From cdde5e0444eec6ba40a08b503b78585eacbe57c0 Mon Sep 17 00:00:00 2001
From: pamapa <pamapa@users.noreply.github.com>
Date: Thu, 13 Apr 2023 12:18:20 +0200
Subject: [PATCH 1/2] doc: add some more spec links

---
 docs/oidc-client-ts.api.md |  1 -
 src/MetadataService.ts     |  1 +
 src/SigninRequest.ts       | 15 ++++++++++-----
 src/SigninResponse.ts      |  2 ++
 src/SignoutRequest.ts      |  6 +++++-
 src/SignoutResponse.ts     |  1 +
 src/TokenClient.ts         | 15 +++++++++++++++
 7 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/docs/oidc-client-ts.api.md b/docs/oidc-client-ts.api.md
index b74c4c86a..6bdeffd77 100644
--- a/docs/oidc-client-ts.api.md
+++ b/docs/oidc-client-ts.api.md
@@ -765,7 +765,6 @@ export interface SignoutRequestArgs {
     post_logout_redirect_uri?: string;
     // (undocumented)
     request_type?: string;
-    // (undocumented)
     state_data?: unknown;
     // (undocumented)
     url: string;
diff --git a/src/MetadataService.ts b/src/MetadataService.ts
index 2dbe49074..cc512b56d 100644
--- a/src/MetadataService.ts
+++ b/src/MetadataService.ts
@@ -8,6 +8,7 @@ import type { OidcMetadata } from "./OidcMetadata";
 
 /**
  * @public
+ * @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
  */
 export class MetadataService {
     private readonly _logger = new Logger("MetadataService");
diff --git a/src/SigninRequest.ts b/src/SigninRequest.ts
index c5e2b8462..c5066cb87 100644
--- a/src/SigninRequest.ts
+++ b/src/SigninRequest.ts
@@ -6,6 +6,7 @@ import { SigninState } from "./SigninState";
 
 /**
  * @public
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
  */
 export interface SigninRequestArgs {
     // mandatory
@@ -17,23 +18,27 @@ export interface SigninRequestArgs {
     scope: string;
 
     // optional
-    prompt?: string;
+    response_mode?: "query" | "fragment";
+    nonce?: string;
     display?: string;
+    prompt?: string;
     max_age?: number;
     ui_locales?: string;
     id_token_hint?: string;
     login_hint?: string;
     acr_values?: string;
+
+    // other
     resource?: string | string[];
-    response_mode?: "query" | "fragment" ;
     request?: string;
     request_uri?: string;
-    extraQueryParams?: Record<string, string | number | boolean>;
     request_type?: string;
-    client_secret?: string;
+    extraQueryParams?: Record<string, string | number | boolean>;
+
+    // special
     extraTokenParams?: Record<string, unknown>;
+    client_secret?: string;
     skipUserInfo?: boolean;
-    nonce?: string;
     disablePKCE?: boolean;
     /** custom "state", which can be used by a caller to have "data" round tripped */
     state_data?: unknown;
diff --git a/src/SigninResponse.ts b/src/SigninResponse.ts
index d89967fc7..10ae67ccc 100644
--- a/src/SigninResponse.ts
+++ b/src/SigninResponse.ts
@@ -8,6 +8,8 @@ const OidcScope = "openid";
 
 /**
  * @public
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#AuthResponse
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#AuthError
  */
 export class SigninResponse {
     // props present in the initial callback response regardless of success
diff --git a/src/SignoutRequest.ts b/src/SignoutRequest.ts
index 31a19983e..4cb718300 100644
--- a/src/SignoutRequest.ts
+++ b/src/SignoutRequest.ts
@@ -6,17 +6,21 @@ import { State } from "./State";
 
 /**
  * @public
+ * @see https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout
  */
 export interface SignoutRequestArgs {
     // mandatory
     url: string;
 
     // optional
-    state_data?: unknown;
     id_token_hint?: string;
     post_logout_redirect_uri?: string;
     extraQueryParams?: Record<string, string | number | boolean>;
+
+    // special
     request_type?: string;
+    /** custom "state", which can be used by a caller to have "data" round tripped */
+    state_data?: unknown;
 }
 
 /**
diff --git a/src/SignoutResponse.ts b/src/SignoutResponse.ts
index e686f9ad3..d355734b2 100644
--- a/src/SignoutResponse.ts
+++ b/src/SignoutResponse.ts
@@ -3,6 +3,7 @@
 
 /**
  * @public
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#AuthError
  */
 export class SignoutResponse {
     public readonly state: string | null;
diff --git a/src/TokenClient.ts b/src/TokenClient.ts
index 2e159df6d..b5033f31e 100644
--- a/src/TokenClient.ts
+++ b/src/TokenClient.ts
@@ -69,6 +69,11 @@ export class TokenClient {
         this._jsonService = new JsonService(this._settings.revokeTokenAdditionalContentTypes);
     }
 
+    /**
+     * Exchange code.
+     *
+     * @see https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3
+     */
     public async exchangeCode({
         grant_type = "authorization_code",
         redirect_uri = this._settings.redirect_uri,
@@ -119,6 +124,11 @@ export class TokenClient {
         return response;
     }
 
+    /**
+     * Exchange credentials.
+     *
+     * @see https://www.rfc-editor.org/rfc/rfc6749#section-4.3.2
+     */
     public async exchangeCredentials({
         grant_type = "password",
         client_id = this._settings.client_id,
@@ -165,6 +175,11 @@ export class TokenClient {
         return response;
     }
 
+    /**
+     * Exchange a refresh token.
+     *
+     * @see https://www.rfc-editor.org/rfc/rfc6749#section-6
+     */
     public async exchangeRefreshToken({
         grant_type = "refresh_token",
         client_id = this._settings.client_id,

From d57dbf3875e7670832b7822aad1538226e5f9409 Mon Sep 17 00:00:00 2001
From: pamapa <pamapa@users.noreply.github.com>
Date: Thu, 13 Apr 2023 13:08:12 +0200
Subject: [PATCH 2/2] refactor: simplify CreateSigninRequestArgs interface

---
 docs/oidc-client-ts.api.md | 36 +-----------------------------------
 src/OidcClient.ts          | 28 +++++++---------------------
 2 files changed, 8 insertions(+), 56 deletions(-)

diff --git a/docs/oidc-client-ts.api.md b/docs/oidc-client-ts.api.md
index 6bdeffd77..e3ce5bfbf 100644
--- a/docs/oidc-client-ts.api.md
+++ b/docs/oidc-client-ts.api.md
@@ -46,48 +46,14 @@ export class CheckSessionIFrame {
 }
 
 // @public (undocumented)
-export interface CreateSigninRequestArgs {
-    // (undocumented)
-    acr_values?: string;
-    // (undocumented)
-    client_secret?: string;
-    // (undocumented)
-    display?: string;
-    // (undocumented)
-    extraQueryParams?: Record<string, string | number | boolean>;
-    // (undocumented)
-    extraTokenParams?: Record<string, unknown>;
-    // (undocumented)
-    id_token_hint?: string;
-    // (undocumented)
-    login_hint?: string;
-    // (undocumented)
-    max_age?: number;
-    // (undocumented)
-    nonce?: string;
-    // (undocumented)
-    prompt?: string;
+export interface CreateSigninRequestArgs extends Omit<SigninRequestArgs, "url" | "authority" | "client_id" | "redirect_uri" | "response_type" | "scope" | "state_data"> {
     // (undocumented)
     redirect_uri?: string;
     // (undocumented)
-    request?: string;
-    // (undocumented)
-    request_type?: string;
-    // (undocumented)
-    request_uri?: string;
-    // (undocumented)
-    resource?: string | string[];
-    // (undocumented)
-    response_mode?: "query" | "fragment";
-    // (undocumented)
     response_type?: string;
     // (undocumented)
     scope?: string;
-    // (undocumented)
-    skipUserInfo?: boolean;
     state?: unknown;
-    // (undocumented)
-    ui_locales?: string;
 }
 
 // @public (undocumented)
diff --git a/src/OidcClient.ts b/src/OidcClient.ts
index a3b8eb1ef..80c308e00 100644
--- a/src/OidcClient.ts
+++ b/src/OidcClient.ts
@@ -7,7 +7,7 @@ import { OidcClientSettings, OidcClientSettingsStore } from "./OidcClientSetting
 import { ResponseValidator } from "./ResponseValidator";
 import { MetadataService } from "./MetadataService";
 import type { RefreshState } from "./RefreshState";
-import { SigninRequest } from "./SigninRequest";
+import { SigninRequest, SigninRequestArgs } from "./SigninRequest";
 import { SigninResponse } from "./SigninResponse";
 import { SignoutRequest, SignoutRequestArgs } from "./SignoutRequest";
 import { SignoutResponse } from "./SignoutResponse";
@@ -19,31 +19,14 @@ import { ClaimsService } from "./ClaimsService";
 /**
  * @public
  */
-export interface CreateSigninRequestArgs {
+export interface CreateSigninRequestArgs
+    extends Omit<SigninRequestArgs, "url" | "authority" | "client_id" | "redirect_uri" | "response_type" | "scope" | "state_data"> {
     redirect_uri?: string;
     response_type?: string;
     scope?: string;
-    nonce?: string;
 
     /** custom "state", which can be used by a caller to have "data" round tripped */
     state?: unknown;
-
-    prompt?: string;
-    display?: string;
-    max_age?: number;
-    ui_locales?: string;
-    id_token_hint?: string;
-    login_hint?: string;
-    acr_values?: string;
-    resource?: string | string[];
-    response_mode?: "query" | "fragment";
-    request?: string;
-    request_uri?: string;
-    extraQueryParams?: Record<string, string | number | boolean>;
-    request_type?: string;
-    client_secret?: string;
-    extraTokenParams?: Record<string, unknown>;
-    skipUserInfo?: boolean;
 }
 
 /**
@@ -57,7 +40,10 @@ export interface UseRefreshTokenArgs {
 /**
  * @public
  */
-export type CreateSignoutRequestArgs = Omit<SignoutRequestArgs, "url" | "state_data"> & { state?: unknown };
+export type CreateSignoutRequestArgs = Omit<SignoutRequestArgs, "url" | "state_data"> & {
+    /** custom "state", which can be used by a caller to have "data" round tripped */
+    state?: unknown;
+};
 
 /**
  * @public