@adatechnology/auth-keycloak 0.0.2 → 0.0.6

package/README.md

@@ -72,6 +72,52 @@ Notas
 - Este módulo depende de `@adatechnology/http-client` (provider `HTTP_PROVIDER`) para realizar chamadas HTTP ao Keycloak. Configure o `HttpModule` conforme necessário na aplicação que consome este pacote.
 - O interceptor `KeycloakHttpInterceptor` é fornecido caso queira integrar com outras camadas que aceitem interceptors.
 
+## Autorização (decorator @Roles)
+
+O pacote agora fornece um decorator `@Roles()` e um `RolesGuard` para uso nas rotas do NestJS. Exemplos:
+
+```ts
+import { Controller, Get, UseGuards } from "@nestjs/common";
+import { Roles } from "@adatechnology/auth-keycloak";
+import { RolesGuard } from "@adatechnology/auth-keycloak";
+
+@Controller("secure")
+@UseGuards(RolesGuard)
+export class SecureController {
+  @Get("admin")
+  @Roles("admin") // aceita um ou mais roles (OR por padrão)
+  adminOnly() {
+    return { ok: true };
+  }
+
+  @Get("team")
+  @Roles({ roles: ["manager", "lead"], mode: "all" }) // requer ambos (AND)
+  teamOnly() {
+    return { ok: true };
+  }
+}
+```
+
+O `RolesGuard` extrai roles do payload do JWT (claims `realm_access.roles` e `resource_access[clientId].roles`). Por padrão o decorator verifica ambos (realm e client). Você pode ajustar o comportamento usando as opções `{ type: 'realm'|'client'|'both' }`.
+
+## Erros
+
+O pacote exporta `KeycloakError` (classe) que é usada para representar falhas nas chamadas HTTP ao Keycloak. A classe contém `statusCode` e `details` para permitir um tratamento declarativo dos erros na aplicação que consome a biblioteca. Exemplo:
+
+```ts
+import { KeycloakError } from "@adatechnology/auth-keycloak";
+
+try {
+  await keycloakClient.getUserInfo(token);
+} catch (e) {
+  if (e instanceof KeycloakError) {
+    // tratar problema específico de Keycloak
+    console.error(e.statusCode, e.details);
+  }
+  throw e;
+}
+```
+
 Contribuições
 
 Relate issues/PRs no repositório principal. Mantenha compatibilidade com o padrão usado pelo `HttpModule`.

package/dist/index.d.ts

@@ -1,5 +1,7 @@
-import { DynamicModule } from '@nestjs/common';
+import * as _nestjs_common from '@nestjs/common';
+import { DynamicModule, CanActivate, ExecutionContext } from '@nestjs/common';
 import { AxiosRequestConfig, AxiosInstance } from 'axios';
+import { Reflector } from '@nestjs/core';
 
 /**
  * Keycloak token response
@@ -10,7 +12,7 @@ interface KeycloakTokenResponse {
     refresh_expires_in: number;
     refresh_token: string;
     token_type: string;
-    'not-before-policy': number;
+    "not-before-policy": number;
     session_state: string;
     scope: string;
 }
@@ -22,7 +24,7 @@ interface KeycloakCredentials {
     clientSecret: string;
     username?: string;
     password?: string;
-    grantType: 'client_credentials' | 'password';
+    grantType: "client_credentials" | "password";
 }
 /**
  * Keycloak configuration
@@ -31,6 +33,16 @@ interface KeycloakConfig {
     baseUrl: string;
     realm: string;
     credentials: KeycloakCredentials;
+    /**
+     * Optional scopes to request when fetching tokens. Can be a space-separated string or array of scopes.
+     * Defaults to ['openid', 'profile', 'email'] when omitted.
+     */
+    scopes?: string | string[];
+    /**
+     * Optional token cache TTL in milliseconds. If provided, KeycloakClient will use this value to
+     * determine how long to cache the access token instead of deriving TTL from the token's expires_in.
+     */
+    tokenCacheTtl?: number;
 }
 /**
  * Keycloak client interface
@@ -51,7 +63,7 @@ interface KeycloakClientInterface {
     /**
      * Get user info
      */
-    getUserInfo(token: string): Promise<any>;
+    getUserInfo(token: string): Promise<Record<string, unknown>>;
 }
 
 declare class KeycloakModule {
@@ -62,4 +74,41 @@ declare const KEYCLOAK_CONFIG = "KEYCLOAK_CONFIG";
 declare const KEYCLOAK_CLIENT = "KEYCLOAK_CLIENT";
 declare const KEYCLOAK_HTTP_INTERCEPTOR = "KEYCLOAK_HTTP_INTERCEPTOR";
 
-export { KEYCLOAK_CLIENT, KEYCLOAK_CONFIG, KEYCLOAK_HTTP_INTERCEPTOR, type KeycloakClientInterface, type KeycloakConfig, KeycloakModule, type KeycloakTokenResponse };
+type RolesMode = "any" | "all";
+type RolesType = "realm" | "client" | "both";
+type RolesOptions = {
+    roles: string[];
+    mode?: RolesMode;
+    type?: RolesType;
+};
+/**
+ * Decorator to declare required roles for a route or controller.
+ * Accepts either a list of strings or a single options object.
+ * Examples:
+ *  @Roles('admin')
+ *  @Roles('admin','editor')
+ *  @Roles(['admin','editor'])
+ *  @Roles({ roles: ['a','b'], mode: 'all', type: 'client' })
+ */
+declare function Roles(...args: Array<string | string[] | RolesOptions>): _nestjs_common.CustomDecorator<string>;
+
+declare class RolesGuard implements CanActivate {
+    private readonly reflector;
+    private readonly config?;
+    constructor(reflector: Reflector, config?: KeycloakConfig);
+    canActivate(context: ExecutionContext): boolean | Promise<boolean>;
+    private decodeJwtPayload;
+}
+
+declare class KeycloakError extends Error {
+    readonly statusCode?: number;
+    readonly details?: unknown;
+    readonly keycloakError?: string;
+    constructor(message: string, opts?: {
+        statusCode?: number;
+        details?: unknown;
+        keycloakError?: string;
+    });
+}
+
+export { KEYCLOAK_CLIENT, KEYCLOAK_CONFIG, KEYCLOAK_HTTP_INTERCEPTOR, type KeycloakClientInterface, type KeycloakConfig, KeycloakError, KeycloakModule, type KeycloakTokenResponse, Roles, RolesGuard };

package/dist/index.js

@@ -1,7 +1,12 @@
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -14,6 +19,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var __decorateClass = (decorators, target, key, kind) => {
   var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
@@ -25,41 +38,345 @@ var __decorateClass = (decorators, target, key, kind) => {
 };
 var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
 
+// ../shared/dist/types.js
+var require_types = __commonJS({
+  "../shared/dist/types.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+  }
+});
+
+// ../shared/dist/utils.js
+var require_utils = __commonJS({
+  "../shared/dist/utils.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.noop = noop;
+    exports2.prefixWith = prefixWith;
+    function noop() {
+      return void 0;
+    }
+    function prefixWith(prefix, value) {
+      return `${prefix}-${value}`;
+    }
+  }
+});
+
+// ../shared/dist/errors/base-app-error.js
+var require_base_app_error = __commonJS({
+  "../shared/dist/errors/base-app-error.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.BaseAppError = void 0;
+    var BaseAppError2 = class extends Error {
+      code;
+      status;
+      context;
+      constructor(params) {
+        var _a;
+        super(params.message);
+        this.name = new.target.name;
+        this.status = params.status;
+        this.code = params.code;
+        this.context = params.context;
+        const capturable = Error;
+        (_a = capturable.captureStackTrace) == null ? void 0 : _a.call(capturable, this, this.constructor);
+      }
+    };
+    exports2.BaseAppError = BaseAppError2;
+  }
+});
+
+// ../shared/dist/errors/errors.constants.js
+var require_errors_constants = __commonJS({
+  "../shared/dist/errors/errors.constants.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.SHARED_INTERNAL_FRAME_RE = exports2.SHARED_ERROR_MESSAGES = exports2.SHARED_ERRORS = void 0;
+    exports2.SHARED_ERRORS = {
+      DEFAULT_STATUS: 502,
+      INTERNAL_STATUS: 500
+    };
+    exports2.SHARED_ERROR_MESSAGES = {
+      UPSTREAM_ERROR: "Upstream error",
+      NO_RESPONSE: "No response from upstream service",
+      UNEXPECTED_ERROR: "Unexpected error",
+      MAPPING_FAILURE: "Error mapping failure"
+    };
+    exports2.SHARED_INTERNAL_FRAME_RE = /node_modules|internal|\(internal|axios|packages\/http|@adatechnology\/http-client/;
+  }
+});
+
+// ../shared/dist/errors/error-mapper.service.js
+var require_error_mapper_service = __commonJS({
+  "../shared/dist/errors/error-mapper.service.js"(exports2) {
+    "use strict";
+    var __decorate = exports2 && exports2.__decorate || function(decorators, target, key, desc) {
+      var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+      if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+      else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+      return c > 3 && r && Object.defineProperty(target, key, r), r;
+    };
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.ErrorMapperService = void 0;
+    var common_1 = require("@nestjs/common");
+    var base_app_error_1 = require_base_app_error();
+    var errors_constants_1 = require_errors_constants();
+    var ErrorMapperService = class ErrorMapperService {
+      /**
+       * Map an upstream/internal error to a BaseAppError with normalized fields.
+       * Keeps a small context to help tracing origin without leaking secrets.
+       */
+      mapUpstreamError(err) {
+        if (err instanceof base_app_error_1.BaseAppError)
+          return err;
+        try {
+          const obj = err ?? void 0;
+          const context = {};
+          if (obj && typeof obj.stack === "string") {
+            const frames = this.parseStack(obj.stack);
+            if (frames.length) {
+              context.stack = frames;
+              const origin = frames.find((f) => !this.isInternalFrame(f.file));
+              if (origin)
+                context.origin = origin;
+            }
+          }
+          if (obj && typeof obj.config === "object" && obj.config !== null) {
+            const cfg = obj.config;
+            context.url = typeof cfg.url === "string" ? cfg.url : typeof cfg.baseURL === "string" ? cfg.baseURL : void 0;
+            context.method = typeof cfg.method === "string" ? cfg.method : void 0;
+          }
+          if (obj && typeof obj.response === "object" && obj.response !== null) {
+            const resp = obj.response;
+            const status = typeof resp.status === "number" ? resp.status : errors_constants_1.SHARED_ERRORS.DEFAULT_STATUS;
+            const data = resp.data;
+            const message = data && typeof data.message === "string" ? data.message : typeof obj.message === "string" ? obj.message : errors_constants_1.SHARED_ERROR_MESSAGES.UPSTREAM_ERROR;
+            const code = typeof obj.code === "string" ? obj.code : void 0;
+            return new base_app_error_1.BaseAppError({
+              message,
+              status,
+              code,
+              context
+            });
+          }
+          if (obj && typeof obj.request === "object") {
+            const code = typeof obj.code === "string" ? obj.code : void 0;
+            return new base_app_error_1.BaseAppError({
+              message: errors_constants_1.SHARED_ERROR_MESSAGES.NO_RESPONSE,
+              status: errors_constants_1.SHARED_ERRORS.DEFAULT_STATUS,
+              code,
+              context
+            });
+          }
+          return new base_app_error_1.BaseAppError({
+            message: obj && typeof obj.message === "string" ? obj.message : errors_constants_1.SHARED_ERROR_MESSAGES.UNEXPECTED_ERROR,
+            status: errors_constants_1.SHARED_ERRORS.INTERNAL_STATUS,
+            code: typeof (obj == null ? void 0 : obj.code) === "string" ? obj.code : void 0,
+            context
+          });
+        } catch (e) {
+          return new base_app_error_1.BaseAppError({
+            message: errors_constants_1.SHARED_ERROR_MESSAGES.MAPPING_FAILURE,
+            status: errors_constants_1.SHARED_ERRORS.INTERNAL_STATUS,
+            context: { original: String(err) }
+          });
+        }
+      }
+      parseStack(stack) {
+        const lines = stack.split("\n").map((l) => l.trim()).filter(Boolean);
+        const frames = [];
+        const re = /^at\s+(?:(.*?)\s+\()?(.*?):(\d+):(\d+)\)?$/;
+        for (const line of lines) {
+          const m = re.exec(line);
+          if (m) {
+            const fn = m[1] || void 0;
+            const file = m[2];
+            const lineNum = parseInt(m[3], 10);
+            const colNum = parseInt(m[4], 10);
+            frames.push({ fn, file, line: lineNum, column: colNum });
+          }
+        }
+        return frames;
+      }
+      isInternalFrame(file) {
+        if (!file)
+          return false;
+        return errors_constants_1.SHARED_INTERNAL_FRAME_RE.test(file);
+      }
+    };
+    exports2.ErrorMapperService = ErrorMapperService;
+    exports2.ErrorMapperService = ErrorMapperService = __decorate([
+      (0, common_1.Injectable)()
+    ], ErrorMapperService);
+  }
+});
+
+// ../shared/dist/errors/index.js
+var require_errors = __commonJS({
+  "../shared/dist/errors/index.js"(exports2) {
+    "use strict";
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      var desc = Object.getOwnPropertyDescriptor(m, k);
+      if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+        desc = { enumerable: true, get: function() {
+          return m[k];
+        } };
+      }
+      Object.defineProperty(o, k2, desc);
+    }) : (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      o[k2] = m[k];
+    }));
+    var __exportStar = exports2 && exports2.__exportStar || function(m, exports3) {
+      for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports3, p)) __createBinding(exports3, m, p);
+    };
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    __exportStar(require_base_app_error(), exports2);
+    __exportStar(require_error_mapper_service(), exports2);
+  }
+});
+
+// ../shared/dist/index.js
+var require_dist = __commonJS({
+  "../shared/dist/index.js"(exports2) {
+    "use strict";
+    var __createBinding = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      var desc = Object.getOwnPropertyDescriptor(m, k);
+      if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+        desc = { enumerable: true, get: function() {
+          return m[k];
+        } };
+      }
+      Object.defineProperty(o, k2, desc);
+    }) : (function(o, m, k, k2) {
+      if (k2 === void 0) k2 = k;
+      o[k2] = m[k];
+    }));
+    var __exportStar = exports2 && exports2.__exportStar || function(m, exports3) {
+      for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports3, p)) __createBinding(exports3, m, p);
+    };
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    __exportStar(require_types(), exports2);
+    __exportStar(require_utils(), exports2);
+    __exportStar(require_errors(), exports2);
+  }
+});
+
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
   KEYCLOAK_CLIENT: () => KEYCLOAK_CLIENT,
   KEYCLOAK_CONFIG: () => KEYCLOAK_CONFIG,
   KEYCLOAK_HTTP_INTERCEPTOR: () => KEYCLOAK_HTTP_INTERCEPTOR,
-  KeycloakModule: () => KeycloakModule
+  KeycloakError: () => KeycloakError,
+  KeycloakModule: () => KeycloakModule,
+  Roles: () => Roles,
+  RolesGuard: () => RolesGuard
 });
 module.exports = __toCommonJS(index_exports);
 
 // src/keycloak.module.ts
-var import_common3 = require("@nestjs/common");
+var import_common5 = require("@nestjs/common");
+var import_core2 = require("@nestjs/core");
 var import_http_client2 = require("@adatechnology/http-client");
+var import_logger2 = require("@adatechnology/logger");
 
 // src/keycloak.client.ts
 var import_common = require("@nestjs/common");
 var import_http_client = require("@adatechnology/http-client");
+var import_logger = require("@adatechnology/logger");
+
+// src/errors/keycloak-error.ts
+var KeycloakError = class _KeycloakError extends Error {
+  statusCode;
+  details;
+  keycloakError;
+  constructor(message, opts) {
+    super(message);
+    this.name = "KeycloakError";
+    this.statusCode = opts == null ? void 0 : opts.statusCode;
+    this.details = opts == null ? void 0 : opts.details;
+    this.keycloakError = opts == null ? void 0 : opts.keycloakError;
+    Object.setPrototypeOf(this, _KeycloakError.prototype);
+  }
+};
+
+// src/keycloak.client.ts
+var LIB_NAME = "@adatechnology/auth-keycloak";
+var LIB_VERSION = "0.0.2";
+function extractErrorInfo(err) {
+  var _a, _b, _c, _d, _e;
+  const statusCode = (err == null ? void 0 : err.status) ?? ((_a = err == null ? void 0 : err.response) == null ? void 0 : _a.status);
+  const details = ((_b = err == null ? void 0 : err.response) == null ? void 0 : _b.data) ?? ((_c = err == null ? void 0 : err.context) == null ? void 0 : _c.data) ?? (err == null ? void 0 : err.context) ?? (err == null ? void 0 : err.details);
+  const errorCode = (err == null ? void 0 : err.code) ?? ((_e = (_d = err == null ? void 0 : err.response) == null ? void 0 : _d.data) == null ? void 0 : _e.error);
+  let keycloakError = void 0;
+  if (details && typeof details === "object" && details !== null) {
+    const raw = details.error;
+    if (typeof raw === "string") {
+      keycloakError = raw;
+    } else if (raw) {
+      try {
+        keycloakError = JSON.stringify(raw);
+      } catch {
+        keycloakError = String(raw);
+      }
+    }
+  }
+  return {
+    statusCode,
+    details: details ?? (err == null ? void 0 : err.message),
+    keycloakError: keycloakError ?? (errorCode ? `NETWORK_ERROR_${String(errorCode)}` : void 0)
+  };
+}
 var KeycloakClient = class {
-  constructor(config, httpProvider) {
+  constructor(config, httpProvider, logger) {
     this.config = config;
     this.httpProvider = httpProvider;
+    this.logger = logger;
   }
   tokenCache = null;
   tokenPromise = null;
+  log(level, message, libMethod, meta) {
+    if (!this.logger) return;
+    const httpCtx = (0, import_http_client.getHttpRequestContext)();
+    const requestId = httpCtx == null ? void 0 : httpCtx.requestId;
+    const source = (httpCtx == null ? void 0 : httpCtx.className) && (httpCtx == null ? void 0 : httpCtx.methodName) ? `${httpCtx.className}.${httpCtx.methodName}` : void 0;
+    const payload = {
+      message,
+      context: "KeycloakClient",
+      lib: LIB_NAME,
+      libVersion: LIB_VERSION,
+      libMethod,
+      source,
+      requestId,
+      meta
+    };
+    if (level === "debug") this.logger.debug(payload);
+    else if (level === "info") this.logger.info(payload);
+    else if (level === "warn") this.logger.warn(payload);
+    else if (level === "error") this.logger.error(payload);
+  }
   async getAccessToken() {
+    const method = "getAccessToken";
+    this.log("debug", `${method} - Start`, method);
     const now = Date.now();
     if (this.tokenCache && now < this.tokenCache.expiresAt) {
+      this.log("debug", `${method} - Returning cached token`, method);
       return this.tokenCache.token;
     }
-    if (this.tokenPromise) return this.tokenPromise;
+    if (this.tokenPromise) {
+      this.log("debug", `${method} - Waiting for existing token request`, method);
+      return this.tokenPromise;
+    }
     this.tokenPromise = (async () => {
       try {
         const tokenResponse = await this.requestToken();
-        const expiresAt = Date.now() + (tokenResponse.expires_in - 60) * 1e3;
+        const expiresAt = this.config.tokenCacheTtl ? Date.now() + this.config.tokenCacheTtl : Date.now() + (tokenResponse.expires_in - 60) * 1e3;
         this.tokenCache = { token: tokenResponse.access_token, expiresAt };
+        this.log("debug", `${method} - Token obtained and cached`, method);
         return tokenResponse.access_token;
       } finally {
         this.tokenPromise = null;
@@ -67,22 +384,45 @@ var KeycloakClient = class {
     })();
     return this.tokenPromise;
   }
-  async getTokenWithCredentials(username, password) {
+  async getTokenWithCredentials(params) {
+    const method = "getTokenWithCredentials";
+    const { username } = params;
+    this.log("info", `${method} - Start for user: ${username}`, method);
+    const { password } = params;
     const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
-    const data = new URLSearchParams();
-    data.append("client_id", this.config.credentials.clientId);
-    data.append("grant_type", "password");
-    data.append("username", username);
-    data.append("password", password);
+    const body = new URLSearchParams();
+    body.append("client_id", this.config.credentials.clientId);
+    body.append("grant_type", "password");
+    body.append("username", username);
+    body.append("password", password);
     if (this.config.credentials.clientSecret) {
-      data.append("client_secret", this.config.credentials.clientSecret);
+      body.append("client_secret", this.config.credentials.clientSecret);
+    }
+    body.append("scope", KeycloakClient.scopesToString(this.config.scopes));
+    try {
+      const response = await this.httpProvider.post({
+        url: tokenUrl,
+        data: body,
+        config: {
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          logContext: { className: "KeycloakClient", methodName: method }
+        }
+      });
+      this.log("info", `${method} - Success for user: ${username}`, method);
+      return response.data;
+    } catch (err) {
+      const { statusCode, details, keycloakError } = extractErrorInfo(err);
+      this.log("error", `${method} - Failed for user: ${username}`, method, { statusCode, keycloakError });
+      throw new KeycloakError("Failed to obtain token with credentials", {
+        statusCode,
+        details,
+        keycloakError
+      });
     }
-    const response = await this.httpProvider.post(tokenUrl, data, {
-      headers: { "Content-Type": "application/x-www-form-urlencoded" }
-    });
-    return response.data;
   }
   async requestToken() {
+    const method = "requestToken";
+    this.log("debug", `${method} - Start`, method);
     const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
     const data = new URLSearchParams();
     data.append("client_id", this.config.credentials.clientId);
@@ -94,18 +434,33 @@ var KeycloakClient = class {
       if (this.config.credentials.username && this.config.credentials.password) {
         data.append("username", this.config.credentials.username);
         data.append("password", this.config.credentials.password);
+        data.append("scope", KeycloakClient.scopesToString(this.config.scopes));
       }
     }
-    const response = await this.httpProvider.post(
-      tokenUrl,
-      data,
-      {
-        headers: { "Content-Type": "application/x-www-form-urlencoded" }
-      }
-    );
-    return response.data;
+    try {
+      const response = await this.httpProvider.post({
+        url: tokenUrl,
+        data,
+        config: {
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          logContext: { className: "KeycloakClient", methodName: method }
+        }
+      });
+      this.log("debug", `${method} - Success`, method);
+      return response.data;
+    } catch (err) {
+      const { statusCode, details, keycloakError } = extractErrorInfo(err);
+      this.log("error", `${method} - Failed`, method, { statusCode, keycloakError });
+      throw new KeycloakError("Failed to request token", {
+        statusCode,
+        details,
+        keycloakError
+      });
+    }
   }
   async refreshToken(refreshToken) {
+    const method = "refreshToken";
+    this.log("debug", `${method} - Start`, method);
     const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
     const data = new URLSearchParams();
     data.append("client_id", this.config.credentials.clientId);
@@ -114,18 +469,33 @@ var KeycloakClient = class {
     if (this.config.credentials.clientSecret) {
       data.append("client_secret", this.config.credentials.clientSecret);
     }
-    const response = await this.httpProvider.post(
-      tokenUrl,
-      data,
-      {
-        headers: { "Content-Type": "application/x-www-form-urlencoded" }
-      }
-    );
-    const expiresAt = Date.now() + (response.data.expires_in - 60) * 1e3;
-    this.tokenCache = { token: response.data.access_token, expiresAt };
-    return response.data;
+    try {
+      const response = await this.httpProvider.post({
+        url: tokenUrl,
+        data,
+        config: {
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          logContext: { className: "KeycloakClient", methodName: method }
+        }
+      });
+      const expiresAt = this.config.tokenCacheTtl ? Date.now() + this.config.tokenCacheTtl : Date.now() + (response.data.expires_in - 60) * 1e3;
+      this.tokenCache = { token: response.data.access_token, expiresAt };
+      this.log("debug", `${method} - Success`, method);
+      return response.data;
+    } catch (err) {
+      const { statusCode, details, keycloakError } = extractErrorInfo(err);
+      this.log("error", `${method} - Failed`, method, { statusCode, keycloakError });
+      throw new KeycloakError("Failed to refresh token", {
+        statusCode,
+        details,
+        keycloakError
+      });
+    }
   }
   async validateToken(token) {
+    var _a;
+    const method = "validateToken";
+    this.log("debug", `${method} - Start`, method);
     try {
       const introspectUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token/introspect`;
       const data = new URLSearchParams();
@@ -134,20 +504,50 @@ var KeycloakClient = class {
       if (this.config.credentials.clientSecret) {
         data.append("client_secret", this.config.credentials.clientSecret);
       }
-      const response = await this.httpProvider.post(introspectUrl, data, {
-        headers: { "Content-Type": "application/x-www-form-urlencoded" }
+      const response = await this.httpProvider.post({
+        url: introspectUrl,
+        data,
+        config: {
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          logContext: { className: "KeycloakClient", methodName: method }
+        }
       });
-      return response.data.active === true;
+      const active = ((_a = response.data) == null ? void 0 : _a.active) === true;
+      this.log("debug", `${method} - Success (Active: ${active})`, method);
+      return active;
     } catch (error) {
-      return false;
+      const { statusCode, details, keycloakError } = extractErrorInfo(error);
+      this.log("error", `${method} - Failed`, method, { statusCode, keycloakError });
+      throw new KeycloakError("Token introspection failed", {
+        statusCode,
+        details,
+        keycloakError
+      });
     }
   }
   async getUserInfo(token) {
+    const method = "getUserInfo";
+    this.log("debug", `${method} - Start`, method);
     const userInfoUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/userinfo`;
-    const response = await this.httpProvider.get(userInfoUrl, {
-      headers: { Authorization: `Bearer ${token}` }
-    });
-    return response.data;
+    try {
+      const response = await this.httpProvider.get({
+        url: userInfoUrl,
+        config: {
+          headers: { Authorization: `Bearer ${token}` },
+          logContext: { className: "KeycloakClient", methodName: method }
+        }
+      });
+      this.log("debug", `${method} - Success`, method);
+      return response.data;
+    } catch (err) {
+      const { statusCode, details, keycloakError } = extractErrorInfo(err);
+      this.log("error", `${method} - Failed`, method, { statusCode, keycloakError });
+      throw new KeycloakError("Failed to retrieve userinfo", {
+        statusCode,
+        details,
+        keycloakError
+      });
+    }
   }
   clearTokenCache() {
     this.tokenCache = null;
@@ -156,68 +556,188 @@ var KeycloakClient = class {
     if (!token || typeof token !== "string") return "";
     return token.length <= visibleChars ? token : `${token.slice(0, visibleChars)}...`;
   }
+  static scopesToString(scopes) {
+    if (!scopes) return "openid profile email";
+    return Array.isArray(scopes) ? scopes.join(" ") : String(scopes);
+  }
 };
 KeycloakClient = __decorateClass([
   (0, import_common.Injectable)(),
-  __decorateParam(1, (0, import_common.Inject)(import_http_client.HTTP_PROVIDER))
+  __decorateParam(1, (0, import_common.Inject)(import_http_client.HTTP_PROVIDER)),
+  __decorateParam(2, (0, import_common.Optional)()),
+  __decorateParam(2, (0, import_common.Inject)(import_logger.LOGGER_PROVIDER))
 ], KeycloakClient);
 
 // src/keycloak.http.interceptor.ts
 var import_common2 = require("@nestjs/common");
-
-// src/keycloak.token.ts
-var KEYCLOAK_CONFIG = "KEYCLOAK_CONFIG";
-var KEYCLOAK_CLIENT = "KEYCLOAK_CLIENT";
-var KEYCLOAK_HTTP_INTERCEPTOR = "KEYCLOAK_HTTP_INTERCEPTOR";
-
-// src/keycloak.http.interceptor.ts
 var KeycloakHttpInterceptor = class {
-  constructor(keycloakClient) {
-    this.keycloakClient = keycloakClient;
+  constructor() {
   }
   intercept(context, next) {
     const request = context.switchToHttp().getRequest();
-    if (request.url && !request.url.includes("keycloak")) {
+    if (typeof request.url === "string" && !request.url.includes("keycloak")) {
     }
     return next.handle();
   }
 };
 KeycloakHttpInterceptor = __decorateClass([
-  (0, import_common2.Injectable)(),
-  __decorateParam(0, (0, import_common2.Inject)(KEYCLOAK_CLIENT))
+  (0, import_common2.Injectable)()
 ], KeycloakHttpInterceptor);
 
+// src/roles.guard.ts
+var import_common4 = require("@nestjs/common");
+var import_core = require("@nestjs/core");
+
+// src/roles.decorator.ts
+var import_common3 = require("@nestjs/common");
+var ROLES_META_KEY = "roles";
+function Roles(...args) {
+  let payload;
+  if (args.length === 1 && typeof args[0] === "object" && !Array.isArray(args[0])) {
+    payload = args[0];
+  } else {
+    const roles = [].concat(
+      ...args.map((a) => Array.isArray(a) ? a : String(a))
+    );
+    payload = { roles };
+  }
+  payload.mode = payload.mode ?? "any";
+  payload.type = payload.type ?? "both";
+  return (0, import_common3.SetMetadata)(ROLES_META_KEY, payload);
+}
+
+// src/keycloak.token.ts
+var KEYCLOAK_CONFIG = "KEYCLOAK_CONFIG";
+var KEYCLOAK_CLIENT = "KEYCLOAK_CLIENT";
+var KEYCLOAK_HTTP_INTERCEPTOR = "KEYCLOAK_HTTP_INTERCEPTOR";
+
+// src/roles.guard.ts
+var import_shared = __toESM(require_dist());
+var RolesGuard = class {
+  constructor(reflector, config) {
+    this.reflector = reflector;
+    this.config = config;
+  }
+  canActivate(context) {
+    var _a, _b, _c, _d, _e, _f, _g, _h;
+    const meta = this.reflector.get(ROLES_META_KEY, context.getHandler()) || this.reflector.get(ROLES_META_KEY, context.getClass());
+    if (!meta || !meta.roles || meta.roles.length === 0) return true;
+    const req = context.switchToHttp().getRequest();
+    const authHeader = ((_a = req.headers) == null ? void 0 : _a.authorization) || ((_b = req.headers) == null ? void 0 : _b.Authorization);
+    const token = authHeader ? String(authHeader).split(" ")[1] : (_c = req.query) == null ? void 0 : _c.token;
+    if (!token)
+      throw new import_shared.BaseAppError({
+        message: "Authorization token not provided",
+        status: 403,
+        code: "FORBIDDEN_MISSING_TOKEN",
+        context: {}
+      });
+    const payload = this.decodeJwtPayload(token);
+    const availableRoles = /* @__PURE__ */ new Set();
+    if (((_d = payload == null ? void 0 : payload.realm_access) == null ? void 0 : _d.roles) && Array.isArray(payload.realm_access.roles)) {
+      payload.realm_access.roles.forEach((r) => availableRoles.add(r));
+    }
+    const clientId = (_f = (_e = this.config) == null ? void 0 : _e.credentials) == null ? void 0 : _f.clientId;
+    if (clientId && ((_h = (_g = payload == null ? void 0 : payload.resource_access) == null ? void 0 : _g[clientId]) == null ? void 0 : _h.roles)) {
+      payload.resource_access[clientId].roles.forEach(
+        (r) => availableRoles.add(r)
+      );
+    }
+    if (meta.type === "both" && (payload == null ? void 0 : payload.resource_access)) {
+      Object.values(payload.resource_access).forEach((entry) => {
+        if ((entry == null ? void 0 : entry.roles) && Array.isArray(entry.roles)) {
+          entry.roles.forEach(
+            (r) => availableRoles.add(r)
+          );
+        }
+      });
+    }
+    const required = meta.roles || [];
+    const hasMatch = required.map((r) => availableRoles.has(r));
+    const result = meta.mode === "all" ? hasMatch.every(Boolean) : hasMatch.some(Boolean);
+    if (!result)
+      throw new import_shared.BaseAppError({
+        message: "Insufficient roles",
+        status: 403,
+        code: "FORBIDDEN_INSUFFICIENT_ROLES",
+        context: { required }
+      });
+    return true;
+  }
+  decodeJwtPayload(token) {
+    try {
+      const parts = token.split(".");
+      if (parts.length < 2) return {};
+      const payload = parts[1];
+      const BufferCtor = globalThis.Buffer;
+      if (!BufferCtor) return {};
+      const decoded = BufferCtor.from(payload, "base64").toString("utf8");
+      return JSON.parse(decoded);
+    } catch (e) {
+      return {};
+    }
+  }
+};
+RolesGuard = __decorateClass([
+  (0, import_common4.Injectable)(),
+  __decorateParam(0, (0, import_common4.Inject)(import_core.Reflector)),
+  __decorateParam(1, (0, import_common4.Optional)()),
+  __decorateParam(1, (0, import_common4.Inject)(KEYCLOAK_CONFIG))
+], RolesGuard);
+
 // src/keycloak.module.ts
 var KeycloakModule = class {
   static forRoot(config, httpConfig) {
     return {
       module: KeycloakModule,
       global: true,
-      imports: [import_http_client2.HttpModule.forRoot(httpConfig)],
+      imports: [
+        import_http_client2.HttpModule.forRoot(
+          httpConfig || { baseURL: config.baseUrl, timeout: 5e3 },
+          {
+            logging: {
+              enabled: true,
+              includeBody: true,
+              context: "KeycloakHttpClient",
+              environments: ["development", "test"]
+            }
+          }
+        )
+      ],
       providers: [
+        { provide: import_core2.Reflector, useClass: import_core2.Reflector },
         { provide: KEYCLOAK_CONFIG, useValue: config },
         {
           provide: KEYCLOAK_CLIENT,
-          useFactory: (cfg, httpProvider) => new KeycloakClient(cfg, httpProvider),
-          inject: [KEYCLOAK_CONFIG, import_http_client2.HTTP_PROVIDER]
+          useFactory: (cfg, httpProvider, logger) => new KeycloakClient(cfg, httpProvider, logger),
+          inject: [KEYCLOAK_CONFIG, import_http_client2.HTTP_PROVIDER, { token: import_logger2.LOGGER_PROVIDER, optional: true }]
         },
         {
           provide: KEYCLOAK_HTTP_INTERCEPTOR,
-          useFactory: (client) => new KeycloakHttpInterceptor(client),
-          inject: [KEYCLOAK_CLIENT]
-        }
+          useFactory: () => new KeycloakHttpInterceptor()
+        },
+        RolesGuard
       ],
-      exports: [KEYCLOAK_CLIENT, KEYCLOAK_HTTP_INTERCEPTOR]
+      exports: [
+        import_core2.Reflector,
+        KEYCLOAK_CLIENT,
+        KEYCLOAK_HTTP_INTERCEPTOR,
+        KEYCLOAK_CONFIG,
+        RolesGuard
+      ]
     };
   }
 };
 KeycloakModule = __decorateClass([
-  (0, import_common3.Module)({})
+  (0, import_common5.Module)({})
 ], KeycloakModule);
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   KEYCLOAK_CLIENT,
   KEYCLOAK_CONFIG,
   KEYCLOAK_HTTP_INTERCEPTOR,
-  KeycloakModule
+  KeycloakError,
+  KeycloakModule,
+  Roles,
+  RolesGuard
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adatechnology/auth-keycloak",
-  "version": "0.0.2",
+  "version": "0.0.6",
   "publishConfig": {
     "access": "public"
   },
@@ -11,7 +11,8 @@
     "dist"
   ],
   "dependencies": {
-    "@adatechnology/http-client": "^0.0.2"
+    "@adatechnology/http-client": "0.0.6",
+    "@adatechnology/logger": "0.0.5"
   },
   "peerDependencies": {
     "@nestjs/common": "^11.0.16",
@@ -20,10 +21,11 @@
   "devDependencies": {
     "@esbuild-plugins/tsconfig-paths": "^0.1.2",
     "tsup": "^8.5.1",
-    "typescript": "^5.2.0"
+    "typescript": "^5.2.0",
+    "@adatechnology/shared": "0.0.2"
   },
   "scripts": {
-    "build": "tsup",
+    "build": "rm -rf dist && tsup",
     "build:watch": "tsup --watch",
     "check": "tsc -p tsconfig.json --noEmit",
     "test": "echo \"no tests\""

package/dist/index.d.mts

@@ -1,65 +0,0 @@
-import { DynamicModule } from '@nestjs/common';
-import { AxiosRequestConfig, AxiosInstance } from 'axios';
-
-/**
- * Keycloak token response
- */
-interface KeycloakTokenResponse {
-    access_token: string;
-    expires_in: number;
-    refresh_expires_in: number;
-    refresh_token: string;
-    token_type: string;
-    'not-before-policy': number;
-    session_state: string;
-    scope: string;
-}
-/**
- * Keycloak client credentials
- */
-interface KeycloakCredentials {
-    clientId: string;
-    clientSecret: string;
-    username?: string;
-    password?: string;
-    grantType: 'client_credentials' | 'password';
-}
-/**
- * Keycloak configuration
- */
-interface KeycloakConfig {
-    baseUrl: string;
-    realm: string;
-    credentials: KeycloakCredentials;
-}
-/**
- * Keycloak client interface
- */
-interface KeycloakClientInterface {
-    /**
-     * Get access token
-     */
-    getAccessToken(): Promise<string>;
-    /**
-     * Refresh access token
-     */
-    refreshToken(refreshToken: string): Promise<KeycloakTokenResponse>;
-    /**
-     * Validate token
-     */
-    validateToken(token: string): Promise<boolean>;
-    /**
-     * Get user info
-     */
-    getUserInfo(token: string): Promise<any>;
-}
-
-declare class KeycloakModule {
-    static forRoot(config: KeycloakConfig, httpConfig?: AxiosRequestConfig | AxiosInstance): DynamicModule;
-}
-
-declare const KEYCLOAK_CONFIG = "KEYCLOAK_CONFIG";
-declare const KEYCLOAK_CLIENT = "KEYCLOAK_CLIENT";
-declare const KEYCLOAK_HTTP_INTERCEPTOR = "KEYCLOAK_HTTP_INTERCEPTOR";
-
-export { KEYCLOAK_CLIENT, KEYCLOAK_CONFIG, KEYCLOAK_HTTP_INTERCEPTOR, type KeycloakClientInterface, type KeycloakConfig, KeycloakModule, type KeycloakTokenResponse };

package/dist/index.mjs

@@ -1,200 +0,0 @@
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __decorateClass = (decorators, target, key, kind) => {
-  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
-  for (var i = decorators.length - 1, decorator; i >= 0; i--)
-    if (decorator = decorators[i])
-      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
-  if (kind && result) __defProp(target, key, result);
-  return result;
-};
-var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
-
-// src/keycloak.module.ts
-import { Module } from "@nestjs/common";
-import { HTTP_PROVIDER as HTTP_PROVIDER2, HttpModule } from "@adatechnology/http-client";
-
-// src/keycloak.client.ts
-import { Inject, Injectable } from "@nestjs/common";
-import { HTTP_PROVIDER } from "@adatechnology/http-client";
-var KeycloakClient = class {
-  constructor(config, httpProvider) {
-    this.config = config;
-    this.httpProvider = httpProvider;
-  }
-  tokenCache = null;
-  tokenPromise = null;
-  async getAccessToken() {
-    const now = Date.now();
-    if (this.tokenCache && now < this.tokenCache.expiresAt) {
-      return this.tokenCache.token;
-    }
-    if (this.tokenPromise) return this.tokenPromise;
-    this.tokenPromise = (async () => {
-      try {
-        const tokenResponse = await this.requestToken();
-        const expiresAt = Date.now() + (tokenResponse.expires_in - 60) * 1e3;
-        this.tokenCache = { token: tokenResponse.access_token, expiresAt };
-        return tokenResponse.access_token;
-      } finally {
-        this.tokenPromise = null;
-      }
-    })();
-    return this.tokenPromise;
-  }
-  async getTokenWithCredentials(username, password) {
-    const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
-    const data = new URLSearchParams();
-    data.append("client_id", this.config.credentials.clientId);
-    data.append("grant_type", "password");
-    data.append("username", username);
-    data.append("password", password);
-    if (this.config.credentials.clientSecret) {
-      data.append("client_secret", this.config.credentials.clientSecret);
-    }
-    const response = await this.httpProvider.post(tokenUrl, data, {
-      headers: { "Content-Type": "application/x-www-form-urlencoded" }
-    });
-    return response.data;
-  }
-  async requestToken() {
-    const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
-    const data = new URLSearchParams();
-    data.append("client_id", this.config.credentials.clientId);
-    data.append("grant_type", this.config.credentials.grantType);
-    if (this.config.credentials.clientSecret) {
-      data.append("client_secret", this.config.credentials.clientSecret);
-    }
-    if (this.config.credentials.grantType === "password") {
-      if (this.config.credentials.username && this.config.credentials.password) {
-        data.append("username", this.config.credentials.username);
-        data.append("password", this.config.credentials.password);
-      }
-    }
-    const response = await this.httpProvider.post(
-      tokenUrl,
-      data,
-      {
-        headers: { "Content-Type": "application/x-www-form-urlencoded" }
-      }
-    );
-    return response.data;
-  }
-  async refreshToken(refreshToken) {
-    const tokenUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token`;
-    const data = new URLSearchParams();
-    data.append("client_id", this.config.credentials.clientId);
-    data.append("grant_type", "refresh_token");
-    data.append("refresh_token", refreshToken);
-    if (this.config.credentials.clientSecret) {
-      data.append("client_secret", this.config.credentials.clientSecret);
-    }
-    const response = await this.httpProvider.post(
-      tokenUrl,
-      data,
-      {
-        headers: { "Content-Type": "application/x-www-form-urlencoded" }
-      }
-    );
-    const expiresAt = Date.now() + (response.data.expires_in - 60) * 1e3;
-    this.tokenCache = { token: response.data.access_token, expiresAt };
-    return response.data;
-  }
-  async validateToken(token) {
-    try {
-      const introspectUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/token/introspect`;
-      const data = new URLSearchParams();
-      data.append("token", token);
-      data.append("client_id", this.config.credentials.clientId);
-      if (this.config.credentials.clientSecret) {
-        data.append("client_secret", this.config.credentials.clientSecret);
-      }
-      const response = await this.httpProvider.post(introspectUrl, data, {
-        headers: { "Content-Type": "application/x-www-form-urlencoded" }
-      });
-      return response.data.active === true;
-    } catch (error) {
-      return false;
-    }
-  }
-  async getUserInfo(token) {
-    const userInfoUrl = `${this.config.baseUrl}/realms/${this.config.realm}/protocol/openid-connect/userinfo`;
-    const response = await this.httpProvider.get(userInfoUrl, {
-      headers: { Authorization: `Bearer ${token}` }
-    });
-    return response.data;
-  }
-  clearTokenCache() {
-    this.tokenCache = null;
-  }
-  static maskToken(token, visibleChars = 8) {
-    if (!token || typeof token !== "string") return "";
-    return token.length <= visibleChars ? token : `${token.slice(0, visibleChars)}...`;
-  }
-};
-KeycloakClient = __decorateClass([
-  Injectable(),
-  __decorateParam(1, Inject(HTTP_PROVIDER))
-], KeycloakClient);
-
-// src/keycloak.http.interceptor.ts
-import {
-  Inject as Inject2,
-  Injectable as Injectable2
-} from "@nestjs/common";
-
-// src/keycloak.token.ts
-var KEYCLOAK_CONFIG = "KEYCLOAK_CONFIG";
-var KEYCLOAK_CLIENT = "KEYCLOAK_CLIENT";
-var KEYCLOAK_HTTP_INTERCEPTOR = "KEYCLOAK_HTTP_INTERCEPTOR";
-
-// src/keycloak.http.interceptor.ts
-var KeycloakHttpInterceptor = class {
-  constructor(keycloakClient) {
-    this.keycloakClient = keycloakClient;
-  }
-  intercept(context, next) {
-    const request = context.switchToHttp().getRequest();
-    if (request.url && !request.url.includes("keycloak")) {
-    }
-    return next.handle();
-  }
-};
-KeycloakHttpInterceptor = __decorateClass([
-  Injectable2(),
-  __decorateParam(0, Inject2(KEYCLOAK_CLIENT))
-], KeycloakHttpInterceptor);
-
-// src/keycloak.module.ts
-var KeycloakModule = class {
-  static forRoot(config, httpConfig) {
-    return {
-      module: KeycloakModule,
-      global: true,
-      imports: [HttpModule.forRoot(httpConfig)],
-      providers: [
-        { provide: KEYCLOAK_CONFIG, useValue: config },
-        {
-          provide: KEYCLOAK_CLIENT,
-          useFactory: (cfg, httpProvider) => new KeycloakClient(cfg, httpProvider),
-          inject: [KEYCLOAK_CONFIG, HTTP_PROVIDER2]
-        },
-        {
-          provide: KEYCLOAK_HTTP_INTERCEPTOR,
-          useFactory: (client) => new KeycloakHttpInterceptor(client),
-          inject: [KEYCLOAK_CLIENT]
-        }
-      ],
-      exports: [KEYCLOAK_CLIENT, KEYCLOAK_HTTP_INTERCEPTOR]
-    };
-  }
-};
-KeycloakModule = __decorateClass([
-  Module({})
-], KeycloakModule);
-export {
-  KEYCLOAK_CLIENT,
-  KEYCLOAK_CONFIG,
-  KEYCLOAK_HTTP_INTERCEPTOR,
-  KeycloakModule
-};