refactor(oidc-client): move useParFlow derivation out of authorizeµ parameter default

Author: ryanbas21

packages/oidc-client/src/lib/authorize.request.ts

@@ -139,8 +139,10 @@ export function createParAuthorizeUrlµ(
  * @param log - The CustomLogger used for debug and error trace.
  * @param store - The RTK client store providing the `oidcApi` endpoints.
  * @param options - Optional request-level overrides for the authorize call.
- * @param useParFlow - Computed default that selects PAR when either the
- *   server requires it or the caller opted in. Exposed for testability.
+ * @param useParFlow - Boolean resolved by the caller (e.g. `client.store`)
+ *   indicating whether to use the PAR flow. The caller owns the derivation
+ *   logic (`config.par ?? require_pushed_authorization_requests === true`);
+ *   this function simply routes on the resolved value.
  * @returns A `Micro` that resolves to an `AuthorizationSuccess` containing
  *   the `code` and `state`, or fails with a typed `AuthorizationError`.
  */
@@ -149,8 +151,8 @@ export function authorizeµ(
   config: OidcConfig,
   log: CustomLogger,
   store: ClientStore,
-  options?: GetAuthorizationUrlOptions,
-  useParFlow = config.par ?? wellknown?.require_pushed_authorization_requests === true,
+  options: GetAuthorizationUrlOptions | undefined,
+  useParFlow: boolean,
 ): Micro.Micro<AuthorizationSuccess, AuthorizationError, never> {
   const parDispatchOptions: GetAuthorizationUrlOptions = {
     clientId: config.clientId,

packages/oidc-client/src/lib/authorize.request.utils.test.ts

@@ -419,28 +419,34 @@ it.effect('authorizeµ uses standard flow when useParFlow=false', () =>
   }),
 );
 
-it.effect('authorizeµ defaults to PAR when wellknown requires it and useParFlow not passed', () =>
-  Micro.gen(function* () {
-    const requestUri = 'urn:ietf:params:oauth:request_uri:required-par-test';
-    const authorizeResponse = { code: 'req-par-code', state: 'req-par-state' };
-    const wkRequiresPar: WellknownResponse = {
-      ...wellknownWithPar,
-      require_pushed_authorization_requests: true,
-    };
+it.effect(
+  'authorizeµ uses PAR flow when caller passes useParFlow=true (e.g. server requires PAR)',
+  () =>
+    Micro.gen(function* () {
+      const requestUri = 'urn:ietf:params:oauth:request_uri:required-par-test';
+      const authorizeResponse = { code: 'req-par-code', state: 'req-par-state' };
 
-    vi.stubGlobal('sessionStorage', sessionStorageStub);
-    vi.mocked(mockStore.dispatch)
-      .mockResolvedValueOnce({
-        data: { request_uri: requestUri, expires_in: 60 },
-      } as unknown as ReturnType<typeof mockStore.dispatch>)
-      .mockResolvedValueOnce({
-        data: authorizeResponse,
-      } as unknown as ReturnType<typeof mockStore.dispatch>);
+      vi.stubGlobal('sessionStorage', sessionStorageStub);
+      vi.mocked(mockStore.dispatch)
+        .mockResolvedValueOnce({
+          data: { request_uri: requestUri, expires_in: 60 },
+        } as unknown as ReturnType<typeof mockStore.dispatch>)
+        .mockResolvedValueOnce({
+          data: authorizeResponse,
+        } as unknown as ReturnType<typeof mockStore.dispatch>);
 
-    const result = yield* authorizeµ(wkRequiresPar, config, mockLog, mockStore);
-    expect(result).toStrictEqual(authorizeResponse);
-    expect(mockStore.dispatch).toHaveBeenCalledTimes(2);
-  }),
+      // useParFlow=true is what client.store derives when require_pushed_authorization_requests===true
+      const result = yield* authorizeµ(
+        wellknownWithPar,
+        config,
+        mockLog,
+        mockStore,
+        undefined,
+        true,
+      );
+      expect(result).toStrictEqual(authorizeResponse);
+      expect(mockStore.dispatch).toHaveBeenCalledTimes(2);
+    }),
 );
 
 it.effect(