diff --git a/API.md b/API.md index faba4800..83187ca8 100644 --- a/API.md +++ b/API.md @@ -37,7 +37,7 @@ Additional configuration keys that can be passed to `auth()` on initialization: - **`legacySameSiteCookie`** - Set a fallback cookie with no SameSite attribute when `authorizationParams.response_mode` is `form_post`. Default is `true`. - **`loginPath`** - Relative path to application login. Default is `/login`. - **`logoutPath`** - Relative path to application logout. Default is `/logout`. -- **`postLogoutRedirectUri`** - Either a relative path to the application or a valid URI to an external domain. The user will be redirected to this after a logout has been performed. This value must be registered at the authorization server/ Default is `baseUrl`. +- **`postLogoutRedirectUri`** - Either a relative path to the application or a valid URI to an external domain. The user will be redirected to this after a logout has been performed. Adding a `returnTo` parameter on the logout route will override this value. The value used must be registered at the authorization server. Default is `baseUrl`. - **`redirectUriPath`** - Relative path to the application callback to process the response from the authorization server. This value is combined with the `baseUrl` and sent to the authorize endpoint as the `redirectUri` parameter. Default is `/callback`. - **`required`** - Use a boolean value to require authentication for all routes. Pass a function instead to base this value on the request. Default is `true`. - **`routes`** - Boolean value to automatically install the login and logout routes. See [the examples](EXAMPLES.md) for more information on how this key is used. Default is `true`. diff --git a/test/config.tests.js b/test/config.tests.js index 0c62c713..5d641446 100644 --- a/test/config.tests.js +++ b/test/config.tests.js @@ -20,16 +20,16 @@ describe('config', function() { assert.equal(config.authorizationParams.response_mode, 'form_post'); }); - it('should default to scope=openid profile email ', function() { + it('should default to scope=openid profile email', function() { assert.equal(config.authorizationParams.scope, 'openid profile email'); }); - it('should default to required true ', function() { + it('should default to required true', function() { assert.ok(config.required); }); }); - describe('when authorizationParams is response_type=x', function() { + describe('when authorizationParams is response_type=code', function() { const customConfig = Object.assign({}, defaultConfig, { clientSecret: '__test_client_secret__', authorizationParams: { @@ -38,15 +38,15 @@ describe('config', function() { }); const config = getConfig(customConfig); - it('should default to response_type=id_token', function() { + it('should set new response_type', function() { assert.equal(config.authorizationParams.response_type, 'code'); }); - it('should default to response_mode=form_post', function() { + it('should allow undefined response_mode', function() { assert.equal(config.authorizationParams.response_mode, undefined); }); - it('should default to scope=openid profile email ', function() { + it('should keep default to scope', function() { assert.equal(config.authorizationParams.scope, 'openid profile email'); }); });