fix: ignore client metadata valued undefined when applying defualts

fixes #824

Author: panva

lib/helpers/client_schema.js

@@ -24,6 +24,7 @@ const instance = require('./weak_cache');
 const formatters = require('./formatters');
 const pick = require('./_/pick');
 const without = require('./_/without');
+const omitBy = require('./_/omit_by');
 
 const clientAuthEndpoints = ['token', 'introspection', 'revocation'];
 // TODO: in v7.x remove the `introspection` and `revocation` metadata, only token endpoint will be
@@ -32,6 +33,10 @@ const W3CEmailRegExp = /^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a
 const encAlgRequiringJwks = /^(RSA|ECDH)/;
 const requestSignAlgRequiringJwks = /^(?:PS(?:256|384|512)|RS(?:256|384|512)|ES(?:256K?|384|512)|EdDSA)$/;
 
+function isUndefined(value) {
+  return value === undefined;
+}
+
 function checkClientAuth(schema) {
   return !!clientAuthEndpoints.find((endpoint) => ['private_key_jwt', 'self_signed_tls_client_auth'].includes(schema[`${endpoint}_endpoint_auth_method`]));
 }
@@ -240,8 +245,14 @@ module.exports = function getSchema(provider) {
 
       Object.assign(
         this,
-        pick(DEFAULT, ...RECOGNIZED_METADATA),
-        pick(metadata, ...RECOGNIZED_METADATA, ...configuration.extraClientMetadata.properties),
+        omitBy(
+          pick(DEFAULT, ...RECOGNIZED_METADATA),
+          isUndefined,
+        ),
+        omitBy(
+          pick(metadata, ...RECOGNIZED_METADATA, ...configuration.extraClientMetadata.properties),
+          isUndefined,
+        ),
       );
 
       this.required();

test/configuration/client_metadata.test.js

@@ -474,6 +474,7 @@ describe('Client metadata validation', () => {
 
   context('post_logout_redirect_uris', function () {
     defaultsTo(this.title, [], undefined);
+    defaultsTo(this.title, [], { post_logout_redirect_uris: undefined });
     mustBeArray(this.title, undefined);
 
     rejects(this.title, [123], /must only contain strings$/, undefined);