback = false,
   sessionKey,
-  usePKCE,
+  usePKCE = true,
   extras = {},
 } = {}, verify) {
   if (!(client instanceof BaseClient)) {
@@ -57,7 +57,7 @@ function OpenIDConnectStrategy({
   if (!this._params.redirect_uri) this._params.redirect_uri = resolveRedirectUri.call(client);
   if (!this._params.scope) this._params.scope = 'openid';
 
-  if (this._usePKCE === true || (typeof this._usePKCE === 'undefined' && this._params.response_type.includes('code'))) {
+  if (this._usePKCE === true) {
     const supportedMethods = Array.isArray(this._issuer.code_challenge_methods_supported)
       ? this._issuer.code_challenge_methods_supported : false;
 
@@ -101,7 +101,7 @@ OpenIDConnectStrategy.prototype.authenticate = function authenticate(req, option
 
       req.session[sessionKey] = pick(params, 'nonce', 'state', 'max_age', 'response_type');
 
-      if (this._usePKCE) {
+      if (this._usePKCE && params.response_type.includes('code')) {
         const verifier = random();
         req.session[sessionKey].code_verifier = verifier;