refactor!: rotated registration management access tokens by default

BREAKING CHANGE: The client registration management update action now rotates registration access tokens by default. This can be reverted using the `features.registrationManagement.rotateRegistrationAccessToken` configuration option.
panva · Dec 1, 2022 · 2eb5c63 · 2eb5c63
1 parent 059557b
commit 2eb5c63
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 8 deletions.
diff --git a/docs/README.md b/docs/README.md
@@ -1530,7 +1530,7 @@ _**default value**_:
 ```js
 {
   enabled: false,
-  rotateRegistrationAccessToken: false
+  rotateRegistrationAccessToken: true
 }
 ```
 
@@ -1547,7 +1547,7 @@ Enables registration access token rotation. The provider will discard the curren
 
 _**default value**_:
 ```js
-false
+true
 ```
 <a id="rotate-registration-access-token-function-use"></a><details><summary>(Click to expand) function use
 </summary><br>

diff --git a/lib/helpers/defaults.js b/lib/helpers/defaults.js
@@ -1530,7 +1530,7 @@ function getDefaults() {
          * }
          * ```
          */
-        rotateRegistrationAccessToken: false,
+        rotateRegistrationAccessToken: true,
       },
 
       /*

diff --git a/test/client_id_uri/client_id_uri.config.js b/test/client_id_uri/client_id_uri.config.js
@@ -7,7 +7,6 @@ const config = cloneDeep(require('../default.config'));
 merge(config.features, {
   registration: {
     enabled: true,
-    rotateRegistrationAccessToken: false,
     idFactory() {
       return new URL(`https://repo.clients.com/path?id=${nanoid()}`).href;
     },

diff --git a/test/client_id_uri/client_id_uri.test.js b/test/client_id_uri/client_id_uri.test.js
@@ -28,7 +28,7 @@ describe('registration management with client_id as URI', () => {
       .auth(registration_access_token, { type: 'bearer' })
       .expect(200)
       .expect((response) => {
-        ({ registration_client_uri } = response.body);
+        ({ registration_access_token, registration_client_uri } = response.body);
 
         const parsed = new URL(registration_client_uri);
         expect(parsed.search).to.be.empty;
@@ -44,7 +44,7 @@ describe('registration management with client_id as URI', () => {
       })
       .expect(200)
       .expect((response) => {
-        ({ registration_client_uri } = response.body);
+        ({ registration_access_token, registration_client_uri } = response.body);
 
         const parsed = new URL(registration_client_uri);
         expect(parsed.search).to.be.empty;

diff --git a/test/registration_management/registration_management.config.js b/test/registration_management/registration_management.config.js
@@ -4,7 +4,7 @@ const merge = require('lodash/merge');
 const config = cloneDeep(require('../default.config'));
 
 merge(config.features, {
-  registrationManagement: { enabled: true },
+  registrationManagement: { enabled: true, rotateRegistrationAccessToken: false },
   registration: { enabled: true },
 });
 

diff --git a/test/registration_policies/registration_policies.config.js b/test/registration_policies/registration_policies.config.js
@@ -4,7 +4,7 @@ const merge = require('lodash/merge');
 const config = cloneDeep(require('../default.config'));
 
 merge(config.features, {
-  registrationManagement: { enabled: true },
+  registrationManagement: { enabled: true, rotateRegistrationAccessToken: false },
   registration: {
     enabled: true,
     initialAccessToken: true,