@acorex/platform 20.2.0-next.1 → 20.2.0-next.2

package/auth/index.d.ts

@@ -1,5 +1,5 @@
 import * as i0 from '@angular/core';
-import { InjectionToken, TemplateRef, ViewContainerRef, ModuleWithProviders } from '@angular/core';
+import { InjectionToken, TemplateRef, ViewContainerRef, ModuleWithProviders, Injector } from '@angular/core';
 import { Observable } from 'rxjs';
 import { AXPLogoConfig, AXPExpressionEvaluatorScopeProvider, AXPExpressionEvaluatorScopeProviderContext } from '@acorex/platform/core';
 import { CanActivateFn } from '@angular/router';
@@ -146,6 +146,7 @@ interface AXPTokenResult {
     accessToken: string;
     expiresIn?: string | null;
     refreshToken?: string;
+    idToken?: string;
     tenant?: AXPTenant | null;
     application?: AXPApplication | null;
 }
@@ -161,15 +162,14 @@ interface AXPSignInResult {
         application?: AXPApplication | null;
     };
 }
-interface AXPRefreshTokenResult {
-    succeed: boolean;
-    data?: AXPTokenResult;
-}
-interface AXPAuthStrategy {
-    get name(): string;
-    signin(credentials: AXPBaseCredentials): Promise<AXPSignInResult>;
-    signout(): Promise<void>;
-    refreshToken(context: AXPSessionContext): Promise<AXPRefreshTokenResult>;
+declare abstract class AXPAuthStrategy {
+    abstract get name(): string;
+    abstract signin(credentials: AXPBaseCredentials): Promise<AXPSignInResult | void>;
+    abstract signout(): Promise<void>;
+    abstract refreshToken(context: AXPSessionContext): Promise<AXPSignInResult>;
+    abstract updateToken(params?: {
+        [key: string]: any;
+    }): Promise<AXPSignInResult | void>;
 }
 interface AXPSessionData {
     accessToken: string;
@@ -220,6 +220,8 @@ declare class AXPSessionService {
     private readonly applicationLoader;
     private status;
     readonly status$: Observable<AXPSessionStatus>;
+    private isLoading;
+    readonly isLoading$: Observable<boolean>;
     private currentUserSubject;
     readonly user$: Observable<AXPUser | null>;
     get user(): AXPUser | null;
@@ -238,25 +240,27 @@ declare class AXPSessionService {
     readonly features$: Observable<never[] | AXPFeature[]>;
     get features(): AXPFeature[];
     readonly isAuthenticated$: Observable<boolean>;
+    readonly isAuthenticatedWithLoading$: Observable<boolean>;
     readonly isAuthorized$: Observable<boolean>;
     restoreSession(): Promise<void>;
     signin(credentials: AXPBaseCredentials): Promise<void>;
+    updateToken(params?: {
+        [key: string]: any;
+    }): Promise<void>;
     signout(): Promise<void>;
     refreshToken(): Promise<any>;
-    setTenant(tenant: AXPTenant | null): Promise<void>;
-    setApplication(application: AXPApplication | null): Promise<void>;
     private loadPermissions;
     private loadFeatures;
     signInComplete(): Promise<void>;
-    private setSession;
-    private updateSession;
+    setSession(tokens: Partial<AXPSessionData>): void;
+    setStrategy(strategy: string): void;
     getSessionData(): AXPSessionData | null;
     private clearSession;
     authorize(...keys: string[]): boolean;
     isFeatureEnabled(...keys: string[]): boolean;
     getToken(): string | undefined;
     private checkTokenValidation;
-    private getContext;
+    getContext(): AXPSessionContext;
     static ɵfac: i0.ɵɵFactoryDeclaration<AXPSessionService, never>;
     static ɵprov: i0.ɵɵInjectableDeclaration<AXPSessionService>;
 }
@@ -284,6 +288,56 @@ declare class AXPAuthModule {
     static ɵinj: i0.ɵɵInjectorDeclaration<AXPAuthModule>;
 }
 
+declare class AXPAuthStrategyRegistryService {
+    private strategies;
+    private injector;
+    constructor(injector: Injector);
+    register(...plugins: (new () => AXPAuthStrategy)[]): void;
+    get(strategyKey: string): AXPAuthStrategy | undefined;
+    static ɵfac: i0.ɵɵFactoryDeclaration<AXPAuthStrategyRegistryService, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<AXPAuthStrategyRegistryService>;
+}
+
+/**
+ * Utility class for JWT token operations
+ */
+declare class JwtUtil {
+    /**
+     * Parses a JWT token and returns the payload
+     */
+    static parseJwt(token: string): any;
+}
+/**
+ * Utility class for PKCE (Proof Key for Code Exchange) operations
+ */
+declare class PkceUtil {
+    /**
+     * Generates a random string for PKCE code verifier
+     */
+    static generateRandomString(length: number): string;
+    /**
+     * Generates PKCE code challenge from verifier
+     */
+    static generateCodeChallenge(codeVerifier: string): Promise<string>;
+    /**
+     * Base64 URL encoding for PKCE
+     */
+    private static base64UrlEncode;
+}
+/**
+ * Utility class for time and date operations
+ */
+declare class TimeUtil {
+    /**
+     * Calculates the time difference in milliseconds between a future date and now
+     */
+    static expiresInMilliseconds(expiresInDate: string): number;
+    /**
+     * Calculates expiration date from seconds
+     */
+    static calculateExpireInDate(expireInSeconds: number): string;
+}
+
 declare class AXPUnauthorizedError extends Error {
     data?: {
         redirectUrl?: string;
@@ -301,5 +355,5 @@ declare class AXPUnauthenticatedError extends Error {
     } | undefined);
 }
 
-export { AXPAuthGuard, AXPAuthModule, AXPFeatureDirective, AXPFeatureGuard, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_LOADER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, initializeAppState };
-export type { AXPApplication, AXPApplicationLoader, AXPAuthModuleConfigs, AXPAuthStrategy, AXPBaseCredentials, AXPFeature, AXPFeatureLoader, AXPPermission, AXPPermissionDefinition, AXPPermissionDefinitionProvider, AXPPermissionGroupDefinition, AXPPermissionLoader, AXPRefreshTokenResult, AXPSessionData, AXPSignInResult, AXPTenant, AXPTenantLoader, AXPTokenResult, AXPUser };
+export { AXPAuthGuard, AXPAuthModule, AXPAuthStrategy, AXPAuthStrategyRegistryService, AXPFeatureDirective, AXPFeatureGuard, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_LOADER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, JwtUtil, PkceUtil, TimeUtil, initializeAppState };
+export type { AXPApplication, AXPApplicationLoader, AXPAuthModuleConfigs, AXPBaseCredentials, AXPFeature, AXPFeatureLoader, AXPPermission, AXPPermissionDefinition, AXPPermissionDefinitionProvider, AXPPermissionGroupDefinition, AXPPermissionLoader, AXPSessionData, AXPSignInResult, AXPTenant, AXPTenantLoader, AXPTokenResult, AXPUser };

package/fesm2022/acorex-platform-auth.mjs

@@ -1,8 +1,8 @@
 import * as i0 from '@angular/core';
 import { InjectionToken, Injector, Injectable, signal, inject, Input, Directive, provideAppInitializer, Optional, Inject, NgModule } from '@angular/core';
-import { of, map, BehaviorSubject, shareReplay, defaultIfEmpty, firstValueFrom, first } from 'rxjs';
-import { AXPBroadcastEventService, AXP_EXPRESSION_EVALUATOR_SCOPE_PROVIDER } from '@acorex/platform/core';
-import { merge, isEmpty } from 'lodash-es';
+import { of, map, BehaviorSubject, shareReplay, defaultIfEmpty, switchMap, filter, firstValueFrom, first } from 'rxjs';
+import { AXPBroadcastEventService } from '@acorex/platform/core';
+import { isEmpty } from 'lodash-es';
 
 const AXP_APPLICATION_LOADER = new InjectionToken('AXP_APPLICATION_LOADER', {
     providedIn: 'root',
@@ -21,6 +21,14 @@ class AXPApplicationDefaultLoader {
                 editionName: 'Standard',
                 features: [],
             },
+            {
+                id: '2',
+                name: 'default-app',
+                title: 'Default Application',
+                version: '1.0.0',
+                editionName: 'Standard',
+                features: [],
+            },
         ]);
     }
 }
@@ -216,6 +224,9 @@ class AXPSessionService {
         this.applicationLoader = inject(AXP_APPLICATION_LOADER);
         this.status = new BehaviorSubject(AXPSessionStatus.Unauthenticated);
         this.status$ = this.status.asObservable().pipe(shareReplay(1));
+        // Add loading state to prevent premature redirects
+        this.isLoading = new BehaviorSubject(true);
+        this.isLoading$ = this.isLoading.asObservable().pipe(shareReplay(1));
         this.currentUserSubject = new BehaviorSubject(null);
         this.user$ = this.currentUserSubject.asObservable().pipe(shareReplay(1));
         this.currentTenantSubject = new BehaviorSubject(null);
@@ -226,7 +237,17 @@ class AXPSessionService {
         this.permissions$ = this.permissionsSubject.asObservable().pipe(shareReplay(1), defaultIfEmpty([]));
         this.featuresSubject = new BehaviorSubject([]);
         this.features$ = this.featuresSubject.asObservable().pipe(shareReplay(1), defaultIfEmpty([]));
-        this.isAuthenticated$ = this.status$.pipe(map((status) => status === AXPSessionStatus.Authenticated || status === AXPSessionStatus.Authorized), shareReplay(1));
+        this.isAuthenticated$ = this.status$.pipe(map((status) => {
+            const isAuth = status === AXPSessionStatus.Authenticated || status === AXPSessionStatus.Authorized;
+            return isAuth;
+        }), shareReplay(1));
+        // Add a new observable that considers loading state
+        this.isAuthenticatedWithLoading$ = this.isLoading$.pipe(switchMap((loading) => {
+            if (loading) {
+                return this.isLoading$.pipe(filter((isLoading) => !isLoading), switchMap(() => this.isAuthenticated$));
+            }
+            return this.isAuthenticated$;
+        }), shareReplay(1));
         this.isAuthorized$ = this.status$.pipe(map((status) => status === AXPSessionStatus.Authorized), shareReplay(1));
     }
     static { this.SESSION_KEY = 'AXP_SESSION'; }
@@ -264,108 +285,184 @@ class AXPSessionService {
         return this.featuresSubject.value ?? [];
     }
     async restoreSession() {
-        const sessionData = this.getSessionData();
-        if (sessionData) {
-            if (sessionData.user) {
-                this.currentUserSubject.next(sessionData.user);
-                this.status.next(AXPSessionStatus.Authenticated);
+        this.isLoading.next(true);
+        try {
+            const sessionData = this.getSessionData();
+            if (sessionData) {
+                if (sessionData.user) {
+                    this.currentUserSubject.next(sessionData.user);
+                    this.status.next(AXPSessionStatus.Authenticated);
+                    await this.loadPermissions();
+                    await this.loadFeatures();
+                    await this.signInComplete();
+                }
+            }
+            else {
+                this.status.next(AXPSessionStatus.Unauthorized);
             }
-            // if (sessionData.tenant) {
-            //   this.setTenant(sessionData.tenant);
-            // }
-            // if (sessionData.application) {
-            //   this.setApplication(sessionData.application);
-            // }
-            await this.loadPermissions();
-            await this.loadFeatures();
-            await this.signInComplete();
-        }
-        else {
+        }
+        catch (error) {
             this.status.next(AXPSessionStatus.Unauthorized);
         }
+        finally {
+            this.isLoading.next(false);
+        }
     }
     async signin(credentials) {
-        // 
-        this.clearSession();
-        //
-        const strategy = this.authStrategyRegistry.get(credentials.strategy);
-        if (!strategy) {
-            throw new Error(`Authentication strategy '${credentials.strategy}' is not supported`);
-        }
-        const result = await strategy.signin(credentials);
-        if (result.succeed) {
-            this.currentUserSubject.next(result.data.user);
-            this.setSession({
-                accessToken: result.data.accessToken,
-                refreshToken: result.data.refreshToken,
-                strategy: credentials.strategy,
-                user: result.data.user,
-                application: result.data?.application,
-                tenant: result.data?.tenant,
-                expiresIn: result.data?.expiresIn,
-                idToken: result.data?.idToken ?? null,
-            });
-            this.status.next(AXPSessionStatus.Authenticated);
-            if (this.application && this.tenant)
-                await this.signInComplete();
+        this.isLoading.next(true);
+        try {
+            //
+            // this.clearSession();
+            //
+            const strategy = this.authStrategyRegistry.get(credentials.strategy);
+            if (!strategy) {
+                throw new Error(`Authentication strategy '${credentials.strategy}' is not supported`);
+            }
+            const result = await strategy.signin(credentials);
+            if (!result)
+                return;
+            if (result?.succeed) {
+                this.currentUserSubject.next(result.data.user);
+                this.setSession({
+                    accessToken: result.data.accessToken,
+                    refreshToken: result.data.refreshToken,
+                    strategy: credentials.strategy,
+                    user: result.data.user,
+                    application: result.data?.application,
+                    tenant: result.data?.tenant,
+                    expiresIn: result.data?.expiresIn,
+                    idToken: result.data?.idToken ?? null,
+                });
+                this.status.next(AXPSessionStatus.Authenticated);
+                // Load permissions and features
+                await this.loadPermissions();
+                await this.loadFeatures();
+                // If we have both tenant and application, complete the sign-in
+                if (this.application && this.tenant) {
+                    await this.signInComplete();
+                }
+            }
+            else {
+                this.status.next(AXPSessionStatus.Unauthenticated);
+                throw new Error(`Invalid Username or Password`);
+            }
         }
-        else {
+        catch (error) {
+            console.error('Signin error:', error);
             this.status.next(AXPSessionStatus.Unauthenticated);
-            throw new Error(`Invalid Username or Password`);
+            throw error;
+        }
+        finally {
+            this.isLoading.next(false);
+            console.log('Signin process completed');
+        }
+    }
+    async updateToken(params) {
+        this.isLoading.next(true);
+        try {
+            const strategyName = this.getSessionData()?.strategy;
+            if (!strategyName) {
+                throw new Error('Strategy not found');
+            }
+            const strategy = this.authStrategyRegistry.get(strategyName);
+            if (!strategy) {
+                throw new Error(`Authentication strategy '${this.getSessionData()?.strategy}' is not supported`);
+            }
+            const result = await strategy.updateToken(params);
+            if (result?.succeed) {
+                this.currentUserSubject.next(result.data.user);
+                this.setSession({
+                    accessToken: result.data.accessToken,
+                    refreshToken: result.data.refreshToken,
+                    strategy: strategyName,
+                    user: result.data.user,
+                    application: result.data?.application,
+                    tenant: result.data?.tenant,
+                    expiresIn: result.data?.expiresIn,
+                    idToken: result.data?.idToken ?? null,
+                });
+                this.status.next(AXPSessionStatus.Authenticated);
+                // If we have both tenant and application, complete the sign-in
+                if (this.application && this.tenant) {
+                    await this.signInComplete();
+                }
+            }
+            else {
+                this.status.next(AXPSessionStatus.Unauthenticated);
+                throw new Error(`Invalid Username or Password`);
+            }
+        }
+        catch (error) {
+            console.error('Update token error:', error);
+            throw error;
+        }
+        finally {
+            this.isLoading.next(false);
+            console.log('Update token process completed');
         }
     }
     async signout() {
-        const sessionData = this.getSessionData();
-        if (sessionData?.strategy) {
-            const strategy = this.authStrategyRegistry.get(sessionData?.strategy);
-            if (strategy) {
-                await strategy.signout();
+        console.log('Signing out...');
+        this.isLoading.next(true);
+        try {
+            const sessionData = this.getSessionData();
+            if (sessionData?.strategy) {
+                const strategy = this.authStrategyRegistry.get(sessionData?.strategy);
+                if (strategy) {
+                    try {
+                        await strategy.signout();
+                    }
+                    catch (error) { }
+                }
             }
+            //
+            const userId = this.user?.id;
+            this.clearSession();
+            this.eventService.publish(AXPSessionStatus.SignedOut, { id: userId });
+            this.isLoading.next(false);
+            this.status.next(AXPSessionStatus.SignedOut);
+        }
+        finally {
+            this.isLoading.next(false);
         }
-        //
-        const userId = this.user?.id;
-        this.clearSession();
-        this.status.next(AXPSessionStatus.SignedOut);
-        this.eventService.publish(AXPSessionStatus.SignedOut, { id: userId });
     }
     async refreshToken() {
+        console.log('Refreshing token...');
         return new Promise(async (resolve, reject) => {
             const sessionData = this.getSessionData();
             if (!sessionData || !sessionData?.refreshToken) {
+                console.log('No session data or refresh token found');
+                reject(new Error('No refresh token available'));
                 return;
             }
             const strategy = this.authStrategyRegistry.get(sessionData.strategy);
             if (!strategy) {
-                reject();
-                throw new Error(`Authentication strategy '${sessionData.strategy}' is not found`);
+                console.error('Authentication strategy not found:', sessionData.strategy);
+                reject(new Error(`Authentication strategy '${sessionData.strategy}' is not found`));
+                return;
             }
-            const result = await strategy.refreshToken(this.getContext());
-            if (result.succeed) {
-                this.setSession(result.data);
-                resolve(result.data?.accessToken);
+            try {
+                const result = await strategy.refreshToken(this.getContext());
+                if (result.succeed) {
+                    console.log('Token refresh successful');
+                    this.setSession(result.data);
+                    resolve(result.data?.accessToken);
+                }
+                else {
+                    console.error('Token refresh failed');
+                    this.clearSession();
+                    this.status.next(AXPSessionStatus.Expired);
+                    reject(new Error('Token refresh failed'));
+                }
             }
-            else {
+            catch (error) {
+                console.error('Error during token refresh:', error);
                 this.clearSession();
                 this.status.next(AXPSessionStatus.Expired);
+                reject(error);
             }
         });
     }
-    async setTenant(tenant) {
-        this.currentTenantSubject.next(tenant);
-        if (tenant) {
-            this.updateSession({ tenant: tenant });
-            await this.refreshToken();
-        }
-    }
-    async setApplication(application) {
-        this.currentApplicationSubject.next(application);
-        if (application) {
-            this.updateSession({ application: application });
-            await this.refreshToken();
-            await this.loadPermissions();
-            await this.loadFeatures();
-        }
-    }
     async loadPermissions() {
         try {
             const permissions = await firstValueFrom(this.permissionLoader.getList(this.getContext()));
@@ -387,37 +484,69 @@ class AXPSessionService {
         }
     }
     async signInComplete() {
+        // Ensure we have the required data
+        if (!this.user) {
+            this.status.next(AXPSessionStatus.Unauthenticated);
+            return;
+        }
+        // Set status to Authorized
         this.status.next(AXPSessionStatus.Authorized);
+        // Double-check the status was set correctly
+        setTimeout(() => {
+            console.log('Status after timeout:', this.status.value);
+        }, 100);
     }
     setSession(tokens) {
         const sessionData = {
             accessToken: tokens.accessToken,
             refreshToken: tokens.refreshToken,
             strategy: tokens.strategy,
-            user: this.user,
+            user: tokens.user,
             application: tokens.application,
             tenant: tokens.tenant,
             expiresIn: tokens.expiresIn,
             idToken: tokens.idToken,
         };
-        this.updateSession(sessionData);
+        // Update subjects
+        if (tokens.user) {
+            this.currentUserSubject.next(tokens.user);
+        }
+        if (tokens.tenant) {
+            this.currentTenantSubject.next(tokens.tenant);
+        }
+        if (tokens.application) {
+            this.currentApplicationSubject.next(tokens.application);
+        }
+        localStorage.setItem(AXPSessionService.SESSION_KEY, JSON.stringify(sessionData));
     }
-    updateSession(update) {
-        const currentSession = this.getSessionData() ?? {};
-        const updatedSession = merge({}, currentSession, update);
-        localStorage.setItem(AXPSessionService.SESSION_KEY, JSON.stringify(updatedSession));
+    setStrategy(strategy) {
+        const sessionData = this.getSessionData();
+        const newSessionData = { ...sessionData, strategy };
+        localStorage.setItem(AXPSessionService.SESSION_KEY, JSON.stringify(newSessionData));
     }
     getSessionData() {
-        const sessionDataString = localStorage.getItem(AXPSessionService.SESSION_KEY);
-        return sessionDataString ? JSON.parse(sessionDataString) : null;
+        try {
+            const sessionDataString = localStorage.getItem(AXPSessionService.SESSION_KEY);
+            if (sessionDataString) {
+                const sessionData = JSON.parse(sessionDataString);
+                return sessionData;
+            }
+            else {
+                return null;
+            }
+        }
+        catch (error) {
+            localStorage.removeItem(AXPSessionService.SESSION_KEY);
+            return null;
+        }
     }
     clearSession() {
         //
         this.currentUserSubject.next(null);
         //
-        this.setTenant(null);
+        this.currentTenantSubject.next(null);
         //
-        this.setApplication(null);
+        this.currentApplicationSubject.next(null);
         //
         this.permissionsSubject.next([]);
         //
@@ -693,7 +822,7 @@ class AXPPermissionEvaluatorScopeProvider {
 
 const AXPAuthGuard = (route, state) => {
     const sessionService = inject(AXPSessionService);
-    return sessionService.isAuthenticated$.pipe(first(), map((value) => {
+    return sessionService.isAuthenticatedWithLoading$.pipe(first(), map((value) => {
         if (value) {
             return true;
         }
@@ -758,14 +887,9 @@ class AXPAuthModule {
     static { this.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "14.0.0", version: "20.1.3", ngImport: i0, type: AXPAuthModule, declarations: [AXPPermissionDirective, AXPFeatureDirective], exports: [AXPPermissionDirective, AXPFeatureDirective] }); }
     static { this.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "20.1.3", ngImport: i0, type: AXPAuthModule, providers: [
             provideAppInitializer(() => {
-                const initializerFn = (initializeAppState)(inject(AXPSessionService));
+                const initializerFn = initializeAppState(inject(AXPSessionService));
                 return initializerFn();
             }),
-            {
-                provide: AXP_EXPRESSION_EVALUATOR_SCOPE_PROVIDER,
-                useClass: AXPPermissionEvaluatorScopeProvider,
-                multi: true,
-            },
         ] }); }
 }
 i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.1.3", ngImport: i0, type: AXPAuthModule, decorators: [{
@@ -776,14 +900,9 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.1.3", ngImpor
                     declarations: [AXPPermissionDirective, AXPFeatureDirective],
                     providers: [
                         provideAppInitializer(() => {
-                            const initializerFn = (initializeAppState)(inject(AXPSessionService));
+                            const initializerFn = initializeAppState(inject(AXPSessionService));
                             return initializerFn();
                         }),
-                        {
-                            provide: AXP_EXPRESSION_EVALUATOR_SCOPE_PROVIDER,
-                            useClass: AXPPermissionEvaluatorScopeProvider,
-                            multi: true,
-                        },
                     ],
                 }]
         }], ctorParameters: () => [{ type: undefined, decorators: [{
@@ -793,9 +912,89 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.1.3", ngImpor
                     args: ['AXPAuthModuleFactory']
                 }] }] });
 
+class AXPAuthStrategy {
+}
+
+//#region ----   JWT Utility   ----
+/**
+ * Utility class for JWT token operations
+ */
+class JwtUtil {
+    /**
+     * Parses a JWT token and returns the payload
+     */
+    static parseJwt(token) {
+        try {
+            const base64Url = token.split('.')[1];
+            const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
+            const jsonPayload = decodeURIComponent(atob(base64)
+                .split('')
+                .map(c => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2))
+                .join(''));
+            return JSON.parse(jsonPayload);
+        }
+        catch (error) {
+            throw new Error('Invalid JWT token');
+        }
+    }
+}
+//#endregion
+//#region ----   PKCE Utility   ----
+/**
+ * Utility class for PKCE (Proof Key for Code Exchange) operations
+ */
+class PkceUtil {
+    /**
+     * Generates a random string for PKCE code verifier
+     */
+    static generateRandomString(length) {
+        const array = new Uint8Array(length);
+        crypto.getRandomValues(array);
+        return this.base64UrlEncode(array);
+    }
+    /**
+     * Generates PKCE code challenge from verifier
+     */
+    static async generateCodeChallenge(codeVerifier) {
+        const encoder = new TextEncoder();
+        const data = encoder.encode(codeVerifier);
+        const digest = await crypto.subtle.digest('SHA-256', data);
+        return this.base64UrlEncode(new Uint8Array(digest));
+    }
+    /**
+     * Base64 URL encoding for PKCE
+     */
+    static base64UrlEncode(array) {
+        return btoa(String.fromCharCode(...array))
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_')
+            .replace(/=/g, '');
+    }
+}
+//#endregion
+//#region ----   Time Utility   ----
+/**
+ * Utility class for time and date operations
+ */
+class TimeUtil {
+    /**
+     * Calculates the time difference in milliseconds between a future date and now
+     */
+    static expiresInMilliseconds(expiresInDate) {
+        return new Date(expiresInDate).getTime() - new Date().getTime();
+    }
+    /**
+     * Calculates expiration date from seconds
+     */
+    static calculateExpireInDate(expireInSeconds) {
+        return new Date(Date.now() + expireInSeconds * 1000).toISOString();
+    }
+}
+//#endregion
+
 /**
  * Generated bundle index. Do not edit.
  */
 
-export { AXPAuthGuard, AXPAuthModule, AXPFeatureDirective, AXPFeatureGuard, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_LOADER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, initializeAppState };
+export { AXPAuthGuard, AXPAuthModule, AXPAuthStrategy, AXPAuthStrategyRegistryService, AXPFeatureDirective, AXPFeatureGuard, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_LOADER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, JwtUtil, PkceUtil, TimeUtil, initializeAppState };
 //# sourceMappingURL=acorex-platform-auth.mjs.map