test(oidc-client): add test for PAR + non-pi.flow (iframe) server path

ryanbas21 · ryanbas21 · commit 5526f30ee2c4 · 2026-05-12T13:01:42.000-06:00
diff --git a/packages/oidc-client/src/lib/client.store.test.ts b/packages/oidc-client/src/lib/client.store.test.ts
@@ -549,3 +549,55 @@ describe('authorize.background() with PAR enabled', async () => {
     expect(response.state).toBeDefined();
   });
 });
+
+describe('authorize.url() with PAR enabled on non-pi.flow server', async () => {
+  beforeEach(() => {
+    customStorage.remove(storageKey);
+  });
+
+  it('returns slim PAR authorize URL for iframe-based server', async () => {
+    server.use(
+      http.get('*/wellknown', async () =>
+        HttpResponse.json({
+          issuer: 'https://api.example.com/as/issuer',
+          authorization_endpoint: 'https://api.example.com/as/authorize',
+          token_endpoint: 'https://api.example.com/as/token',
+          userinfo_endpoint: 'https://api.example.com/as/userinfo',
+          introspection_endpoint: 'https://api.example.com/as/introspect',
+          revocation_endpoint: 'https://api.example.com/as/revoke',
+          pushed_authorization_request_endpoint: 'https://api.example.com/as/par',
+          response_types_supported: ['code', 'token', 'id_token', 'code id_token'],
+          response_modes_supported: ['query', 'fragment', 'form_post'],
+        }),
+      ),
+    );
+
+    const configWithPar: OidcConfig = {
+      clientId: '123456789',
+      redirectUri: 'https://example.com/callback.html',
+      scope: 'openid profile',
+      serverConfig: { wellknown: 'https://api.example.com/wellknown' },
+      responseType: 'code',
+      par: true,
+    };
+
+    const oidcClient = await oidc({ config: configWithPar, storage: customStorageConfig });
+
+    if ('error' in oidcClient) {
+      throw new Error('Error creating OIDC Client');
+    }
+
+    const url = await oidcClient.authorize.url();
+
+    if (typeof url !== 'string') {
+      expect.fail(`Expected string URL, got: ${JSON.stringify(url)}`);
+    }
+
+    const parsed = new URL(url);
+    expect(parsed.searchParams.get('client_id')).toBe('123456789');
+    expect(parsed.searchParams.get('request_uri')).toBe(parRequestUri);
+    expect(parsed.searchParams.has('scope')).toBe(false);
+    expect(parsed.searchParams.has('code_challenge')).toBe(false);
+    expect(parsed.searchParams.has('redirect_uri')).toBe(false);
+  });
+});
