@auth0/auth0-angular 2.5.0 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/fesm2022/auth0-auth0-angular.mjs +64 -27
  2. package/fesm2022/auth0-auth0-angular.mjs.map +1 -1
  3. package/lib/auth.service.d.ts +26 -1
  4. package/lib/provide.d.ts +5 -3
  5. package/package.json +1 -1
  6. package/public-api.d.ts +1 -1
package/fesm2022/auth0-auth0-angular.mjs CHANGED
@@ -1,5 +1,5 @@
1
1
  import * as i0 from '@angular/core';
2
- import { VERSION, InjectionToken, Optional, Inject, Injectable, NgModule, inject } from '@angular/core';
2
+ import { VERSION, InjectionToken, Optional, Inject, Injectable, NgModule, makeEnvironmentProviders, inject } from '@angular/core';
3
3
  import { BehaviorSubject, Subject, ReplaySubject, merge, defer, of, iif, from, throwError } from 'rxjs';
4
4
  import { scan, filter, distinctUntilChanged, switchMap, mergeMap, shareReplay, concatMap, catchError, tap, takeUntil, withLatestFrom, map, take, first, mapTo, pluck } from 'rxjs/operators';
5
5
  import * as i4 from '@auth0/auth0-spa-js';
@@ -8,7 +8,7 @@ export { AuthenticationError, GenericError, InMemoryCache, LocalStorageCache, Mf
8
8
  import { Router } from '@angular/router';
9
9
  import * as i1 from '@angular/common';
10
10
 
11
- var useragent = { name: '@auth0/auth0-angular', version: '2.5.0' };
11
+ var useragent = { name: '@auth0/auth0-angular', version: '2.6.0' };
12
12
 
13
13
  class Auth0ClientFactory {
14
14
  static createClient(configFactory) {
@@ -112,10 +112,10 @@ class AuthClientConfig {
112
112
  get() {
113
113
  return this.config;
114
114
  }
115
- static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthClientConfig, deps: [{ token: AuthConfigService, optional: true }], target: i0.ɵɵFactoryTarget.Injectable }); }
116
- static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthClientConfig, providedIn: 'root' }); }
115
+ static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthClientConfig, deps: [{ token: AuthConfigService, optional: true }], target: i0.ɵɵFactoryTarget.Injectable }); }
116
+ static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthClientConfig, providedIn: 'root' }); }
117
117
  }
118
- i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthClientConfig, decorators: [{
118
+ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthClientConfig, decorators: [{
119
119
  type: Injectable,
120
120
  args: [{ providedIn: 'root' }]
121
121
  }], ctorParameters: () => [{ type: undefined, decorators: [{
@@ -146,10 +146,10 @@ class AbstractNavigator {
146
146
  }
147
147
  this.location.replaceState(url);
148
148
  }
149
- static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AbstractNavigator, deps: [{ token: i1.Location }, { token: i0.Injector }], target: i0.ɵɵFactoryTarget.Injectable }); }
150
- static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AbstractNavigator, providedIn: 'root' }); }
149
+ static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AbstractNavigator, deps: [{ token: i1.Location }, { token: i0.Injector }], target: i0.ɵɵFactoryTarget.Injectable }); }
150
+ static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AbstractNavigator, providedIn: 'root' }); }
151
151
  }
152
- i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AbstractNavigator, decorators: [{
152
+ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AbstractNavigator, decorators: [{
153
153
  type: Injectable,
154
154
  args: [{
155
155
  providedIn: 'root',
@@ -239,10 +239,10 @@ class AuthState {
239
239
  setError(error) {
240
240
  this.errorSubject$.next(error);
241
241
  }
242
- static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthState, deps: [{ token: Auth0ClientService }], target: i0.ɵɵFactoryTarget.Injectable }); }
243
- static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthState, providedIn: 'root' }); }
242
+ static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthState, deps: [{ token: Auth0ClientService }], target: i0.ɵɵFactoryTarget.Injectable }); }
243
+ static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthState, providedIn: 'root' }); }
244
244
  }
245
- i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthState, decorators: [{
245
+ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthState, decorators: [{
246
246
  type: Injectable,
247
247
  args: [{ providedIn: 'root' }]
248
248
  }], ctorParameters: () => [{ type: i4.Auth0Client, decorators: [{
@@ -449,6 +449,41 @@ class AuthService {
449
449
  return throwError(error);
450
450
  }));
451
451
  }
452
+ /**
453
+ * ```js
454
+ * loginWithCustomTokenExchange(options).subscribe(tokenResponse => ...)
455
+ * ```
456
+ *
457
+ * Exchanges an external subject token for Auth0 tokens and establishes an authenticated session.
458
+ *
459
+ * This method implements the token exchange grant as specified in RFC 8693.
460
+ * It performs a token exchange by sending a request to the `/oauth/token` endpoint
461
+ * with the external token and returns Auth0 tokens (access token, ID token, etc.).
462
+ *
463
+ * The request includes the following parameters:
464
+ * - `grant_type`: Hard-coded to "urn:ietf:params:oauth:grant-type:token-exchange"
465
+ * - `subject_token`: The external token to be exchanged
466
+ * - `subject_token_type`: A namespaced URI identifying the token type (must be under your organization's control)
467
+ * - `audience`: The target audience (falls back to the SDK's default audience if not provided)
468
+ * - `scope`: Space-separated list of scopes (merged with the SDK's default scopes)
469
+ *
470
+ * After a successful token exchange, this method updates the authentication state
471
+ * to ensure consistency with the standard authentication flows.
472
+ *
473
+ * @param options The options required to perform the token exchange
474
+ * @returns An Observable that emits the token endpoint response containing Auth0 tokens
475
+ */
476
+ loginWithCustomTokenExchange(options) {
477
+ return of(this.auth0Client).pipe(concatMap((client) => client.loginWithCustomTokenExchange(options)), tap((tokenResponse) => {
478
+ if (tokenResponse.access_token) {
479
+ this.authState.setAccessToken(tokenResponse.access_token);
480
+ }
481
+ }), catchError((error) => {
482
+ this.authState.setError(error);
483
+ this.authState.refresh();
484
+ return throwError(error);
485
+ }));
486
+ }
452
487
  /**
453
488
  * ```js
454
489
  * handleRedirectCallback(url).subscribe(result => ...)
@@ -547,10 +582,10 @@ class AuthService {
547
582
  !this.configFactory.get().skipRedirectCallback);
548
583
  }));
549
584
  }
550
- static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthService, deps: [{ token: Auth0ClientService }, { token: AuthClientConfig }, { token: AbstractNavigator }, { token: AuthState }], target: i0.ɵɵFactoryTarget.Injectable }); }
551
- static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthService, providedIn: 'root' }); }
585
+ static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthService, deps: [{ token: Auth0ClientService }, { token: AuthClientConfig }, { token: AbstractNavigator }, { token: AuthState }], target: i0.ɵɵFactoryTarget.Injectable }); }
586
+ static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthService, providedIn: 'root' }); }
552
587
  }
553
- i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthService, decorators: [{
588
+ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthService, decorators: [{
554
589
  type: Injectable,
555
590
  args: [{
556
591
  providedIn: 'root',
@@ -585,10 +620,10 @@ class AuthGuard {
585
620
  return of(true);
586
621
  }));
587
622
  }
588
- static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthGuard, deps: [{ token: AuthService }], target: i0.ɵɵFactoryTarget.Injectable }); }
589
- static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthGuard, providedIn: 'root' }); }
623
+ static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthGuard, deps: [{ token: AuthService }], target: i0.ɵɵFactoryTarget.Injectable }); }
624
+ static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthGuard, providedIn: 'root' }); }
590
625
  }
591
- i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthGuard, decorators: [{
626
+ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthGuard, decorators: [{
592
627
  type: Injectable,
593
628
  args: [{
594
629
  providedIn: 'root',
@@ -620,11 +655,11 @@ class AuthModule {
620
655
  ],
621
656
  };
622
657
  }
623
- static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule }); }
624
- static { this.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "14.0.0", version: "19.2.17", ngImport: i0, type: AuthModule }); }
625
- static { this.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthModule }); }
658
+ static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule }); }
659
+ static { this.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "14.0.0", version: "19.2.18", ngImport: i0, type: AuthModule }); }
660
+ static { this.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthModule }); }
626
661
  }
627
- i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthModule, decorators: [{
662
+ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthModule, decorators: [{
628
663
  type: NgModule
629
664
  }] });
630
665
 
@@ -747,10 +782,10 @@ class AuthHttpInterceptor {
747
782
  !!route.allowAnonymous &&
748
783
  ['login_required', 'consent_required', 'missing_refresh_token'].includes(err.error));
749
784
  }
750
- static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthHttpInterceptor, deps: [{ token: AuthClientConfig }, { token: Auth0ClientService }, { token: AuthState }, { token: AuthService }], target: i0.ɵɵFactoryTarget.Injectable }); }
751
- static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthHttpInterceptor }); }
785
+ static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthHttpInterceptor, deps: [{ token: AuthClientConfig }, { token: Auth0ClientService }, { token: AuthState }, { token: AuthService }], target: i0.ɵɵFactoryTarget.Injectable }); }
786
+ static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthHttpInterceptor }); }
752
787
  }
753
- i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.17", ngImport: i0, type: AuthHttpInterceptor, decorators: [{
788
+ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.18", ngImport: i0, type: AuthHttpInterceptor, decorators: [{
754
789
  type: Injectable
755
790
  }], ctorParameters: () => [{ type: AuthClientConfig }, { type: i4.Auth0Client, decorators: [{
756
791
  type: Inject,
@@ -761,7 +796,9 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.17", ngImpo
761
796
  * Initialize the authentication system. Configuration can either be specified here,
762
797
  * or by calling AuthClientConfig.set (perhaps from an APP_INITIALIZER factory function).
763
798
  *
764
- * Note: Should only be used as of Angular 15, and should not be added to a component's providers.
799
+ * Note: Should only be used as of Angular 15. This function returns `EnvironmentProviders`
800
+ * which ensures it can only be used at the application/environment level and cannot be
801
+ * added to a component's providers array (this will result in a compile-time error).
765
802
  *
766
803
  * @param config The optional configuration for the SDK.
767
804
  *
@@ -773,7 +810,7 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.2.17", ngImpo
773
810
  * });
774
811
  */
775
812
  function provideAuth0(config) {
776
- return [
813
+ return makeEnvironmentProviders([
777
814
  AuthService,
778
815
  AuthHttpInterceptor,
779
816
  AuthGuard,
@@ -786,7 +823,7 @@ function provideAuth0(config) {
786
823
  useFactory: Auth0ClientFactory.createClient,
787
824
  deps: [AuthClientConfig],
788
825
  },
789
- ];
826
+ ]);
790
827
  }
791
828
 
792
829
  /**
package/fesm2022/auth0-auth0-angular.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth0-auth0-angular.mjs","sources":["../../../projects/auth0-angular/src/useragent.ts","../../../projects/auth0-angular/src/lib/auth.client.ts","../../../projects/auth0-angular/src/lib/auth.config.ts","../../../projects/auth0-angular/src/lib/abstract-navigator.ts","../../../projects/auth0-angular/src/lib/auth.state.ts","../../../projects/auth0-angular/src/lib/auth.service.ts","../../../projects/auth0-angular/src/lib/auth.guard.ts","../../../projects/auth0-angular/src/lib/auth.module.ts","../../../projects/auth0-angular/src/lib/auth.interceptor.ts","../../../projects/auth0-angular/src/lib/provide.ts","../../../projects/auth0-angular/src/lib/functional.ts","../../../projects/auth0-angular/src/public-api.ts","../../../projects/auth0-angular/src/auth0-auth0-angular.ts"],"sourcesContent":["export default { name: '@auth0/auth0-angular', version: '2.5.0' };\n","import { InjectionToken, VERSION } from '@angular/core';\nimport { Auth0Client } from '@auth0/auth0-spa-js';\nimport { AuthClientConfig } from './auth.config';\nimport useragent from '../useragent';\n\nexport class Auth0ClientFactory {\n static createClient(configFactory: AuthClientConfig): Auth0Client {\n const config = configFactory.get();\n\n if (!config) {\n throw new Error(\n 'Configuration must be specified either through AuthModule.forRoot or through AuthClientConfig.set'\n );\n }\n\n return new Auth0Client({\n ...config,\n auth0Client: {\n name: useragent.name,\n version: useragent.version,\n env: {\n 'angular/core': VERSION.full,\n },\n },\n });\n }\n}\n\nexport const Auth0ClientService = new InjectionToken<Auth0Client>(\n 'auth0.client'\n);\n","import {\n Auth0ClientOptions,\n CacheLocation,\n GetTokenSilentlyOptions,\n ICache,\n} from '@auth0/auth0-spa-js';\n\nimport { InjectionToken, Injectable, Optional, Inject } from '@angular/core';\n\n/**\n * Defines a common set of HTTP methods.\n */\nexport const enum HttpMethod {\n Get = 'GET',\n Post = 'POST',\n Put = 'PUT',\n Patch = 'PATCH',\n Delete = 'DELETE',\n Head = 'HEAD',\n}\n\n/**\n * Defines the type for a route config entry. Can either be:\n *\n * - an object of type HttpInterceptorRouteConfig\n * - a string\n */\nexport type ApiRouteDefinition = HttpInterceptorRouteConfig | string;\n\n/**\n * A custom type guard to help identify route definitions that are actually HttpInterceptorRouteConfig types.\n *\n * @param def The route definition type\n */\nexport function isHttpInterceptorRouteConfig(\n def: ApiRouteDefinition\n): def is HttpInterceptorRouteConfig {\n return typeof def !== 'string';\n}\n\n/**\n * Configuration for the HttpInterceptor\n */\nexport interface HttpInterceptorConfig {\n allowedList: ApiRouteDefinition[];\n}\n\n/**\n * Configuration for a single interceptor route\n */\nexport interface HttpInterceptorRouteConfig {\n /**\n * The URL to test, by supplying the URL to match.\n * If `test` is a match for the current request path from the HTTP client, then\n * an access token is attached to the request in the\n * [\"Authorization\" header](https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-20#section-2.1).\n *\n * If the test does not pass, the request proceeds without the access token attached.\n *\n * A wildcard character can be used to match only the start of the URL.\n *\n * @usagenotes\n *\n * '/api' - exactly match the route /api\n * '/api/*' - match any route that starts with /api/\n */\n uri?: string;\n\n /**\n * A function that will be called with the HttpRequest.url value, allowing you to do\n * any kind of flexible matching.\n *\n * If this function returns true, then\n * an access token is attached to the request in the\n * [\"Authorization\" header](https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-20#section-2.1).\n *\n * If it returns false, the request proceeds without the access token attached.\n */\n uriMatcher?: (uri: string) => boolean;\n\n /**\n * The options that are passed to the SDK when retrieving the\n * access token to attach to the outgoing request.\n */\n tokenOptions?: GetTokenSilentlyOptions;\n\n /**\n * The HTTP method to match on. If specified, the HTTP method of\n * the outgoing request will be checked against this. If there is no match, the\n * Authorization header is not attached.\n *\n * The HTTP method name is case-sensitive.\n */\n httpMethod?: HttpMethod | string;\n\n /**\n * Allow the HTTP call to be executed anonymously, when no token is available.\n *\n * When omitted (or set to false), calls that match the configuration will fail when no token is available.\n */\n allowAnonymous?: boolean;\n}\n\n/**\n * Configuration for the authentication service\n */\nexport interface AuthConfig extends Auth0ClientOptions {\n /**\n * By default, if the page URL has code and state parameters, the SDK will assume they are for\n * an Auth0 application and attempt to exchange the code for a token.\n * In some cases the code might be for something else (e.g. another OAuth SDK). In these\n * instances you can instruct the client to ignore them by setting `skipRedirectCallback`.\n *\n * ```js\n * AuthModule.forRoot({\n * skipRedirectCallback: window.location.pathname === '/other-callback'\n * })\n * ```\n *\n * **Note**: In the above example, `/other-callback` is an existing route that will be called\n * by any other OAuth provider with a `code` (or `error` in case when something went wrong) and `state`.\n *\n */\n skipRedirectCallback?: boolean;\n\n /**\n * Configuration for the built-in Http Interceptor, used for\n * automatically attaching access tokens.\n */\n httpInterceptor?: HttpInterceptorConfig;\n\n /**\n * Path in your application to redirect to when the Authorization server\n * returns an error. Defaults to `/`\n */\n errorPath?: string;\n}\n\n/**\n * Angular specific state to be stored before redirect\n */\nexport interface AppState {\n /**\n * Target path the app gets routed to after\n * handling the callback from Auth0 (defaults to '/')\n */\n target?: string;\n\n /**\n * Any custom parameter to be stored in appState\n */\n [key: string]: any;\n}\n\n/**\n * Injection token for accessing configuration.\n *\n * @usageNotes\n *\n * Use the `Inject` decorator to access the configuration from a service or component:\n *\n * ```\n * class MyService(@Inject(AuthConfigService) config: AuthConfig) {}\n * ```\n */\nexport const AuthConfigService = new InjectionToken<AuthConfig>(\n 'auth0-angular.config'\n);\n\n/**\n * Gets and sets configuration for the internal Auth0 client. This can be\n * used to provide configuration outside of using AuthModule.forRoot, i.e. from\n * a factory provided by APP_INITIALIZER.\n *\n * @usage\n *\n * ```js\n * // app.module.ts\n * // ---------------------------\n * import { AuthModule, AuthClientConfig } from '@auth0/auth0-angular';\n *\n * // Provide an initializer function that returns a Promise\n * function configInitializer(\n * http: HttpClient,\n * config: AuthClientConfig\n * ) {\n * return () =>\n * http\n * .get('/config')\n * .toPromise()\n * .then((loadedConfig: any) => config.set(loadedConfig)); // Set the config that was loaded asynchronously here\n * }\n *\n * // Provide APP_INITIALIZER with this function. Note that there is no config passed to AuthModule.forRoot\n * imports: [\n * // other imports..\n *\n * HttpClientModule,\n * AuthModule.forRoot(), //<- don't pass any config here\n * ],\n * providers: [\n * {\n * provide: APP_INITIALIZER,\n * useFactory: configInitializer, // <- pass your initializer function here\n * deps: [HttpClient, AuthClientConfig],\n * multi: true,\n * },\n * ],\n * ```\n *\n */\n@Injectable({ providedIn: 'root' })\nexport class AuthClientConfig {\n private config?: AuthConfig;\n\n constructor(@Optional() @Inject(AuthConfigService) config?: AuthConfig) {\n if (config) {\n this.set(config);\n }\n }\n\n /**\n * Sets configuration to be read by other consumers of the service (see usage notes)\n *\n * @param config The configuration to set\n */\n set(config: AuthConfig): void {\n this.config = config;\n }\n\n /**\n * Gets the config that has been set by other consumers of the service\n */\n get(): AuthConfig {\n return this.config as AuthConfig;\n }\n}\n","import { Injectable, Injector } from '@angular/core';\nimport { Router } from '@angular/router';\nimport { Location } from '@angular/common';\n\n@Injectable({\n providedIn: 'root',\n})\nexport class AbstractNavigator {\n private readonly router?: Router;\n\n constructor(private location: Location, injector: Injector) {\n try {\n this.router = injector.get(Router);\n } catch {}\n }\n\n /**\n * Navigates to the specified url. The router will be used if one is available, otherwise it falls back\n * to `window.history.replaceState`.\n *\n * @param url The url to navigate to\n */\n navigateByUrl(url: string): void {\n if (this.router) {\n this.router.navigateByUrl(url);\n\n return;\n }\n\n this.location.replaceState(url);\n }\n}\n","import { Inject, Injectable } from '@angular/core';\nimport { Auth0Client } from '@auth0/auth0-spa-js';\nimport {\n BehaviorSubject,\n defer,\n merge,\n of,\n ReplaySubject,\n Subject,\n} from 'rxjs';\nimport {\n concatMap,\n distinctUntilChanged,\n filter,\n mergeMap,\n scan,\n shareReplay,\n switchMap,\n} from 'rxjs/operators';\nimport { Auth0ClientService } from './auth.client';\n\n/**\n * Tracks the Authentication State for the SDK\n */\n@Injectable({ providedIn: 'root' })\nexport class AuthState {\n private isLoadingSubject$ = new BehaviorSubject<boolean>(true);\n private refresh$ = new Subject<void>();\n private accessToken$ = new ReplaySubject<string>(1);\n private errorSubject$ = new ReplaySubject<Error>(1);\n\n /**\n * Emits boolean values indicating the loading state of the SDK.\n */\n public readonly isLoading$ = this.isLoadingSubject$.asObservable();\n\n /**\n * Trigger used to pull User information from the Auth0Client.\n * Triggers when the access token has changed.\n */\n private accessTokenTrigger$ = this.accessToken$.pipe(\n scan(\n (\n acc: { current: string | null; previous: string | null },\n current: string | null\n ) => ({\n previous: acc.current,\n current,\n }),\n { current: null, previous: null }\n ),\n filter(({ previous, current }) => previous !== current)\n );\n\n /**\n * Trigger used to pull User information from the Auth0Client.\n * Triggers when an event occurs that needs to retrigger the User Profile information.\n * Events: Login, Access Token change and Logout\n */\n private readonly isAuthenticatedTrigger$ = this.isLoading$.pipe(\n filter((loading) => !loading),\n distinctUntilChanged(),\n switchMap(() =>\n // To track the value of isAuthenticated over time, we need to merge:\n // - the current value\n // - the value whenever the access token changes. (this should always be true of there is an access token\n // but it is safer to pass this through this.auth0Client.isAuthenticated() nevertheless)\n // - the value whenever refreshState$ emits\n merge(\n defer(() => this.auth0Client.isAuthenticated()),\n this.accessTokenTrigger$.pipe(\n mergeMap(() => this.auth0Client.isAuthenticated())\n ),\n this.refresh$.pipe(mergeMap(() => this.auth0Client.isAuthenticated()))\n )\n )\n );\n\n /**\n * Emits boolean values indicating the authentication state of the user. If `true`, it means a user has authenticated.\n * This depends on the value of `isLoading$`, so there is no need to manually check the loading state of the SDK.\n */\n readonly isAuthenticated$ = this.isAuthenticatedTrigger$.pipe(\n distinctUntilChanged(),\n shareReplay(1)\n );\n\n /**\n * Emits details about the authenticated user, or null if not authenticated.\n */\n readonly user$ = this.isAuthenticatedTrigger$.pipe(\n concatMap((authenticated) =>\n authenticated ? this.auth0Client.getUser() : of(null)\n ),\n distinctUntilChanged()\n );\n\n /**\n * Emits ID token claims when authenticated, or null if not authenticated.\n */\n readonly idTokenClaims$ = this.isAuthenticatedTrigger$.pipe(\n concatMap((authenticated) =>\n authenticated ? this.auth0Client.getIdTokenClaims() : of(null)\n )\n );\n\n /**\n * Emits errors that occur during login, or when checking for an active session on startup.\n */\n public readonly error$ = this.errorSubject$.asObservable();\n\n constructor(@Inject(Auth0ClientService) private auth0Client: Auth0Client) {}\n\n /**\n * Update the isLoading state using the provided value\n *\n * @param isLoading The new value for isLoading\n */\n public setIsLoading(isLoading: boolean): void {\n this.isLoadingSubject$.next(isLoading);\n }\n\n /**\n * Refresh the state to ensure the `isAuthenticated`, `user$` and `idTokenClaims$`\n * reflect the most up-to-date values from Auth0Client.\n */\n public refresh(): void {\n this.refresh$.next();\n }\n\n /**\n * Update the access token, doing so will also refresh the state.\n *\n * @param accessToken The new Access Token\n */\n public setAccessToken(accessToken: string): void {\n this.accessToken$.next(accessToken);\n }\n\n /**\n * Emits the error in the `error$` observable.\n *\n * @param error The new error\n */\n public setError(error: any): void {\n this.errorSubject$.next(error);\n }\n}\n","import { Injectable, Inject, OnDestroy } from '@angular/core';\n\nimport {\n Auth0Client,\n PopupLoginOptions,\n PopupConfigOptions,\n GetTokenSilentlyOptions,\n GetTokenWithPopupOptions,\n RedirectLoginResult,\n GetTokenSilentlyVerboseResponse,\n ConnectAccountRedirectResult,\n RedirectConnectAccountOptions,\n CustomFetchMinimalOutput,\n Fetcher,\n FetcherConfig,\n} from '@auth0/auth0-spa-js';\n\nimport {\n of,\n from,\n Subject,\n Observable,\n iif,\n defer,\n ReplaySubject,\n throwError,\n} from 'rxjs';\n\nimport {\n concatMap,\n tap,\n map,\n takeUntil,\n catchError,\n switchMap,\n withLatestFrom,\n} from 'rxjs/operators';\n\nimport { Auth0ClientService } from './auth.client';\nimport { AbstractNavigator } from './abstract-navigator';\nimport { AuthClientConfig, AppState } from './auth.config';\nimport { AuthState } from './auth.state';\nimport { LogoutOptions, RedirectLoginOptions } from './interfaces';\n\n@Injectable({\n providedIn: 'root',\n})\nexport class AuthService<TAppState extends AppState = AppState>\n implements OnDestroy\n{\n private appStateSubject$ = new ReplaySubject<TAppState>(1);\n\n // https://stackoverflow.com/a/41177163\n private ngUnsubscribe$ = new Subject<void>();\n /**\n * Emits boolean values indicating the loading state of the SDK.\n */\n readonly isLoading$ = this.authState.isLoading$;\n\n /**\n * Emits boolean values indicating the authentication state of the user. If `true`, it means a user has authenticated.\n * This depends on the value of `isLoading$`, so there is no need to manually check the loading state of the SDK.\n */\n readonly isAuthenticated$ = this.authState.isAuthenticated$;\n\n /**\n * Emits details about the authenticated user, or null if not authenticated.\n */\n readonly user$ = this.authState.user$;\n\n /**\n * Emits ID token claims when authenticated, or null if not authenticated.\n */\n readonly idTokenClaims$ = this.authState.idTokenClaims$;\n\n /**\n * Emits errors that occur during login, or when checking for an active session on startup.\n */\n readonly error$ = this.authState.error$;\n\n /**\n * Emits the value (if any) that was passed to the `loginWithRedirect` method call\n * but only **after** `handleRedirectCallback` is first called\n */\n readonly appState$ = this.appStateSubject$.asObservable();\n\n constructor(\n @Inject(Auth0ClientService) private auth0Client: Auth0Client,\n private configFactory: AuthClientConfig,\n private navigator: AbstractNavigator,\n private authState: AuthState\n ) {\n const checkSessionOrCallback$ = (isCallback: boolean) =>\n iif(\n () => isCallback,\n this.handleRedirectCallback(),\n defer(() => this.auth0Client.checkSession())\n );\n\n this.shouldHandleCallback()\n .pipe(\n switchMap((isCallback) =>\n checkSessionOrCallback$(isCallback).pipe(\n catchError((error) => {\n const config = this.configFactory.get();\n this.navigator.navigateByUrl(config.errorPath || '/');\n this.authState.setError(error);\n return of(undefined);\n })\n )\n ),\n tap(() => {\n this.authState.setIsLoading(false);\n }),\n takeUntil(this.ngUnsubscribe$)\n )\n .subscribe();\n }\n\n /**\n * Called when the service is destroyed\n */\n ngOnDestroy(): void {\n // https://stackoverflow.com/a/41177163\n this.ngUnsubscribe$.next();\n this.ngUnsubscribe$.complete();\n }\n\n /**\n * ```js\n * loginWithRedirect(options);\n * ```\n *\n * Performs a redirect to `/authorize` using the parameters\n * provided as arguments. Random and secure `state` and `nonce`\n * parameters will be auto-generated.\n *\n * @param options The login options\n */\n loginWithRedirect(\n options?: RedirectLoginOptions<TAppState>\n ): Observable<void> {\n return from(this.auth0Client.loginWithRedirect(options));\n }\n\n /**\n * ```js\n * connectAccountWithRedirect({\n * connection: 'google-oauth2',\n * scopes: ['openid', 'profile', 'email', 'https://www.googleapis.com/auth/drive.readonly'],\n * authorization_params: {\n * // additional authorization params to forward to the authorization server\n * }\n * });\n * ```\n *\n * Redirects to the `/connect` URL using the parameters\n * provided as arguments. This then redirects to the connection's login page\n * where the user can authenticate and authorize the account to be connected.\n *\n * If connecting the account is successful, `handleRedirectCallback` will be called\n * with the details of the connected account.\n *\n * @param options The connect account options\n */\n connectAccountWithRedirect(\n options: RedirectConnectAccountOptions<TAppState>\n ): Observable<void> {\n return from(this.auth0Client.connectAccountWithRedirect(options));\n }\n\n /**\n * ```js\n * await loginWithPopup(options);\n * ```\n *\n * Opens a popup with the `/authorize` URL using the parameters\n * provided as arguments. Random and secure `state` and `nonce`\n * parameters will be auto-generated. If the response is successful,\n * results will be valid according to their expiration times.\n *\n * IMPORTANT: This method has to be called from an event handler\n * that was started by the user like a button click, for example,\n * otherwise the popup will be blocked in most browsers.\n *\n * @param options The login options\n * @param config Configuration for the popup window\n */\n loginWithPopup(\n options?: PopupLoginOptions,\n config?: PopupConfigOptions\n ): Observable<void> {\n return from(\n this.auth0Client.loginWithPopup(options, config).then(() => {\n this.authState.refresh();\n })\n );\n }\n\n /**\n * ```js\n * logout();\n * ```\n *\n * Clears the application session and performs a redirect to `/v2/logout`, using\n * the parameters provided as arguments, to clear the Auth0 session.\n * If the `federated` option is specified it also clears the Identity Provider session.\n * If the `openUrl` option is set to false, it only clears the application session.\n * It is invalid to set both the `federated` to true and `openUrl` to `false`,\n * and an error will be thrown if you do.\n * [Read more about how Logout works at Auth0](https://auth0.com/docs/logout).\n *\n * @param options The logout options\n */\n logout(options?: LogoutOptions): Observable<void> {\n return from(\n this.auth0Client.logout(options).then(() => {\n if (options?.openUrl === false || options?.openUrl) {\n this.authState.refresh();\n }\n })\n );\n }\n\n /**\n * Fetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.\n *\n * @param options The options for configuring the token fetch.\n */\n getAccessTokenSilently(\n options: GetTokenSilentlyOptions & { detailedResponse: true }\n ): Observable<GetTokenSilentlyVerboseResponse>;\n\n /**\n * Fetches a new access token and returns it.\n *\n * @param options The options for configuring the token fetch.\n */\n getAccessTokenSilently(options?: GetTokenSilentlyOptions): Observable<string>;\n\n /**\n * ```js\n * getAccessTokenSilently(options).subscribe(token => ...)\n * ```\n *\n * If there's a valid token stored, return it. Otherwise, opens an\n * iframe with the `/authorize` URL using the parameters provided\n * as arguments. Random and secure `state` and `nonce` parameters\n * will be auto-generated. If the response is successful, results\n * will be valid according to their expiration times.\n *\n * If refresh tokens are used, the token endpoint is called directly with the\n * 'refresh_token' grant. If no refresh token is available to make this call,\n * the SDK falls back to using an iframe to the '/authorize' URL.\n *\n * This method may use a web worker to perform the token call if the in-memory\n * cache is used.\n *\n * If an `audience` value is given to this function, the SDK always falls\n * back to using an iframe to make the token exchange.\n *\n * Note that in all cases, falling back to an iframe requires access to\n * the `auth0` cookie, and thus will not work in browsers that block third-party\n * cookies by default (Safari, Brave, etc).\n *\n * @param options The options for configuring the token fetch.\n */\n getAccessTokenSilently(\n options: GetTokenSilentlyOptions = {}\n ): Observable<string | GetTokenSilentlyVerboseResponse> {\n return of(this.auth0Client).pipe(\n concatMap((client) =>\n options.detailedResponse === true\n ? client.getTokenSilently({ ...options, detailedResponse: true })\n : client.getTokenSilently(options)\n ),\n tap((token) => {\n if (token) {\n this.authState.setAccessToken(\n typeof token === 'string' ? token : token.access_token\n );\n }\n }),\n catchError((error) => {\n this.authState.setError(error);\n this.authState.refresh();\n return throwError(error);\n })\n );\n }\n\n /**\n * ```js\n * getTokenWithPopup(options).subscribe(token => ...)\n * ```\n *\n * Get an access token interactively.\n *\n * Opens a popup with the `/authorize` URL using the parameters\n * provided as arguments. Random and secure `state` and `nonce`\n * parameters will be auto-generated. If the response is successful,\n * results will be valid according to their expiration times.\n */\n getAccessTokenWithPopup(\n options?: GetTokenWithPopupOptions\n ): Observable<string | undefined> {\n return of(this.auth0Client).pipe(\n concatMap((client) => client.getTokenWithPopup(options)),\n tap((token) => {\n if (token) {\n this.authState.setAccessToken(token);\n }\n }),\n catchError((error) => {\n this.authState.setError(error);\n this.authState.refresh();\n return throwError(error);\n })\n );\n }\n\n /**\n * ```js\n * handleRedirectCallback(url).subscribe(result => ...)\n * ```\n *\n * After the browser redirects back to the callback page,\n * call `handleRedirectCallback` to handle success and error\n * responses from Auth0. If the response is successful, results\n * will be valid according to their expiration times.\n *\n * Calling this method also refreshes the authentication and user states.\n *\n * @param url The URL to that should be used to retrieve the `state` and `code` values. Defaults to `window.location.href` if not given.\n */\n handleRedirectCallback(\n url?: string\n ): Observable<\n RedirectLoginResult<TAppState> | ConnectAccountRedirectResult<TAppState>\n > {\n return defer(() =>\n this.auth0Client.handleRedirectCallback<TAppState>(url)\n ).pipe(\n withLatestFrom(this.authState.isLoading$),\n tap(([result, isLoading]) => {\n if (!isLoading) {\n this.authState.refresh();\n }\n const appState = result?.appState;\n const target = appState?.target ?? '/';\n\n if (appState) {\n this.appStateSubject$.next(appState);\n }\n\n this.navigator.navigateByUrl(target);\n }),\n map(([result]) => result)\n );\n }\n\n /**\n * ```js\n * getDpopNonce(id).subscribe(nonce => ...)\n * ```\n *\n * Gets the DPoP nonce for the specified domain or the default domain.\n * The nonce is used in DPoP proof generation for token binding.\n *\n * @param id Optional identifier for the domain. If not provided, uses the default domain.\n * @returns An Observable that emits the DPoP nonce string or undefined if not available.\n */\n getDpopNonce(id?: string): Observable<string | undefined> {\n return from(this.auth0Client.getDpopNonce(id));\n }\n\n /**\n * ```js\n * setDpopNonce(nonce, id).subscribe(() => ...)\n * ```\n *\n * Sets the DPoP nonce for the specified domain or the default domain.\n * This is typically used after receiving a new nonce from the authorization server.\n *\n * @param nonce The DPoP nonce value to set.\n * @param id Optional identifier for the domain. If not provided, uses the default domain.\n * @returns An Observable that completes when the nonce is set.\n */\n setDpopNonce(nonce: string, id?: string): Observable<void> {\n return from(this.auth0Client.setDpopNonce(nonce, id));\n }\n\n /**\n * ```js\n * generateDpopProof(params).subscribe(proof => ...)\n * ```\n *\n * Generates a DPoP (Demonstrating Proof-of-Possession) proof JWT.\n * This proof is used to bind access tokens to a specific client, providing\n * an additional layer of security for token usage.\n *\n * @param params Configuration for generating the DPoP proof\n * @param params.url The URL of the resource server endpoint\n * @param params.method The HTTP method (e.g., 'GET', 'POST')\n * @param params.nonce Optional DPoP nonce from the authorization server\n * @param params.accessToken The access token to bind to the proof\n * @returns An Observable that emits the generated DPoP proof as a JWT string.\n */\n generateDpopProof(params: {\n url: string;\n method: string;\n nonce?: string;\n accessToken: string;\n }): Observable<string> {\n return from(this.auth0Client.generateDpopProof(params));\n }\n\n /**\n * ```js\n * const fetcher = createFetcher(config);\n * ```\n *\n * Creates a custom fetcher instance that can be used to make authenticated\n * HTTP requests. The fetcher automatically handles token refresh and can\n * be configured with custom request/response handling.\n *\n * @param config Optional configuration for the fetcher\n * @returns A Fetcher instance configured with the Auth0 client.\n */\n createFetcher<TOutput extends CustomFetchMinimalOutput = Response>(\n config?: FetcherConfig<TOutput>\n ): Fetcher<TOutput> {\n return this.auth0Client.createFetcher(config);\n }\n\n private shouldHandleCallback(): Observable<boolean> {\n return of(location.search).pipe(\n map((search) => {\n const searchParams = new URLSearchParams(search);\n return (\n (searchParams.has('code') || searchParams.has('error')) &&\n searchParams.has('state') &&\n !this.configFactory.get().skipRedirectCallback\n );\n })\n );\n }\n}\n","import { Injectable } from '@angular/core';\nimport {\n ActivatedRouteSnapshot,\n RouterStateSnapshot,\n Route,\n UrlSegment,\n} from '@angular/router';\nimport { Observable, of } from 'rxjs';\nimport { take, switchMap, map } from 'rxjs/operators';\nimport { AuthService } from './auth.service';\n\n@Injectable({\n providedIn: 'root',\n})\nexport class AuthGuard {\n constructor(private auth: AuthService) {}\n\n canLoad(route: Route, segments: UrlSegment[]): Observable<boolean> {\n return this.auth.isAuthenticated$.pipe(take(1));\n }\n\n canActivate(\n next: ActivatedRouteSnapshot,\n state: RouterStateSnapshot\n ): Observable<boolean> {\n return this.redirectIfUnauthenticated(state);\n }\n\n canActivateChild(\n childRoute: ActivatedRouteSnapshot,\n state: RouterStateSnapshot\n ): Observable<boolean> {\n return this.redirectIfUnauthenticated(state);\n }\n\n private redirectIfUnauthenticated(\n state: RouterStateSnapshot\n ): Observable<boolean> {\n return this.auth.isAuthenticated$.pipe(\n switchMap((loggedIn) => {\n if (!loggedIn) {\n return this.auth\n .loginWithRedirect({\n appState: { target: state.url },\n })\n .pipe(map(() => false));\n }\n return of(true);\n })\n );\n }\n}\n","import { NgModule, ModuleWithProviders } from '@angular/core';\nimport { AuthService } from './auth.service';\nimport { AuthConfig, AuthConfigService, AuthClientConfig } from './auth.config';\nimport { Auth0ClientService, Auth0ClientFactory } from './auth.client';\nimport { AuthGuard } from './auth.guard';\n\n@NgModule()\nexport class AuthModule {\n /**\n * Initialize the authentication module system. Configuration can either be specified here,\n * or by calling AuthClientConfig.set (perhaps from an APP_INITIALIZER factory function).\n *\n * @param config The optional configuration for the SDK.\n */\n static forRoot(config?: AuthConfig): ModuleWithProviders<AuthModule> {\n return {\n ngModule: AuthModule,\n providers: [\n AuthService,\n AuthGuard,\n {\n provide: AuthConfigService,\n useValue: config,\n },\n {\n provide: Auth0ClientService,\n useFactory: Auth0ClientFactory.createClient,\n deps: [AuthClientConfig],\n },\n ],\n };\n }\n}\n","import {\n HttpInterceptor,\n HttpRequest,\n HttpHandler,\n HttpEvent,\n} from '@angular/common/http';\n\nimport { Observable, from, of, iif, throwError } from 'rxjs';\nimport { Inject, Injectable } from '@angular/core';\n\nimport {\n ApiRouteDefinition,\n isHttpInterceptorRouteConfig,\n AuthClientConfig,\n HttpInterceptorConfig,\n} from './auth.config';\n\nimport {\n switchMap,\n first,\n concatMap,\n catchError,\n tap,\n filter,\n mergeMap,\n mapTo,\n pluck,\n map,\n} from 'rxjs/operators';\nimport {\n Auth0Client,\n GetTokenSilentlyOptions,\n GetTokenSilentlyVerboseResponse,\n} from '@auth0/auth0-spa-js';\nimport { Auth0ClientService } from './auth.client';\nimport { AuthState } from './auth.state';\nimport { AuthService } from './auth.service';\n\nconst waitUntil =\n <TSignal>(signal$: Observable<TSignal>) =>\n <TSource>(source$: Observable<TSource>) =>\n source$.pipe(mergeMap((value) => signal$.pipe(first(), mapTo(value))));\n\n@Injectable()\nexport class AuthHttpInterceptor implements HttpInterceptor {\n constructor(\n private configFactory: AuthClientConfig,\n @Inject(Auth0ClientService) private auth0Client: Auth0Client,\n private authState: AuthState,\n private authService: AuthService\n ) {}\n\n intercept(\n req: HttpRequest<any>,\n next: HttpHandler\n ): Observable<HttpEvent<any>> {\n const config = this.configFactory.get();\n if (!config.httpInterceptor?.allowedList) {\n return next.handle(req);\n }\n\n const isLoaded$ = this.authService.isLoading$.pipe(\n filter((isLoading) => !isLoading)\n );\n\n return this.findMatchingRoute(req, config.httpInterceptor).pipe(\n concatMap((route) =>\n iif(\n // Check if a route was matched\n () => route !== null,\n // If we have a matching route, call getTokenSilently and attach the token to the\n // outgoing request\n of(route).pipe(\n waitUntil(isLoaded$),\n pluck('tokenOptions'),\n concatMap<GetTokenSilentlyOptions, Observable<string>>((options) =>\n this.getAccessTokenSilently(options).pipe(\n catchError((err) => {\n if (this.allowAnonymous(route, err)) {\n return of('');\n }\n\n this.authState.setError(err);\n return throwError(err);\n })\n )\n ),\n switchMap((token: string) => {\n // Clone the request and attach the bearer token\n const clone = token\n ? req.clone({\n headers: req.headers.set(\n 'Authorization',\n `Bearer ${token}`\n ),\n })\n : req;\n\n return next.handle(clone);\n })\n ),\n // If the URI being called was not found in our httpInterceptor config, simply\n // pass the request through without attaching a token\n next.handle(req)\n )\n )\n );\n }\n\n /**\n * Duplicate of AuthService.getAccessTokenSilently, but with a slightly different error handling.\n * Only used internally in the interceptor.\n *\n * @param options The options for configuring the token fetch.\n */\n private getAccessTokenSilently(\n options?: GetTokenSilentlyOptions\n ): Observable<string> {\n return of(this.auth0Client).pipe(\n concatMap((client) => client.getTokenSilently(options)),\n map((tokenOrResponse: string | GetTokenSilentlyVerboseResponse) => {\n // Extract access_token from detailed response when detailedResponse: true\n if (typeof tokenOrResponse === 'string') return tokenOrResponse;\n return tokenOrResponse.access_token;\n }),\n tap((token) => this.authState.setAccessToken(token)),\n catchError((error) => {\n this.authState.refresh();\n return throwError(error);\n })\n );\n }\n\n /**\n * Strips the query and fragment from the given uri\n *\n * @param uri The uri to remove the query and fragment from\n */\n private stripQueryFrom(uri: string): string {\n if (uri.indexOf('?') > -1) {\n uri = uri.substr(0, uri.indexOf('?'));\n }\n\n if (uri.indexOf('#') > -1) {\n uri = uri.substr(0, uri.indexOf('#'));\n }\n\n return uri;\n }\n\n /**\n * Determines whether the specified route can have an access token attached to it, based on matching the HTTP request against\n * the interceptor route configuration.\n *\n * @param route The route to test\n * @param request The HTTP request\n */\n private canAttachToken(\n route: ApiRouteDefinition,\n request: HttpRequest<any>\n ): boolean {\n const testPrimitive = (value: string | undefined): boolean => {\n if (!value) {\n return false;\n }\n\n const requestPath = this.stripQueryFrom(request.url);\n\n if (value === requestPath) {\n return true;\n }\n\n // If the URL ends with an asterisk, match using startsWith.\n return (\n value.indexOf('*') === value.length - 1 &&\n request.url.startsWith(value.substr(0, value.length - 1))\n );\n };\n\n if (isHttpInterceptorRouteConfig(route)) {\n if (route.httpMethod && route.httpMethod !== request.method) {\n return false;\n }\n\n /* istanbul ignore if */\n if (!route.uri && !route.uriMatcher) {\n console.warn(\n 'Either a uri or uriMatcher is required when configuring the HTTP interceptor.'\n );\n }\n\n return route.uriMatcher\n ? route.uriMatcher(request.url)\n : testPrimitive(route.uri);\n }\n\n return testPrimitive(route);\n }\n\n /**\n * Tries to match a route from the SDK configuration to the HTTP request.\n * If a match is found, the route configuration is returned.\n *\n * @param request The Http request\n * @param config HttpInterceptorConfig\n */\n private findMatchingRoute(\n request: HttpRequest<any>,\n config: HttpInterceptorConfig\n ): Observable<ApiRouteDefinition | null> {\n return from(config.allowedList).pipe(\n first((route) => this.canAttachToken(route, request), null)\n );\n }\n\n private allowAnonymous(route: ApiRouteDefinition | null, err: any): boolean {\n return (\n !!route &&\n isHttpInterceptorRouteConfig(route) &&\n !!route.allowAnonymous &&\n ['login_required', 'consent_required', 'missing_refresh_token'].includes(\n err.error\n )\n );\n }\n}\n","import { Provider } from '@angular/core';\nimport { Auth0ClientService, Auth0ClientFactory } from './auth.client';\nimport { AuthConfig, AuthConfigService, AuthClientConfig } from './auth.config';\nimport { AuthGuard } from './auth.guard';\nimport { AuthHttpInterceptor } from './auth.interceptor';\nimport { AuthService } from './auth.service';\n\n/**\n * Initialize the authentication system. Configuration can either be specified here,\n * or by calling AuthClientConfig.set (perhaps from an APP_INITIALIZER factory function).\n *\n * Note: Should only be used as of Angular 15, and should not be added to a component's providers.\n *\n * @param config The optional configuration for the SDK.\n *\n * @example\n * bootstrapApplication(AppComponent, {\n * providers: [\n * provideAuth0(),\n * ],\n * });\n */\nexport function provideAuth0(config?: AuthConfig): Provider[] {\n return [\n AuthService,\n AuthHttpInterceptor,\n AuthGuard,\n {\n provide: AuthConfigService,\n useValue: config,\n },\n {\n provide: Auth0ClientService,\n useFactory: Auth0ClientFactory.createClient,\n deps: [AuthClientConfig],\n },\n ];\n}\n","import { HttpEvent, HttpRequest } from '@angular/common/http';\nimport { inject } from '@angular/core';\nimport { ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router';\nimport { Observable } from 'rxjs';\nimport { AuthGuard } from './auth.guard';\nimport { AuthHttpInterceptor } from './auth.interceptor';\n\n/**\n * Functional AuthGuard to ensure routes can only be accessed when authenticated.\n *\n * Note: Should only be used as of Angular 15\n *\n * @param route Contains the information about a route associated with a component loaded in an outlet at a particular moment in time.\n * @param state Represents the state of the router at a moment in time.\n * @returns An Observable, indicating if the route can be accessed or not\n */\nexport const authGuardFn = (\n route: ActivatedRouteSnapshot,\n state: RouterStateSnapshot\n) => inject(AuthGuard).canActivate(route, state);\n\n/**\n * Functional AuthHttpInterceptor to include the access token in matching requests.\n *\n * Note: Should only be used as of Angular 15\n *\n * @param req An outgoing HTTP request with an optional typed body.\n * @param handle Represents the next interceptor in an interceptor chain, or the real backend if there are no\n * further interceptors.\n * @returns An Observable representing the intercepted HttpRequest\n */\nexport const authHttpInterceptorFn = (\n req: HttpRequest<any>,\n handle: (req: HttpRequest<unknown>) => Observable<HttpEvent<unknown>>\n) => inject(AuthHttpInterceptor).intercept(req, { handle });\n","/*\n * Public API Surface of auth0-angular\n */\n\nexport * from './lib/auth.service';\nexport * from './lib/auth.module';\nexport * from './lib/auth.guard';\nexport * from './lib/auth.interceptor';\nexport * from './lib/auth.config';\nexport * from './lib/auth.client';\nexport * from './lib/auth.state';\nexport * from './lib/interfaces';\nexport * from './lib/provide';\nexport * from './lib/functional';\nexport * from './lib/abstract-navigator';\n\nexport {\n AuthorizationParams,\n PopupLoginOptions,\n PopupConfigOptions,\n GetTokenWithPopupOptions,\n GetTokenSilentlyOptions,\n RedirectConnectAccountOptions,\n ICache,\n Cacheable,\n LocalStorageCache,\n InMemoryCache,\n IdToken,\n User,\n GenericError,\n TimeoutError,\n MfaRequiredError,\n PopupTimeoutError,\n AuthenticationError,\n PopupCancelledError,\n MissingRefreshTokenError,\n Fetcher,\n FetcherConfig,\n CustomFetchMinimalOutput,\n UseDpopNonceError,\n} from '@auth0/auth0-spa-js';\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './public-api';\n"],"names":["i1.AuthClientConfig","i2.AbstractNavigator","i3.AuthState","i1.AuthService","i2.AuthState","i3.AuthService"],"mappings":";;;;;;;;;;AAAA,gBAAe,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,OAAO,EAAE;;MCKpD,kBAAkB,CAAA;IAC7B,OAAO,YAAY,CAAC,aAA+B,EAAA;AACjD,QAAA,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,EAAE;QAElC,IAAI,CAAC,MAAM,EAAE;AACX,YAAA,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG;;QAGH,OAAO,IAAI,WAAW,CAAC;AACrB,YAAA,GAAG,MAAM;AACT,YAAA,WAAW,EAAE;gBACX,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,OAAO,EAAE,SAAS,CAAC,OAAO;AAC1B,gBAAA,GAAG,EAAE;oBACH,cAAc,EAAE,OAAO,CAAC,IAAI;AAC7B,iBAAA;AACF,aAAA;AACF,SAAA,CAAC;;AAEL;MAEY,kBAAkB,GAAG,IAAI,cAAc,CAClD,cAAc;;ACAhB;;;;AAIG;AACG,SAAU,4BAA4B,CAC1C,GAAuB,EAAA;AAEvB,IAAA,OAAO,OAAO,GAAG,KAAK,QAAQ;AAChC;AAoHA;;;;;;;;;;AAUG;MACU,iBAAiB,GAAG,IAAI,cAAc,CACjD,sBAAsB;AAGxB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyCG;MAEU,gBAAgB,CAAA;AAG3B,IAAA,WAAA,CAAmD,MAAmB,EAAA;QACpE,IAAI,MAAM,EAAE;AACV,YAAA,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;;;AAIpB;;;;AAIG;AACH,IAAA,GAAG,CAAC,MAAkB,EAAA;AACpB,QAAA,IAAI,CAAC,MAAM,GAAG,MAAM;;AAGtB;;AAEG;IACH,GAAG,GAAA;QACD,OAAO,IAAI,CAAC,MAAoB;;AAtBvB,IAAA,SAAA,IAAA,CAAA,IAAA,GAAA,EAAA,CAAA,kBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,gBAAgB,kBAGK,iBAAiB,EAAA,QAAA,EAAA,IAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;AAHtC,IAAA,SAAA,IAAA,CAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,gBAAgB,cADH,MAAM,EAAA,CAAA,CAAA;;4FACnB,gBAAgB,EAAA,UAAA,EAAA,CAAA;kBAD5B,UAAU;mBAAC,EAAE,UAAU,EAAE,MAAM,EAAE;;0BAInB;;0BAAY,MAAM;2BAAC,iBAAiB;;;MChNtC,iBAAiB,CAAA;IAG5B,WAAoB,CAAA,QAAkB,EAAE,QAAkB,EAAA;QAAtC,IAAQ,CAAA,QAAA,GAAR,QAAQ;AAC1B,QAAA,IAAI;YACF,IAAI,CAAC,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC;;QAClC,MAAM;;AAGV;;;;;AAKG;AACH,IAAA,aAAa,CAAC,GAAW,EAAA;AACvB,QAAA,IAAI,IAAI,CAAC,MAAM,EAAE;AACf,YAAA,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC;YAE9B;;AAGF,QAAA,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC;;+GAtBtB,iBAAiB,EAAA,IAAA,EAAA,CAAA,EAAA,KAAA,EAAA,EAAA,CAAA,QAAA,EAAA,EAAA,EAAA,KAAA,EAAA,EAAA,CAAA,QAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;AAAjB,IAAA,SAAA,IAAA,CAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,iBAAiB,cAFhB,MAAM,EAAA,CAAA,CAAA;;4FAEP,iBAAiB,EAAA,UAAA,EAAA,CAAA;kBAH7B,UAAU;AAAC,YAAA,IAAA,EAAA,CAAA;AACV,oBAAA,UAAU,EAAE,MAAM;AACnB,iBAAA;;;ACeD;;AAEG;MAEU,SAAS,CAAA;AAsFpB,IAAA,WAAA,CAAgD,WAAwB,EAAA;QAAxB,IAAW,CAAA,WAAA,GAAX,WAAW;AArFnD,QAAA,IAAA,CAAA,iBAAiB,GAAG,IAAI,eAAe,CAAU,IAAI,CAAC;AACtD,QAAA,IAAA,CAAA,QAAQ,GAAG,IAAI,OAAO,EAAQ;AAC9B,QAAA,IAAA,CAAA,YAAY,GAAG,IAAI,aAAa,CAAS,CAAC,CAAC;AAC3C,QAAA,IAAA,CAAA,aAAa,GAAG,IAAI,aAAa,CAAQ,CAAC,CAAC;AAEnD;;AAEG;AACa,QAAA,IAAA,CAAA,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE;AAElE;;;AAGG;AACK,QAAA,IAAA,CAAA,mBAAmB,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAClD,IAAI,CACF,CACE,GAAwD,EACxD,OAAsB,MAClB;YACJ,QAAQ,EAAE,GAAG,CAAC,OAAO;YACrB,OAAO;AACR,SAAA,CAAC,EACF,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAClC,EACD,MAAM,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,QAAQ,KAAK,OAAO,CAAC,CACxD;AAED;;;;AAIG;QACc,IAAuB,CAAA,uBAAA,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAC7D,MAAM,CAAC,CAAC,OAAO,KAAK,CAAC,OAAO,CAAC,EAC7B,oBAAoB,EAAE,EACtB,SAAS,CAAC;;;;;;QAMR,KAAK,CACH,KAAK,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,EAC/C,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAC3B,QAAQ,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,CACnD,EACD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,CAAC,CACvE,CACF,CACF;AAED;;;AAGG;AACM,QAAA,IAAA,CAAA,gBAAgB,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAC3D,oBAAoB,EAAE,EACtB,WAAW,CAAC,CAAC,CAAC,CACf;AAED;;AAEG;AACM,QAAA,IAAA,CAAA,KAAK,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAChD,SAAS,CAAC,CAAC,aAAa,KACtB,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,CACtD,EACD,oBAAoB,EAAE,CACvB;AAED;;AAEG;AACM,QAAA,IAAA,CAAA,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CACzD,SAAS,CAAC,CAAC,aAAa,KACtB,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,CAC/D,CACF;AAED;;AAEG;AACa,QAAA,IAAA,CAAA,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE;;AAI1D;;;;AAIG;AACI,IAAA,YAAY,CAAC,SAAkB,EAAA;AACpC,QAAA,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC;;AAGxC;;;AAGG;IACI,OAAO,GAAA;AACZ,QAAA,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE;;AAGtB;;;;AAIG;AACI,IAAA,cAAc,CAAC,WAAmB,EAAA;AACvC,QAAA,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC;;AAGrC;;;;AAIG;AACI,IAAA,QAAQ,CAAC,KAAU,EAAA;AACxB,QAAA,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;;AAxHrB,IAAA,SAAA,IAAA,CAAA,IAAA,GAAA,EAAA,CAAA,kBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,SAAS,kBAsFA,kBAAkB,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;AAtF3B,IAAA,SAAA,IAAA,CAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,SAAS,cADI,MAAM,EAAA,CAAA,CAAA;;4FACnB,SAAS,EAAA,UAAA,EAAA,CAAA;kBADrB,UAAU;mBAAC,EAAE,UAAU,EAAE,MAAM,EAAE;;0BAuFnB,MAAM;2BAAC,kBAAkB;;;MChE3B,WAAW,CAAA;AAuCtB,IAAA,WAAA,CACsC,WAAwB,EACpD,aAA+B,EAC/B,SAA4B,EAC5B,SAAoB,EAAA;QAHQ,IAAW,CAAA,WAAA,GAAX,WAAW;QACvC,IAAa,CAAA,aAAA,GAAb,aAAa;QACb,IAAS,CAAA,SAAA,GAAT,SAAS;QACT,IAAS,CAAA,SAAA,GAAT,SAAS;AAxCX,QAAA,IAAA,CAAA,gBAAgB,GAAG,IAAI,aAAa,CAAY,CAAC,CAAC;;AAGlD,QAAA,IAAA,CAAA,cAAc,GAAG,IAAI,OAAO,EAAQ;AAC5C;;AAEG;AACM,QAAA,IAAA,CAAA,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU;AAE/C;;;AAGG;AACM,QAAA,IAAA,CAAA,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,gBAAgB;AAE3D;;AAEG;AACM,QAAA,IAAA,CAAA,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK;AAErC;;AAEG;AACM,QAAA,IAAA,CAAA,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc;AAEvD;;AAEG;AACM,QAAA,IAAA,CAAA,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM;AAEvC;;;AAGG;AACM,QAAA,IAAA,CAAA,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,YAAY,EAAE;AAQvD,QAAA,MAAM,uBAAuB,GAAG,CAAC,UAAmB,KAClD,GAAG,CACD,MAAM,UAAU,EAChB,IAAI,CAAC,sBAAsB,EAAE,EAC7B,KAAK,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC,CAC7C;QAEH,IAAI,CAAC,oBAAoB;aACtB,IAAI,CACH,SAAS,CAAC,CAAC,UAAU,KACnB,uBAAuB,CAAC,UAAU,CAAC,CAAC,IAAI,CACtC,UAAU,CAAC,CAAC,KAAK,KAAI;YACnB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE;YACvC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,MAAM,CAAC,SAAS,IAAI,GAAG,CAAC;AACrD,YAAA,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;AAC9B,YAAA,OAAO,EAAE,CAAC,SAAS,CAAC;AACtB,SAAC,CAAC,CACH,CACF,EACD,GAAG,CAAC,MAAK;AACP,YAAA,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC;SACnC,CAAC,EACF,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC;AAE/B,aAAA,SAAS,EAAE;;AAGhB;;AAEG;IACH,WAAW,GAAA;;AAET,QAAA,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE;AAC1B,QAAA,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE;;AAGhC;;;;;;;;;;AAUG;AACH,IAAA,iBAAiB,CACf,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;;AAG1D;;;;;;;;;;;;;;;;;;;AAmBG;AACH,IAAA,0BAA0B,CACxB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;;AAGnE;;;;;;;;;;;;;;;;AAgBG;IACH,cAAc,CACZ,OAA2B,EAC3B,MAA2B,EAAA;AAE3B,QAAA,OAAO,IAAI,CACT,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,MAAK;AACzD,YAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;SACzB,CAAC,CACH;;AAGH;;;;;;;;;;;;;;AAcG;AACH,IAAA,MAAM,CAAC,OAAuB,EAAA;AAC5B,QAAA,OAAO,IAAI,CACT,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAK;YACzC,IAAI,OAAO,EAAE,OAAO,KAAK,KAAK,IAAI,OAAO,EAAE,OAAO,EAAE;AAClD,gBAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;;SAE3B,CAAC,CACH;;AAmBH;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BG;IACH,sBAAsB,CACpB,UAAmC,EAAE,EAAA;QAErC,OAAO,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAC9B,SAAS,CAAC,CAAC,MAAM,KACf,OAAO,CAAC,gBAAgB,KAAK;AAC3B,cAAE,MAAM,CAAC,gBAAgB,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE;AAChE,cAAE,MAAM,CAAC,gBAAgB,CAAC,OAAO,CAAC,CACrC,EACD,GAAG,CAAC,CAAC,KAAK,KAAI;YACZ,IAAI,KAAK,EAAE;gBACT,IAAI,CAAC,SAAS,CAAC,cAAc,CAC3B,OAAO,KAAK,KAAK,QAAQ,GAAG,KAAK,GAAG,KAAK,CAAC,YAAY,CACvD;;AAEL,SAAC,CAAC,EACF,UAAU,CAAC,CAAC,KAAK,KAAI;AACnB,YAAA,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;AAC9B,YAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;AACxB,YAAA,OAAO,UAAU,CAAC,KAAK,CAAC;SACzB,CAAC,CACH;;AAGH;;;;;;;;;;;AAWG;AACH,IAAA,uBAAuB,CACrB,OAAkC,EAAA;AAElC,QAAA,OAAO,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAC9B,SAAS,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,EACxD,GAAG,CAAC,CAAC,KAAK,KAAI;YACZ,IAAI,KAAK,EAAE;AACT,gBAAA,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,KAAK,CAAC;;AAExC,SAAC,CAAC,EACF,UAAU,CAAC,CAAC,KAAK,KAAI;AACnB,YAAA,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;AAC9B,YAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;AACxB,YAAA,OAAO,UAAU,CAAC,KAAK,CAAC;SACzB,CAAC,CACH;;AAGH;;;;;;;;;;;;;AAaG;AACH,IAAA,sBAAsB,CACpB,GAAY,EAAA;AAIZ,QAAA,OAAO,KAAK,CAAC,MACX,IAAI,CAAC,WAAW,CAAC,sBAAsB,CAAY,GAAG,CAAC,CACxD,CAAC,IAAI,CACJ,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EACzC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,KAAI;YAC1B,IAAI,CAAC,SAAS,EAAE;AACd,gBAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;;AAE1B,YAAA,MAAM,QAAQ,GAAG,MAAM,EAAE,QAAQ;AACjC,YAAA,MAAM,MAAM,GAAG,QAAQ,EAAE,MAAM,IAAI,GAAG;YAEtC,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;;AAGtC,YAAA,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,MAAM,CAAC;AACtC,SAAC,CAAC,EACF,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC,CAC1B;;AAGH;;;;;;;;;;AAUG;AACH,IAAA,YAAY,CAAC,EAAW,EAAA;QACtB,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;;AAGhD;;;;;;;;;;;AAWG;IACH,YAAY,CAAC,KAAa,EAAE,EAAW,EAAA;AACrC,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;;AAGvD;;;;;;;;;;;;;;;AAeG;AACH,IAAA,iBAAiB,CAAC,MAKjB,EAAA;QACC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;;AAGzD;;;;;;;;;;;AAWG;AACH,IAAA,aAAa,CACX,MAA+B,EAAA;QAE/B,OAAO,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC;;IAGvC,oBAAoB,GAAA;AAC1B,QAAA,OAAO,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAC7B,GAAG,CAAC,CAAC,MAAM,KAAI;AACb,YAAA,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC;AAChD,YAAA,QACE,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;AACtD,gBAAA,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;gBACzB,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,oBAAoB;SAEjD,CAAC,CACH;;AA9YQ,IAAA,SAAA,IAAA,CAAA,IAAA,GAAA,EAAA,CAAA,kBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,WAAW,kBAwCZ,kBAAkB,EAAA,EAAA,EAAA,KAAA,EAAAA,gBAAA,EAAA,EAAA,EAAA,KAAA,EAAAC,iBAAA,EAAA,EAAA,EAAA,KAAA,EAAAC,SAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;AAxCjB,IAAA,SAAA,IAAA,CAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,WAAW,cAFV,MAAM,EAAA,CAAA,CAAA;;4FAEP,WAAW,EAAA,UAAA,EAAA,CAAA;kBAHvB,UAAU;AAAC,YAAA,IAAA,EAAA,CAAA;AACV,oBAAA,UAAU,EAAE,MAAM;AACnB,iBAAA;;0BAyCI,MAAM;2BAAC,kBAAkB;;;MCzEjB,SAAS,CAAA;AACpB,IAAA,WAAA,CAAoB,IAAiB,EAAA;QAAjB,IAAI,CAAA,IAAA,GAAJ,IAAI;;IAExB,OAAO,CAAC,KAAY,EAAE,QAAsB,EAAA;AAC1C,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;;IAGjD,WAAW,CACT,IAA4B,EAC5B,KAA0B,EAAA;AAE1B,QAAA,OAAO,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC;;IAG9C,gBAAgB,CACd,UAAkC,EAClC,KAA0B,EAAA;AAE1B,QAAA,OAAO,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC;;AAGtC,IAAA,yBAAyB,CAC/B,KAA0B,EAAA;AAE1B,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CACpC,SAAS,CAAC,CAAC,QAAQ,KAAI;YACrB,IAAI,CAAC,QAAQ,EAAE;gBACb,OAAO,IAAI,CAAC;AACT,qBAAA,iBAAiB,CAAC;AACjB,oBAAA,QAAQ,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG,EAAE;iBAChC;qBACA,IAAI,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,CAAC;;AAE3B,YAAA,OAAO,EAAE,CAAC,IAAI,CAAC;SAChB,CAAC,CACH;;+GAnCQ,SAAS,EAAA,IAAA,EAAA,CAAA,EAAA,KAAA,EAAAC,WAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;AAAT,IAAA,SAAA,IAAA,CAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,SAAS,cAFR,MAAM,EAAA,CAAA,CAAA;;4FAEP,SAAS,EAAA,UAAA,EAAA,CAAA;kBAHrB,UAAU;AAAC,YAAA,IAAA,EAAA,CAAA;AACV,oBAAA,UAAU,EAAE,MAAM;AACnB,iBAAA;;;MCNY,UAAU,CAAA;AACrB;;;;;AAKG;IACH,OAAO,OAAO,CAAC,MAAmB,EAAA;QAChC,OAAO;AACL,YAAA,QAAQ,EAAE,UAAU;AACpB,YAAA,SAAS,EAAE;gBACT,WAAW;gBACX,SAAS;AACT,gBAAA;AACE,oBAAA,OAAO,EAAE,iBAAiB;AAC1B,oBAAA,QAAQ,EAAE,MAAM;AACjB,iBAAA;AACD,gBAAA;AACE,oBAAA,OAAO,EAAE,kBAAkB;oBAC3B,UAAU,EAAE,kBAAkB,CAAC,YAAY;oBAC3C,IAAI,EAAE,CAAC,gBAAgB,CAAC;AACzB,iBAAA;AACF,aAAA;SACF;;+GAvBQ,UAAU,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,QAAA,EAAA,CAAA,CAAA;gHAAV,UAAU,EAAA,CAAA,CAAA;gHAAV,UAAU,EAAA,CAAA,CAAA;;4FAAV,UAAU,EAAA,UAAA,EAAA,CAAA;kBADtB;;;ACgCD,MAAM,SAAS,GACb,CAAU,OAA4B,KACtC,CAAU,OAA4B,KACpC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;MAG7D,mBAAmB,CAAA;AAC9B,IAAA,WAAA,CACU,aAA+B,EACH,WAAwB,EACpD,SAAoB,EACpB,WAAwB,EAAA;QAHxB,IAAa,CAAA,aAAA,GAAb,aAAa;QACe,IAAW,CAAA,WAAA,GAAX,WAAW;QACvC,IAAS,CAAA,SAAA,GAAT,SAAS;QACT,IAAW,CAAA,WAAA,GAAX,WAAW;;IAGrB,SAAS,CACP,GAAqB,EACrB,IAAiB,EAAA;QAEjB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,WAAW,EAAE;AACxC,YAAA,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;;QAGzB,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAChD,MAAM,CAAC,CAAC,SAAS,KAAK,CAAC,SAAS,CAAC,CAClC;QAED,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAC7D,SAAS,CAAC,CAAC,KAAK,KACd,GAAG;;AAED,QAAA,MAAM,KAAK,KAAK,IAAI;;;AAGpB,QAAA,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CACZ,SAAS,CAAC,SAAS,CAAC,EACpB,KAAK,CAAC,cAAc,CAAC,EACrB,SAAS,CAA8C,CAAC,OAAO,KAC7D,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,IAAI,CACvC,UAAU,CAAC,CAAC,GAAG,KAAI;YACjB,IAAI,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE;AACnC,gBAAA,OAAO,EAAE,CAAC,EAAE,CAAC;;AAGf,YAAA,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC;AAC5B,YAAA,OAAO,UAAU,CAAC,GAAG,CAAC;SACvB,CAAC,CACH,CACF,EACD,SAAS,CAAC,CAAC,KAAa,KAAI;;YAE1B,MAAM,KAAK,GAAG;AACZ,kBAAE,GAAG,CAAC,KAAK,CAAC;AACR,oBAAA,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CACtB,eAAe,EACf,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAClB;iBACF;kBACD,GAAG;AAEP,YAAA,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;AAC3B,SAAC,CAAC,CACH;;;QAGD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CACjB,CACF,CACF;;AAGH;;;;;AAKG;AACK,IAAA,sBAAsB,CAC5B,OAAiC,EAAA;AAEjC,QAAA,OAAO,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAC9B,SAAS,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,EACvD,GAAG,CAAC,CAAC,eAAyD,KAAI;;YAEhE,IAAI,OAAO,eAAe,KAAK,QAAQ;AAAE,gBAAA,OAAO,eAAe;YAC/D,OAAO,eAAe,CAAC,YAAY;SACpC,CAAC,EACF,GAAG,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EACpD,UAAU,CAAC,CAAC,KAAK,KAAI;AACnB,YAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;AACxB,YAAA,OAAO,UAAU,CAAC,KAAK,CAAC;SACzB,CAAC,CACH;;AAGH;;;;AAIG;AACK,IAAA,cAAc,CAAC,GAAW,EAAA;QAChC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE;AACzB,YAAA,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;;QAGvC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE;AACzB,YAAA,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;;AAGvC,QAAA,OAAO,GAAG;;AAGZ;;;;;;AAMG;IACK,cAAc,CACpB,KAAyB,EACzB,OAAyB,EAAA;AAEzB,QAAA,MAAM,aAAa,GAAG,CAAC,KAAyB,KAAa;YAC3D,IAAI,CAAC,KAAK,EAAE;AACV,gBAAA,OAAO,KAAK;;YAGd,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC;AAEpD,YAAA,IAAI,KAAK,KAAK,WAAW,EAAE;AACzB,gBAAA,OAAO,IAAI;;;AAIb,YAAA,QACE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC;AACvC,gBAAA,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAE7D,SAAC;AAED,QAAA,IAAI,4BAA4B,CAAC,KAAK,CAAC,EAAE;AACvC,YAAA,IAAI,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,UAAU,KAAK,OAAO,CAAC,MAAM,EAAE;AAC3D,gBAAA,OAAO,KAAK;;;YAId,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE;AACnC,gBAAA,OAAO,CAAC,IAAI,CACV,+EAA+E,CAChF;;YAGH,OAAO,KAAK,CAAC;kBACT,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG;AAC9B,kBAAE,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC;;AAG9B,QAAA,OAAO,aAAa,CAAC,KAAK,CAAC;;AAG7B;;;;;;AAMG;IACK,iBAAiB,CACvB,OAAyB,EACzB,MAA6B,EAAA;AAE7B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAClC,KAAK,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,CAC5D;;IAGK,cAAc,CAAC,KAAgC,EAAE,GAAQ,EAAA;QAC/D,QACE,CAAC,CAAC,KAAK;YACP,4BAA4B,CAAC,KAAK,CAAC;YACnC,CAAC,CAAC,KAAK,CAAC,cAAc;AACtB,YAAA,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,uBAAuB,CAAC,CAAC,QAAQ,CACtE,GAAG,CAAC,KAAK,CACV;;AAlLM,IAAA,SAAA,IAAA,CAAA,IAAA,GAAA,EAAA,CAAA,kBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,mBAAmB,+CAGpB,kBAAkB,EAAA,EAAA,EAAA,KAAA,EAAAC,SAAA,EAAA,EAAA,EAAA,KAAA,EAAAC,WAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;mHAHjB,mBAAmB,EAAA,CAAA,CAAA;;4FAAnB,mBAAmB,EAAA,UAAA,EAAA,CAAA;kBAD/B;;0BAII,MAAM;2BAAC,kBAAkB;;;ACxC9B;;;;;;;;;;;;;;AAcG;AACG,SAAU,YAAY,CAAC,MAAmB,EAAA;IAC9C,OAAO;QACL,WAAW;QACX,mBAAmB;QACnB,SAAS;AACT,QAAA;AACE,YAAA,OAAO,EAAE,iBAAiB;AAC1B,YAAA,QAAQ,EAAE,MAAM;AACjB,SAAA;AACD,QAAA;AACE,YAAA,OAAO,EAAE,kBAAkB;YAC3B,UAAU,EAAE,kBAAkB,CAAC,YAAY;YAC3C,IAAI,EAAE,CAAC,gBAAgB,CAAC;AACzB,SAAA;KACF;AACH;;AC9BA;;;;;;;;AAQG;MACU,WAAW,GAAG,CACzB,KAA6B,EAC7B,KAA0B,KACvB,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK;AAE/C;;;;;;;;;AASG;AACU,MAAA,qBAAqB,GAAG,CACnC,GAAqB,EACrB,MAAqE,KAClE,MAAM,CAAC,mBAAmB,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE;;AClC1D;;AAEG;;ACFH;;AAEG;;;;"}
1
+ {"version":3,"file":"auth0-auth0-angular.mjs","sources":["../../../projects/auth0-angular/src/useragent.ts","../../../projects/auth0-angular/src/lib/auth.client.ts","../../../projects/auth0-angular/src/lib/auth.config.ts","../../../projects/auth0-angular/src/lib/abstract-navigator.ts","../../../projects/auth0-angular/src/lib/auth.state.ts","../../../projects/auth0-angular/src/lib/auth.service.ts","../../../projects/auth0-angular/src/lib/auth.guard.ts","../../../projects/auth0-angular/src/lib/auth.module.ts","../../../projects/auth0-angular/src/lib/auth.interceptor.ts","../../../projects/auth0-angular/src/lib/provide.ts","../../../projects/auth0-angular/src/lib/functional.ts","../../../projects/auth0-angular/src/public-api.ts","../../../projects/auth0-angular/src/auth0-auth0-angular.ts"],"sourcesContent":["export default { name: '@auth0/auth0-angular', version: '2.6.0' };\n","import { InjectionToken, VERSION } from '@angular/core';\nimport { Auth0Client } from '@auth0/auth0-spa-js';\nimport { AuthClientConfig } from './auth.config';\nimport useragent from '../useragent';\n\nexport class Auth0ClientFactory {\n static createClient(configFactory: AuthClientConfig): Auth0Client {\n const config = configFactory.get();\n\n if (!config) {\n throw new Error(\n 'Configuration must be specified either through AuthModule.forRoot or through AuthClientConfig.set'\n );\n }\n\n return new Auth0Client({\n ...config,\n auth0Client: {\n name: useragent.name,\n version: useragent.version,\n env: {\n 'angular/core': VERSION.full,\n },\n },\n });\n }\n}\n\nexport const Auth0ClientService = new InjectionToken<Auth0Client>(\n 'auth0.client'\n);\n","import {\n Auth0ClientOptions,\n CacheLocation,\n GetTokenSilentlyOptions,\n ICache,\n} from '@auth0/auth0-spa-js';\n\nimport { InjectionToken, Injectable, Optional, Inject } from '@angular/core';\n\n/**\n * Defines a common set of HTTP methods.\n */\nexport const enum HttpMethod {\n Get = 'GET',\n Post = 'POST',\n Put = 'PUT',\n Patch = 'PATCH',\n Delete = 'DELETE',\n Head = 'HEAD',\n}\n\n/**\n * Defines the type for a route config entry. Can either be:\n *\n * - an object of type HttpInterceptorRouteConfig\n * - a string\n */\nexport type ApiRouteDefinition = HttpInterceptorRouteConfig | string;\n\n/**\n * A custom type guard to help identify route definitions that are actually HttpInterceptorRouteConfig types.\n *\n * @param def The route definition type\n */\nexport function isHttpInterceptorRouteConfig(\n def: ApiRouteDefinition\n): def is HttpInterceptorRouteConfig {\n return typeof def !== 'string';\n}\n\n/**\n * Configuration for the HttpInterceptor\n */\nexport interface HttpInterceptorConfig {\n allowedList: ApiRouteDefinition[];\n}\n\n/**\n * Configuration for a single interceptor route\n */\nexport interface HttpInterceptorRouteConfig {\n /**\n * The URL to test, by supplying the URL to match.\n * If `test` is a match for the current request path from the HTTP client, then\n * an access token is attached to the request in the\n * [\"Authorization\" header](https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-20#section-2.1).\n *\n * If the test does not pass, the request proceeds without the access token attached.\n *\n * A wildcard character can be used to match only the start of the URL.\n *\n * @usagenotes\n *\n * '/api' - exactly match the route /api\n * '/api/*' - match any route that starts with /api/\n */\n uri?: string;\n\n /**\n * A function that will be called with the HttpRequest.url value, allowing you to do\n * any kind of flexible matching.\n *\n * If this function returns true, then\n * an access token is attached to the request in the\n * [\"Authorization\" header](https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-20#section-2.1).\n *\n * If it returns false, the request proceeds without the access token attached.\n */\n uriMatcher?: (uri: string) => boolean;\n\n /**\n * The options that are passed to the SDK when retrieving the\n * access token to attach to the outgoing request.\n */\n tokenOptions?: GetTokenSilentlyOptions;\n\n /**\n * The HTTP method to match on. If specified, the HTTP method of\n * the outgoing request will be checked against this. If there is no match, the\n * Authorization header is not attached.\n *\n * The HTTP method name is case-sensitive.\n */\n httpMethod?: HttpMethod | string;\n\n /**\n * Allow the HTTP call to be executed anonymously, when no token is available.\n *\n * When omitted (or set to false), calls that match the configuration will fail when no token is available.\n */\n allowAnonymous?: boolean;\n}\n\n/**\n * Configuration for the authentication service\n */\nexport interface AuthConfig extends Auth0ClientOptions {\n /**\n * By default, if the page URL has code and state parameters, the SDK will assume they are for\n * an Auth0 application and attempt to exchange the code for a token.\n * In some cases the code might be for something else (e.g. another OAuth SDK). In these\n * instances you can instruct the client to ignore them by setting `skipRedirectCallback`.\n *\n * ```js\n * AuthModule.forRoot({\n * skipRedirectCallback: window.location.pathname === '/other-callback'\n * })\n * ```\n *\n * **Note**: In the above example, `/other-callback` is an existing route that will be called\n * by any other OAuth provider with a `code` (or `error` in case when something went wrong) and `state`.\n *\n */\n skipRedirectCallback?: boolean;\n\n /**\n * Configuration for the built-in Http Interceptor, used for\n * automatically attaching access tokens.\n */\n httpInterceptor?: HttpInterceptorConfig;\n\n /**\n * Path in your application to redirect to when the Authorization server\n * returns an error. Defaults to `/`\n */\n errorPath?: string;\n}\n\n/**\n * Angular specific state to be stored before redirect\n */\nexport interface AppState {\n /**\n * Target path the app gets routed to after\n * handling the callback from Auth0 (defaults to '/')\n */\n target?: string;\n\n /**\n * Any custom parameter to be stored in appState\n */\n [key: string]: any;\n}\n\n/**\n * Injection token for accessing configuration.\n *\n * @usageNotes\n *\n * Use the `Inject` decorator to access the configuration from a service or component:\n *\n * ```\n * class MyService(@Inject(AuthConfigService) config: AuthConfig) {}\n * ```\n */\nexport const AuthConfigService = new InjectionToken<AuthConfig>(\n 'auth0-angular.config'\n);\n\n/**\n * Gets and sets configuration for the internal Auth0 client. This can be\n * used to provide configuration outside of using AuthModule.forRoot, i.e. from\n * a factory provided by APP_INITIALIZER.\n *\n * @usage\n *\n * ```js\n * // app.module.ts\n * // ---------------------------\n * import { AuthModule, AuthClientConfig } from '@auth0/auth0-angular';\n *\n * // Provide an initializer function that returns a Promise\n * function configInitializer(\n * http: HttpClient,\n * config: AuthClientConfig\n * ) {\n * return () =>\n * http\n * .get('/config')\n * .toPromise()\n * .then((loadedConfig: any) => config.set(loadedConfig)); // Set the config that was loaded asynchronously here\n * }\n *\n * // Provide APP_INITIALIZER with this function. Note that there is no config passed to AuthModule.forRoot\n * imports: [\n * // other imports..\n *\n * HttpClientModule,\n * AuthModule.forRoot(), //<- don't pass any config here\n * ],\n * providers: [\n * {\n * provide: APP_INITIALIZER,\n * useFactory: configInitializer, // <- pass your initializer function here\n * deps: [HttpClient, AuthClientConfig],\n * multi: true,\n * },\n * ],\n * ```\n *\n */\n@Injectable({ providedIn: 'root' })\nexport class AuthClientConfig {\n private config?: AuthConfig;\n\n constructor(@Optional() @Inject(AuthConfigService) config?: AuthConfig) {\n if (config) {\n this.set(config);\n }\n }\n\n /**\n * Sets configuration to be read by other consumers of the service (see usage notes)\n *\n * @param config The configuration to set\n */\n set(config: AuthConfig): void {\n this.config = config;\n }\n\n /**\n * Gets the config that has been set by other consumers of the service\n */\n get(): AuthConfig {\n return this.config as AuthConfig;\n }\n}\n","import { Injectable, Injector } from '@angular/core';\nimport { Router } from '@angular/router';\nimport { Location } from '@angular/common';\n\n@Injectable({\n providedIn: 'root',\n})\nexport class AbstractNavigator {\n private readonly router?: Router;\n\n constructor(private location: Location, injector: Injector) {\n try {\n this.router = injector.get(Router);\n } catch {}\n }\n\n /**\n * Navigates to the specified url. The router will be used if one is available, otherwise it falls back\n * to `window.history.replaceState`.\n *\n * @param url The url to navigate to\n */\n navigateByUrl(url: string): void {\n if (this.router) {\n this.router.navigateByUrl(url);\n\n return;\n }\n\n this.location.replaceState(url);\n }\n}\n","import { Inject, Injectable } from '@angular/core';\nimport { Auth0Client } from '@auth0/auth0-spa-js';\nimport {\n BehaviorSubject,\n defer,\n merge,\n of,\n ReplaySubject,\n Subject,\n} from 'rxjs';\nimport {\n concatMap,\n distinctUntilChanged,\n filter,\n mergeMap,\n scan,\n shareReplay,\n switchMap,\n} from 'rxjs/operators';\nimport { Auth0ClientService } from './auth.client';\n\n/**\n * Tracks the Authentication State for the SDK\n */\n@Injectable({ providedIn: 'root' })\nexport class AuthState {\n private isLoadingSubject$ = new BehaviorSubject<boolean>(true);\n private refresh$ = new Subject<void>();\n private accessToken$ = new ReplaySubject<string>(1);\n private errorSubject$ = new ReplaySubject<Error>(1);\n\n /**\n * Emits boolean values indicating the loading state of the SDK.\n */\n public readonly isLoading$ = this.isLoadingSubject$.asObservable();\n\n /**\n * Trigger used to pull User information from the Auth0Client.\n * Triggers when the access token has changed.\n */\n private accessTokenTrigger$ = this.accessToken$.pipe(\n scan(\n (\n acc: { current: string | null; previous: string | null },\n current: string | null\n ) => ({\n previous: acc.current,\n current,\n }),\n { current: null, previous: null }\n ),\n filter(({ previous, current }) => previous !== current)\n );\n\n /**\n * Trigger used to pull User information from the Auth0Client.\n * Triggers when an event occurs that needs to retrigger the User Profile information.\n * Events: Login, Access Token change and Logout\n */\n private readonly isAuthenticatedTrigger$ = this.isLoading$.pipe(\n filter((loading) => !loading),\n distinctUntilChanged(),\n switchMap(() =>\n // To track the value of isAuthenticated over time, we need to merge:\n // - the current value\n // - the value whenever the access token changes. (this should always be true of there is an access token\n // but it is safer to pass this through this.auth0Client.isAuthenticated() nevertheless)\n // - the value whenever refreshState$ emits\n merge(\n defer(() => this.auth0Client.isAuthenticated()),\n this.accessTokenTrigger$.pipe(\n mergeMap(() => this.auth0Client.isAuthenticated())\n ),\n this.refresh$.pipe(mergeMap(() => this.auth0Client.isAuthenticated()))\n )\n )\n );\n\n /**\n * Emits boolean values indicating the authentication state of the user. If `true`, it means a user has authenticated.\n * This depends on the value of `isLoading$`, so there is no need to manually check the loading state of the SDK.\n */\n readonly isAuthenticated$ = this.isAuthenticatedTrigger$.pipe(\n distinctUntilChanged(),\n shareReplay(1)\n );\n\n /**\n * Emits details about the authenticated user, or null if not authenticated.\n */\n readonly user$ = this.isAuthenticatedTrigger$.pipe(\n concatMap((authenticated) =>\n authenticated ? this.auth0Client.getUser() : of(null)\n ),\n distinctUntilChanged()\n );\n\n /**\n * Emits ID token claims when authenticated, or null if not authenticated.\n */\n readonly idTokenClaims$ = this.isAuthenticatedTrigger$.pipe(\n concatMap((authenticated) =>\n authenticated ? this.auth0Client.getIdTokenClaims() : of(null)\n )\n );\n\n /**\n * Emits errors that occur during login, or when checking for an active session on startup.\n */\n public readonly error$ = this.errorSubject$.asObservable();\n\n constructor(@Inject(Auth0ClientService) private auth0Client: Auth0Client) {}\n\n /**\n * Update the isLoading state using the provided value\n *\n * @param isLoading The new value for isLoading\n */\n public setIsLoading(isLoading: boolean): void {\n this.isLoadingSubject$.next(isLoading);\n }\n\n /**\n * Refresh the state to ensure the `isAuthenticated`, `user$` and `idTokenClaims$`\n * reflect the most up-to-date values from Auth0Client.\n */\n public refresh(): void {\n this.refresh$.next();\n }\n\n /**\n * Update the access token, doing so will also refresh the state.\n *\n * @param accessToken The new Access Token\n */\n public setAccessToken(accessToken: string): void {\n this.accessToken$.next(accessToken);\n }\n\n /**\n * Emits the error in the `error$` observable.\n *\n * @param error The new error\n */\n public setError(error: any): void {\n this.errorSubject$.next(error);\n }\n}\n","import { Injectable, Inject, OnDestroy } from '@angular/core';\n\nimport {\n Auth0Client,\n PopupLoginOptions,\n PopupConfigOptions,\n GetTokenSilentlyOptions,\n GetTokenWithPopupOptions,\n RedirectLoginResult,\n GetTokenSilentlyVerboseResponse,\n ConnectAccountRedirectResult,\n RedirectConnectAccountOptions,\n CustomFetchMinimalOutput,\n Fetcher,\n FetcherConfig,\n CustomTokenExchangeOptions,\n TokenEndpointResponse,\n} from '@auth0/auth0-spa-js';\n\nimport {\n of,\n from,\n Subject,\n Observable,\n iif,\n defer,\n ReplaySubject,\n throwError,\n} from 'rxjs';\n\nimport {\n concatMap,\n tap,\n map,\n takeUntil,\n catchError,\n switchMap,\n withLatestFrom,\n} from 'rxjs/operators';\n\nimport { Auth0ClientService } from './auth.client';\nimport { AbstractNavigator } from './abstract-navigator';\nimport { AuthClientConfig, AppState } from './auth.config';\nimport { AuthState } from './auth.state';\nimport { LogoutOptions, RedirectLoginOptions } from './interfaces';\n\n@Injectable({\n providedIn: 'root',\n})\nexport class AuthService<TAppState extends AppState = AppState>\n implements OnDestroy\n{\n private appStateSubject$ = new ReplaySubject<TAppState>(1);\n\n // https://stackoverflow.com/a/41177163\n private ngUnsubscribe$ = new Subject<void>();\n /**\n * Emits boolean values indicating the loading state of the SDK.\n */\n readonly isLoading$ = this.authState.isLoading$;\n\n /**\n * Emits boolean values indicating the authentication state of the user. If `true`, it means a user has authenticated.\n * This depends on the value of `isLoading$`, so there is no need to manually check the loading state of the SDK.\n */\n readonly isAuthenticated$ = this.authState.isAuthenticated$;\n\n /**\n * Emits details about the authenticated user, or null if not authenticated.\n */\n readonly user$ = this.authState.user$;\n\n /**\n * Emits ID token claims when authenticated, or null if not authenticated.\n */\n readonly idTokenClaims$ = this.authState.idTokenClaims$;\n\n /**\n * Emits errors that occur during login, or when checking for an active session on startup.\n */\n readonly error$ = this.authState.error$;\n\n /**\n * Emits the value (if any) that was passed to the `loginWithRedirect` method call\n * but only **after** `handleRedirectCallback` is first called\n */\n readonly appState$ = this.appStateSubject$.asObservable();\n\n constructor(\n @Inject(Auth0ClientService) private auth0Client: Auth0Client,\n private configFactory: AuthClientConfig,\n private navigator: AbstractNavigator,\n private authState: AuthState\n ) {\n const checkSessionOrCallback$ = (isCallback: boolean) =>\n iif(\n () => isCallback,\n this.handleRedirectCallback(),\n defer(() => this.auth0Client.checkSession())\n );\n\n this.shouldHandleCallback()\n .pipe(\n switchMap((isCallback) =>\n checkSessionOrCallback$(isCallback).pipe(\n catchError((error) => {\n const config = this.configFactory.get();\n this.navigator.navigateByUrl(config.errorPath || '/');\n this.authState.setError(error);\n return of(undefined);\n })\n )\n ),\n tap(() => {\n this.authState.setIsLoading(false);\n }),\n takeUntil(this.ngUnsubscribe$)\n )\n .subscribe();\n }\n\n /**\n * Called when the service is destroyed\n */\n ngOnDestroy(): void {\n // https://stackoverflow.com/a/41177163\n this.ngUnsubscribe$.next();\n this.ngUnsubscribe$.complete();\n }\n\n /**\n * ```js\n * loginWithRedirect(options);\n * ```\n *\n * Performs a redirect to `/authorize` using the parameters\n * provided as arguments. Random and secure `state` and `nonce`\n * parameters will be auto-generated.\n *\n * @param options The login options\n */\n loginWithRedirect(\n options?: RedirectLoginOptions<TAppState>\n ): Observable<void> {\n return from(this.auth0Client.loginWithRedirect(options));\n }\n\n /**\n * ```js\n * connectAccountWithRedirect({\n * connection: 'google-oauth2',\n * scopes: ['openid', 'profile', 'email', 'https://www.googleapis.com/auth/drive.readonly'],\n * authorization_params: {\n * // additional authorization params to forward to the authorization server\n * }\n * });\n * ```\n *\n * Redirects to the `/connect` URL using the parameters\n * provided as arguments. This then redirects to the connection's login page\n * where the user can authenticate and authorize the account to be connected.\n *\n * If connecting the account is successful, `handleRedirectCallback` will be called\n * with the details of the connected account.\n *\n * @param options The connect account options\n */\n connectAccountWithRedirect(\n options: RedirectConnectAccountOptions<TAppState>\n ): Observable<void> {\n return from(this.auth0Client.connectAccountWithRedirect(options));\n }\n\n /**\n * ```js\n * await loginWithPopup(options);\n * ```\n *\n * Opens a popup with the `/authorize` URL using the parameters\n * provided as arguments. Random and secure `state` and `nonce`\n * parameters will be auto-generated. If the response is successful,\n * results will be valid according to their expiration times.\n *\n * IMPORTANT: This method has to be called from an event handler\n * that was started by the user like a button click, for example,\n * otherwise the popup will be blocked in most browsers.\n *\n * @param options The login options\n * @param config Configuration for the popup window\n */\n loginWithPopup(\n options?: PopupLoginOptions,\n config?: PopupConfigOptions\n ): Observable<void> {\n return from(\n this.auth0Client.loginWithPopup(options, config).then(() => {\n this.authState.refresh();\n })\n );\n }\n\n /**\n * ```js\n * logout();\n * ```\n *\n * Clears the application session and performs a redirect to `/v2/logout`, using\n * the parameters provided as arguments, to clear the Auth0 session.\n * If the `federated` option is specified it also clears the Identity Provider session.\n * If the `openUrl` option is set to false, it only clears the application session.\n * It is invalid to set both the `federated` to true and `openUrl` to `false`,\n * and an error will be thrown if you do.\n * [Read more about how Logout works at Auth0](https://auth0.com/docs/logout).\n *\n * @param options The logout options\n */\n logout(options?: LogoutOptions): Observable<void> {\n return from(\n this.auth0Client.logout(options).then(() => {\n if (options?.openUrl === false || options?.openUrl) {\n this.authState.refresh();\n }\n })\n );\n }\n\n /**\n * Fetches a new access token and returns the response from the /oauth/token endpoint, omitting the refresh token.\n *\n * @param options The options for configuring the token fetch.\n */\n getAccessTokenSilently(\n options: GetTokenSilentlyOptions & { detailedResponse: true }\n ): Observable<GetTokenSilentlyVerboseResponse>;\n\n /**\n * Fetches a new access token and returns it.\n *\n * @param options The options for configuring the token fetch.\n */\n getAccessTokenSilently(options?: GetTokenSilentlyOptions): Observable<string>;\n\n /**\n * ```js\n * getAccessTokenSilently(options).subscribe(token => ...)\n * ```\n *\n * If there's a valid token stored, return it. Otherwise, opens an\n * iframe with the `/authorize` URL using the parameters provided\n * as arguments. Random and secure `state` and `nonce` parameters\n * will be auto-generated. If the response is successful, results\n * will be valid according to their expiration times.\n *\n * If refresh tokens are used, the token endpoint is called directly with the\n * 'refresh_token' grant. If no refresh token is available to make this call,\n * the SDK falls back to using an iframe to the '/authorize' URL.\n *\n * This method may use a web worker to perform the token call if the in-memory\n * cache is used.\n *\n * If an `audience` value is given to this function, the SDK always falls\n * back to using an iframe to make the token exchange.\n *\n * Note that in all cases, falling back to an iframe requires access to\n * the `auth0` cookie, and thus will not work in browsers that block third-party\n * cookies by default (Safari, Brave, etc).\n *\n * @param options The options for configuring the token fetch.\n */\n getAccessTokenSilently(\n options: GetTokenSilentlyOptions = {}\n ): Observable<string | GetTokenSilentlyVerboseResponse> {\n return of(this.auth0Client).pipe(\n concatMap((client) =>\n options.detailedResponse === true\n ? client.getTokenSilently({ ...options, detailedResponse: true })\n : client.getTokenSilently(options)\n ),\n tap((token) => {\n if (token) {\n this.authState.setAccessToken(\n typeof token === 'string' ? token : token.access_token\n );\n }\n }),\n catchError((error) => {\n this.authState.setError(error);\n this.authState.refresh();\n return throwError(error);\n })\n );\n }\n\n /**\n * ```js\n * getTokenWithPopup(options).subscribe(token => ...)\n * ```\n *\n * Get an access token interactively.\n *\n * Opens a popup with the `/authorize` URL using the parameters\n * provided as arguments. Random and secure `state` and `nonce`\n * parameters will be auto-generated. If the response is successful,\n * results will be valid according to their expiration times.\n */\n getAccessTokenWithPopup(\n options?: GetTokenWithPopupOptions\n ): Observable<string | undefined> {\n return of(this.auth0Client).pipe(\n concatMap((client) => client.getTokenWithPopup(options)),\n tap((token) => {\n if (token) {\n this.authState.setAccessToken(token);\n }\n }),\n catchError((error) => {\n this.authState.setError(error);\n this.authState.refresh();\n return throwError(error);\n })\n );\n }\n\n /**\n * ```js\n * loginWithCustomTokenExchange(options).subscribe(tokenResponse => ...)\n * ```\n *\n * Exchanges an external subject token for Auth0 tokens and establishes an authenticated session.\n *\n * This method implements the token exchange grant as specified in RFC 8693.\n * It performs a token exchange by sending a request to the `/oauth/token` endpoint\n * with the external token and returns Auth0 tokens (access token, ID token, etc.).\n *\n * The request includes the following parameters:\n * - `grant_type`: Hard-coded to \"urn:ietf:params:oauth:grant-type:token-exchange\"\n * - `subject_token`: The external token to be exchanged\n * - `subject_token_type`: A namespaced URI identifying the token type (must be under your organization's control)\n * - `audience`: The target audience (falls back to the SDK's default audience if not provided)\n * - `scope`: Space-separated list of scopes (merged with the SDK's default scopes)\n *\n * After a successful token exchange, this method updates the authentication state\n * to ensure consistency with the standard authentication flows.\n *\n * @param options The options required to perform the token exchange\n * @returns An Observable that emits the token endpoint response containing Auth0 tokens\n */\n loginWithCustomTokenExchange(\n options: CustomTokenExchangeOptions\n ): Observable<TokenEndpointResponse> {\n return of(this.auth0Client).pipe(\n concatMap((client) => client.loginWithCustomTokenExchange(options)),\n tap((tokenResponse) => {\n if (tokenResponse.access_token) {\n this.authState.setAccessToken(tokenResponse.access_token);\n }\n }),\n catchError((error) => {\n this.authState.setError(error);\n this.authState.refresh();\n return throwError(error);\n })\n );\n }\n\n /**\n * ```js\n * handleRedirectCallback(url).subscribe(result => ...)\n * ```\n *\n * After the browser redirects back to the callback page,\n * call `handleRedirectCallback` to handle success and error\n * responses from Auth0. If the response is successful, results\n * will be valid according to their expiration times.\n *\n * Calling this method also refreshes the authentication and user states.\n *\n * @param url The URL to that should be used to retrieve the `state` and `code` values. Defaults to `window.location.href` if not given.\n */\n handleRedirectCallback(\n url?: string\n ): Observable<\n RedirectLoginResult<TAppState> | ConnectAccountRedirectResult<TAppState>\n > {\n return defer(() =>\n this.auth0Client.handleRedirectCallback<TAppState>(url)\n ).pipe(\n withLatestFrom(this.authState.isLoading$),\n tap(([result, isLoading]) => {\n if (!isLoading) {\n this.authState.refresh();\n }\n const appState = result?.appState;\n const target = appState?.target ?? '/';\n\n if (appState) {\n this.appStateSubject$.next(appState);\n }\n\n this.navigator.navigateByUrl(target);\n }),\n map(([result]) => result)\n );\n }\n\n /**\n * ```js\n * getDpopNonce(id).subscribe(nonce => ...)\n * ```\n *\n * Gets the DPoP nonce for the specified domain or the default domain.\n * The nonce is used in DPoP proof generation for token binding.\n *\n * @param id Optional identifier for the domain. If not provided, uses the default domain.\n * @returns An Observable that emits the DPoP nonce string or undefined if not available.\n */\n getDpopNonce(id?: string): Observable<string | undefined> {\n return from(this.auth0Client.getDpopNonce(id));\n }\n\n /**\n * ```js\n * setDpopNonce(nonce, id).subscribe(() => ...)\n * ```\n *\n * Sets the DPoP nonce for the specified domain or the default domain.\n * This is typically used after receiving a new nonce from the authorization server.\n *\n * @param nonce The DPoP nonce value to set.\n * @param id Optional identifier for the domain. If not provided, uses the default domain.\n * @returns An Observable that completes when the nonce is set.\n */\n setDpopNonce(nonce: string, id?: string): Observable<void> {\n return from(this.auth0Client.setDpopNonce(nonce, id));\n }\n\n /**\n * ```js\n * generateDpopProof(params).subscribe(proof => ...)\n * ```\n *\n * Generates a DPoP (Demonstrating Proof-of-Possession) proof JWT.\n * This proof is used to bind access tokens to a specific client, providing\n * an additional layer of security for token usage.\n *\n * @param params Configuration for generating the DPoP proof\n * @param params.url The URL of the resource server endpoint\n * @param params.method The HTTP method (e.g., 'GET', 'POST')\n * @param params.nonce Optional DPoP nonce from the authorization server\n * @param params.accessToken The access token to bind to the proof\n * @returns An Observable that emits the generated DPoP proof as a JWT string.\n */\n generateDpopProof(params: {\n url: string;\n method: string;\n nonce?: string;\n accessToken: string;\n }): Observable<string> {\n return from(this.auth0Client.generateDpopProof(params));\n }\n\n /**\n * ```js\n * const fetcher = createFetcher(config);\n * ```\n *\n * Creates a custom fetcher instance that can be used to make authenticated\n * HTTP requests. The fetcher automatically handles token refresh and can\n * be configured with custom request/response handling.\n *\n * @param config Optional configuration for the fetcher\n * @returns A Fetcher instance configured with the Auth0 client.\n */\n createFetcher<TOutput extends CustomFetchMinimalOutput = Response>(\n config?: FetcherConfig<TOutput>\n ): Fetcher<TOutput> {\n return this.auth0Client.createFetcher(config);\n }\n\n private shouldHandleCallback(): Observable<boolean> {\n return of(location.search).pipe(\n map((search) => {\n const searchParams = new URLSearchParams(search);\n return (\n (searchParams.has('code') || searchParams.has('error')) &&\n searchParams.has('state') &&\n !this.configFactory.get().skipRedirectCallback\n );\n })\n );\n }\n}\n","import { Injectable } from '@angular/core';\nimport {\n ActivatedRouteSnapshot,\n RouterStateSnapshot,\n Route,\n UrlSegment,\n} from '@angular/router';\nimport { Observable, of } from 'rxjs';\nimport { take, switchMap, map } from 'rxjs/operators';\nimport { AuthService } from './auth.service';\n\n@Injectable({\n providedIn: 'root',\n})\nexport class AuthGuard {\n constructor(private auth: AuthService) {}\n\n canLoad(route: Route, segments: UrlSegment[]): Observable<boolean> {\n return this.auth.isAuthenticated$.pipe(take(1));\n }\n\n canActivate(\n next: ActivatedRouteSnapshot,\n state: RouterStateSnapshot\n ): Observable<boolean> {\n return this.redirectIfUnauthenticated(state);\n }\n\n canActivateChild(\n childRoute: ActivatedRouteSnapshot,\n state: RouterStateSnapshot\n ): Observable<boolean> {\n return this.redirectIfUnauthenticated(state);\n }\n\n private redirectIfUnauthenticated(\n state: RouterStateSnapshot\n ): Observable<boolean> {\n return this.auth.isAuthenticated$.pipe(\n switchMap((loggedIn) => {\n if (!loggedIn) {\n return this.auth\n .loginWithRedirect({\n appState: { target: state.url },\n })\n .pipe(map(() => false));\n }\n return of(true);\n })\n );\n }\n}\n","import { NgModule, ModuleWithProviders } from '@angular/core';\nimport { AuthService } from './auth.service';\nimport { AuthConfig, AuthConfigService, AuthClientConfig } from './auth.config';\nimport { Auth0ClientService, Auth0ClientFactory } from './auth.client';\nimport { AuthGuard } from './auth.guard';\n\n@NgModule()\nexport class AuthModule {\n /**\n * Initialize the authentication module system. Configuration can either be specified here,\n * or by calling AuthClientConfig.set (perhaps from an APP_INITIALIZER factory function).\n *\n * @param config The optional configuration for the SDK.\n */\n static forRoot(config?: AuthConfig): ModuleWithProviders<AuthModule> {\n return {\n ngModule: AuthModule,\n providers: [\n AuthService,\n AuthGuard,\n {\n provide: AuthConfigService,\n useValue: config,\n },\n {\n provide: Auth0ClientService,\n useFactory: Auth0ClientFactory.createClient,\n deps: [AuthClientConfig],\n },\n ],\n };\n }\n}\n","import {\n HttpInterceptor,\n HttpRequest,\n HttpHandler,\n HttpEvent,\n} from '@angular/common/http';\n\nimport { Observable, from, of, iif, throwError } from 'rxjs';\nimport { Inject, Injectable } from '@angular/core';\n\nimport {\n ApiRouteDefinition,\n isHttpInterceptorRouteConfig,\n AuthClientConfig,\n HttpInterceptorConfig,\n} from './auth.config';\n\nimport {\n switchMap,\n first,\n concatMap,\n catchError,\n tap,\n filter,\n mergeMap,\n mapTo,\n pluck,\n map,\n} from 'rxjs/operators';\nimport {\n Auth0Client,\n GetTokenSilentlyOptions,\n GetTokenSilentlyVerboseResponse,\n} from '@auth0/auth0-spa-js';\nimport { Auth0ClientService } from './auth.client';\nimport { AuthState } from './auth.state';\nimport { AuthService } from './auth.service';\n\nconst waitUntil =\n <TSignal>(signal$: Observable<TSignal>) =>\n <TSource>(source$: Observable<TSource>) =>\n source$.pipe(mergeMap((value) => signal$.pipe(first(), mapTo(value))));\n\n@Injectable()\nexport class AuthHttpInterceptor implements HttpInterceptor {\n constructor(\n private configFactory: AuthClientConfig,\n @Inject(Auth0ClientService) private auth0Client: Auth0Client,\n private authState: AuthState,\n private authService: AuthService\n ) {}\n\n intercept(\n req: HttpRequest<any>,\n next: HttpHandler\n ): Observable<HttpEvent<any>> {\n const config = this.configFactory.get();\n if (!config.httpInterceptor?.allowedList) {\n return next.handle(req);\n }\n\n const isLoaded$ = this.authService.isLoading$.pipe(\n filter((isLoading) => !isLoading)\n );\n\n return this.findMatchingRoute(req, config.httpInterceptor).pipe(\n concatMap((route) =>\n iif(\n // Check if a route was matched\n () => route !== null,\n // If we have a matching route, call getTokenSilently and attach the token to the\n // outgoing request\n of(route).pipe(\n waitUntil(isLoaded$),\n pluck('tokenOptions'),\n concatMap<GetTokenSilentlyOptions, Observable<string>>((options) =>\n this.getAccessTokenSilently(options).pipe(\n catchError((err) => {\n if (this.allowAnonymous(route, err)) {\n return of('');\n }\n\n this.authState.setError(err);\n return throwError(err);\n })\n )\n ),\n switchMap((token: string) => {\n // Clone the request and attach the bearer token\n const clone = token\n ? req.clone({\n headers: req.headers.set(\n 'Authorization',\n `Bearer ${token}`\n ),\n })\n : req;\n\n return next.handle(clone);\n })\n ),\n // If the URI being called was not found in our httpInterceptor config, simply\n // pass the request through without attaching a token\n next.handle(req)\n )\n )\n );\n }\n\n /**\n * Duplicate of AuthService.getAccessTokenSilently, but with a slightly different error handling.\n * Only used internally in the interceptor.\n *\n * @param options The options for configuring the token fetch.\n */\n private getAccessTokenSilently(\n options?: GetTokenSilentlyOptions\n ): Observable<string> {\n return of(this.auth0Client).pipe(\n concatMap((client) => client.getTokenSilently(options)),\n map((tokenOrResponse: string | GetTokenSilentlyVerboseResponse) => {\n // Extract access_token from detailed response when detailedResponse: true\n if (typeof tokenOrResponse === 'string') return tokenOrResponse;\n return tokenOrResponse.access_token;\n }),\n tap((token) => this.authState.setAccessToken(token)),\n catchError((error) => {\n this.authState.refresh();\n return throwError(error);\n })\n );\n }\n\n /**\n * Strips the query and fragment from the given uri\n *\n * @param uri The uri to remove the query and fragment from\n */\n private stripQueryFrom(uri: string): string {\n if (uri.indexOf('?') > -1) {\n uri = uri.substr(0, uri.indexOf('?'));\n }\n\n if (uri.indexOf('#') > -1) {\n uri = uri.substr(0, uri.indexOf('#'));\n }\n\n return uri;\n }\n\n /**\n * Determines whether the specified route can have an access token attached to it, based on matching the HTTP request against\n * the interceptor route configuration.\n *\n * @param route The route to test\n * @param request The HTTP request\n */\n private canAttachToken(\n route: ApiRouteDefinition,\n request: HttpRequest<any>\n ): boolean {\n const testPrimitive = (value: string | undefined): boolean => {\n if (!value) {\n return false;\n }\n\n const requestPath = this.stripQueryFrom(request.url);\n\n if (value === requestPath) {\n return true;\n }\n\n // If the URL ends with an asterisk, match using startsWith.\n return (\n value.indexOf('*') === value.length - 1 &&\n request.url.startsWith(value.substr(0, value.length - 1))\n );\n };\n\n if (isHttpInterceptorRouteConfig(route)) {\n if (route.httpMethod && route.httpMethod !== request.method) {\n return false;\n }\n\n /* istanbul ignore if */\n if (!route.uri && !route.uriMatcher) {\n console.warn(\n 'Either a uri or uriMatcher is required when configuring the HTTP interceptor.'\n );\n }\n\n return route.uriMatcher\n ? route.uriMatcher(request.url)\n : testPrimitive(route.uri);\n }\n\n return testPrimitive(route);\n }\n\n /**\n * Tries to match a route from the SDK configuration to the HTTP request.\n * If a match is found, the route configuration is returned.\n *\n * @param request The Http request\n * @param config HttpInterceptorConfig\n */\n private findMatchingRoute(\n request: HttpRequest<any>,\n config: HttpInterceptorConfig\n ): Observable<ApiRouteDefinition | null> {\n return from(config.allowedList).pipe(\n first((route) => this.canAttachToken(route, request), null)\n );\n }\n\n private allowAnonymous(route: ApiRouteDefinition | null, err: any): boolean {\n return (\n !!route &&\n isHttpInterceptorRouteConfig(route) &&\n !!route.allowAnonymous &&\n ['login_required', 'consent_required', 'missing_refresh_token'].includes(\n err.error\n )\n );\n }\n}\n","import { EnvironmentProviders, makeEnvironmentProviders } from '@angular/core';\nimport { Auth0ClientService, Auth0ClientFactory } from './auth.client';\nimport { AuthConfig, AuthConfigService, AuthClientConfig } from './auth.config';\nimport { AuthGuard } from './auth.guard';\nimport { AuthHttpInterceptor } from './auth.interceptor';\nimport { AuthService } from './auth.service';\n\n/**\n * Initialize the authentication system. Configuration can either be specified here,\n * or by calling AuthClientConfig.set (perhaps from an APP_INITIALIZER factory function).\n *\n * Note: Should only be used as of Angular 15. This function returns `EnvironmentProviders`\n * which ensures it can only be used at the application/environment level and cannot be\n * added to a component's providers array (this will result in a compile-time error).\n *\n * @param config The optional configuration for the SDK.\n *\n * @example\n * bootstrapApplication(AppComponent, {\n * providers: [\n * provideAuth0(),\n * ],\n * });\n */\nexport function provideAuth0(config?: AuthConfig): EnvironmentProviders {\n return makeEnvironmentProviders([\n AuthService,\n AuthHttpInterceptor,\n AuthGuard,\n {\n provide: AuthConfigService,\n useValue: config,\n },\n {\n provide: Auth0ClientService,\n useFactory: Auth0ClientFactory.createClient,\n deps: [AuthClientConfig],\n },\n ]);\n}\n","import { HttpEvent, HttpRequest } from '@angular/common/http';\nimport { inject } from '@angular/core';\nimport { ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router';\nimport { Observable } from 'rxjs';\nimport { AuthGuard } from './auth.guard';\nimport { AuthHttpInterceptor } from './auth.interceptor';\n\n/**\n * Functional AuthGuard to ensure routes can only be accessed when authenticated.\n *\n * Note: Should only be used as of Angular 15\n *\n * @param route Contains the information about a route associated with a component loaded in an outlet at a particular moment in time.\n * @param state Represents the state of the router at a moment in time.\n * @returns An Observable, indicating if the route can be accessed or not\n */\nexport const authGuardFn = (\n route: ActivatedRouteSnapshot,\n state: RouterStateSnapshot\n) => inject(AuthGuard).canActivate(route, state);\n\n/**\n * Functional AuthHttpInterceptor to include the access token in matching requests.\n *\n * Note: Should only be used as of Angular 15\n *\n * @param req An outgoing HTTP request with an optional typed body.\n * @param handle Represents the next interceptor in an interceptor chain, or the real backend if there are no\n * further interceptors.\n * @returns An Observable representing the intercepted HttpRequest\n */\nexport const authHttpInterceptorFn = (\n req: HttpRequest<any>,\n handle: (req: HttpRequest<unknown>) => Observable<HttpEvent<unknown>>\n) => inject(AuthHttpInterceptor).intercept(req, { handle });\n","/*\n * Public API Surface of auth0-angular\n */\n\nexport * from './lib/auth.service';\nexport * from './lib/auth.module';\nexport * from './lib/auth.guard';\nexport * from './lib/auth.interceptor';\nexport * from './lib/auth.config';\nexport * from './lib/auth.client';\nexport * from './lib/auth.state';\nexport * from './lib/interfaces';\nexport * from './lib/provide';\nexport * from './lib/functional';\nexport * from './lib/abstract-navigator';\n\nexport {\n AuthorizationParams,\n PopupLoginOptions,\n PopupConfigOptions,\n GetTokenWithPopupOptions,\n GetTokenSilentlyOptions,\n RedirectConnectAccountOptions,\n ICache,\n Cacheable,\n LocalStorageCache,\n InMemoryCache,\n IdToken,\n User,\n GenericError,\n TimeoutError,\n MfaRequiredError,\n PopupTimeoutError,\n AuthenticationError,\n PopupCancelledError,\n MissingRefreshTokenError,\n Fetcher,\n FetcherConfig,\n CustomFetchMinimalOutput,\n UseDpopNonceError,\n CustomTokenExchangeOptions,\n TokenEndpointResponse,\n} from '@auth0/auth0-spa-js';\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './public-api';\n"],"names":["i1.AuthClientConfig","i2.AbstractNavigator","i3.AuthState","i1.AuthService","i2.AuthState","i3.AuthService"],"mappings":";;;;;;;;;;AAAA,gBAAe,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,OAAO,EAAE;;MCKpD,kBAAkB,CAAA;IAC7B,OAAO,YAAY,CAAC,aAA+B,EAAA;AACjD,QAAA,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,EAAE;QAElC,IAAI,CAAC,MAAM,EAAE;AACX,YAAA,MAAM,IAAI,KAAK,CACb,mGAAmG,CACpG;;QAGH,OAAO,IAAI,WAAW,CAAC;AACrB,YAAA,GAAG,MAAM;AACT,YAAA,WAAW,EAAE;gBACX,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,OAAO,EAAE,SAAS,CAAC,OAAO;AAC1B,gBAAA,GAAG,EAAE;oBACH,cAAc,EAAE,OAAO,CAAC,IAAI;AAC7B,iBAAA;AACF,aAAA;AACF,SAAA,CAAC;;AAEL;MAEY,kBAAkB,GAAG,IAAI,cAAc,CAClD,cAAc;;ACAhB;;;;AAIG;AACG,SAAU,4BAA4B,CAC1C,GAAuB,EAAA;AAEvB,IAAA,OAAO,OAAO,GAAG,KAAK,QAAQ;AAChC;AAoHA;;;;;;;;;;AAUG;MACU,iBAAiB,GAAG,IAAI,cAAc,CACjD,sBAAsB;AAGxB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyCG;MAEU,gBAAgB,CAAA;AAG3B,IAAA,WAAA,CAAmD,MAAmB,EAAA;QACpE,IAAI,MAAM,EAAE;AACV,YAAA,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;;;AAIpB;;;;AAIG;AACH,IAAA,GAAG,CAAC,MAAkB,EAAA;AACpB,QAAA,IAAI,CAAC,MAAM,GAAG,MAAM;;AAGtB;;AAEG;IACH,GAAG,GAAA;QACD,OAAO,IAAI,CAAC,MAAoB;;AAtBvB,IAAA,SAAA,IAAA,CAAA,IAAA,GAAA,EAAA,CAAA,kBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,gBAAgB,kBAGK,iBAAiB,EAAA,QAAA,EAAA,IAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;AAHtC,IAAA,SAAA,IAAA,CAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,gBAAgB,cADH,MAAM,EAAA,CAAA,CAAA;;4FACnB,gBAAgB,EAAA,UAAA,EAAA,CAAA;kBAD5B,UAAU;mBAAC,EAAE,UAAU,EAAE,MAAM,EAAE;;0BAInB;;0BAAY,MAAM;2BAAC,iBAAiB;;;MChNtC,iBAAiB,CAAA;IAG5B,WAAoB,CAAA,QAAkB,EAAE,QAAkB,EAAA;QAAtC,IAAQ,CAAA,QAAA,GAAR,QAAQ;AAC1B,QAAA,IAAI;YACF,IAAI,CAAC,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC;;QAClC,MAAM;;AAGV;;;;;AAKG;AACH,IAAA,aAAa,CAAC,GAAW,EAAA;AACvB,QAAA,IAAI,IAAI,CAAC,MAAM,EAAE;AACf,YAAA,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC;YAE9B;;AAGF,QAAA,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC;;+GAtBtB,iBAAiB,EAAA,IAAA,EAAA,CAAA,EAAA,KAAA,EAAA,EAAA,CAAA,QAAA,EAAA,EAAA,EAAA,KAAA,EAAA,EAAA,CAAA,QAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;AAAjB,IAAA,SAAA,IAAA,CAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,iBAAiB,cAFhB,MAAM,EAAA,CAAA,CAAA;;4FAEP,iBAAiB,EAAA,UAAA,EAAA,CAAA;kBAH7B,UAAU;AAAC,YAAA,IAAA,EAAA,CAAA;AACV,oBAAA,UAAU,EAAE,MAAM;AACnB,iBAAA;;;ACeD;;AAEG;MAEU,SAAS,CAAA;AAsFpB,IAAA,WAAA,CAAgD,WAAwB,EAAA;QAAxB,IAAW,CAAA,WAAA,GAAX,WAAW;AArFnD,QAAA,IAAA,CAAA,iBAAiB,GAAG,IAAI,eAAe,CAAU,IAAI,CAAC;AACtD,QAAA,IAAA,CAAA,QAAQ,GAAG,IAAI,OAAO,EAAQ;AAC9B,QAAA,IAAA,CAAA,YAAY,GAAG,IAAI,aAAa,CAAS,CAAC,CAAC;AAC3C,QAAA,IAAA,CAAA,aAAa,GAAG,IAAI,aAAa,CAAQ,CAAC,CAAC;AAEnD;;AAEG;AACa,QAAA,IAAA,CAAA,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE;AAElE;;;AAGG;AACK,QAAA,IAAA,CAAA,mBAAmB,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAClD,IAAI,CACF,CACE,GAAwD,EACxD,OAAsB,MAClB;YACJ,QAAQ,EAAE,GAAG,CAAC,OAAO;YACrB,OAAO;AACR,SAAA,CAAC,EACF,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAClC,EACD,MAAM,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,QAAQ,KAAK,OAAO,CAAC,CACxD;AAED;;;;AAIG;QACc,IAAuB,CAAA,uBAAA,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAC7D,MAAM,CAAC,CAAC,OAAO,KAAK,CAAC,OAAO,CAAC,EAC7B,oBAAoB,EAAE,EACtB,SAAS,CAAC;;;;;;QAMR,KAAK,CACH,KAAK,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,EAC/C,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAC3B,QAAQ,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,CACnD,EACD,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,CAAC,CACvE,CACF,CACF;AAED;;;AAGG;AACM,QAAA,IAAA,CAAA,gBAAgB,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAC3D,oBAAoB,EAAE,EACtB,WAAW,CAAC,CAAC,CAAC,CACf;AAED;;AAEG;AACM,QAAA,IAAA,CAAA,KAAK,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAChD,SAAS,CAAC,CAAC,aAAa,KACtB,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,CACtD,EACD,oBAAoB,EAAE,CACvB;AAED;;AAEG;AACM,QAAA,IAAA,CAAA,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CACzD,SAAS,CAAC,CAAC,aAAa,KACtB,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,CAC/D,CACF;AAED;;AAEG;AACa,QAAA,IAAA,CAAA,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE;;AAI1D;;;;AAIG;AACI,IAAA,YAAY,CAAC,SAAkB,EAAA;AACpC,QAAA,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC;;AAGxC;;;AAGG;IACI,OAAO,GAAA;AACZ,QAAA,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE;;AAGtB;;;;AAIG;AACI,IAAA,cAAc,CAAC,WAAmB,EAAA;AACvC,QAAA,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC;;AAGrC;;;;AAIG;AACI,IAAA,QAAQ,CAAC,KAAU,EAAA;AACxB,QAAA,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;;AAxHrB,IAAA,SAAA,IAAA,CAAA,IAAA,GAAA,EAAA,CAAA,kBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,SAAS,kBAsFA,kBAAkB,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;AAtF3B,IAAA,SAAA,IAAA,CAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,SAAS,cADI,MAAM,EAAA,CAAA,CAAA;;4FACnB,SAAS,EAAA,UAAA,EAAA,CAAA;kBADrB,UAAU;mBAAC,EAAE,UAAU,EAAE,MAAM,EAAE;;0BAuFnB,MAAM;2BAAC,kBAAkB;;;MC9D3B,WAAW,CAAA;AAuCtB,IAAA,WAAA,CACsC,WAAwB,EACpD,aAA+B,EAC/B,SAA4B,EAC5B,SAAoB,EAAA;QAHQ,IAAW,CAAA,WAAA,GAAX,WAAW;QACvC,IAAa,CAAA,aAAA,GAAb,aAAa;QACb,IAAS,CAAA,SAAA,GAAT,SAAS;QACT,IAAS,CAAA,SAAA,GAAT,SAAS;AAxCX,QAAA,IAAA,CAAA,gBAAgB,GAAG,IAAI,aAAa,CAAY,CAAC,CAAC;;AAGlD,QAAA,IAAA,CAAA,cAAc,GAAG,IAAI,OAAO,EAAQ;AAC5C;;AAEG;AACM,QAAA,IAAA,CAAA,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU;AAE/C;;;AAGG;AACM,QAAA,IAAA,CAAA,gBAAgB,GAAG,IAAI,CAAC,SAAS,CAAC,gBAAgB;AAE3D;;AAEG;AACM,QAAA,IAAA,CAAA,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK;AAErC;;AAEG;AACM,QAAA,IAAA,CAAA,cAAc,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc;AAEvD;;AAEG;AACM,QAAA,IAAA,CAAA,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM;AAEvC;;;AAGG;AACM,QAAA,IAAA,CAAA,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,YAAY,EAAE;AAQvD,QAAA,MAAM,uBAAuB,GAAG,CAAC,UAAmB,KAClD,GAAG,CACD,MAAM,UAAU,EAChB,IAAI,CAAC,sBAAsB,EAAE,EAC7B,KAAK,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,CAAC,CAC7C;QAEH,IAAI,CAAC,oBAAoB;aACtB,IAAI,CACH,SAAS,CAAC,CAAC,UAAU,KACnB,uBAAuB,CAAC,UAAU,CAAC,CAAC,IAAI,CACtC,UAAU,CAAC,CAAC,KAAK,KAAI;YACnB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE;YACvC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,MAAM,CAAC,SAAS,IAAI,GAAG,CAAC;AACrD,YAAA,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;AAC9B,YAAA,OAAO,EAAE,CAAC,SAAS,CAAC;AACtB,SAAC,CAAC,CACH,CACF,EACD,GAAG,CAAC,MAAK;AACP,YAAA,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC;SACnC,CAAC,EACF,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC;AAE/B,aAAA,SAAS,EAAE;;AAGhB;;AAEG;IACH,WAAW,GAAA;;AAET,QAAA,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE;AAC1B,QAAA,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE;;AAGhC;;;;;;;;;;AAUG;AACH,IAAA,iBAAiB,CACf,OAAyC,EAAA;QAEzC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;;AAG1D;;;;;;;;;;;;;;;;;;;AAmBG;AACH,IAAA,0BAA0B,CACxB,OAAiD,EAAA;QAEjD,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;;AAGnE;;;;;;;;;;;;;;;;AAgBG;IACH,cAAc,CACZ,OAA2B,EAC3B,MAA2B,EAAA;AAE3B,QAAA,OAAO,IAAI,CACT,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,MAAK;AACzD,YAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;SACzB,CAAC,CACH;;AAGH;;;;;;;;;;;;;;AAcG;AACH,IAAA,MAAM,CAAC,OAAuB,EAAA;AAC5B,QAAA,OAAO,IAAI,CACT,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAK;YACzC,IAAI,OAAO,EAAE,OAAO,KAAK,KAAK,IAAI,OAAO,EAAE,OAAO,EAAE;AAClD,gBAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;;SAE3B,CAAC,CACH;;AAmBH;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BG;IACH,sBAAsB,CACpB,UAAmC,EAAE,EAAA;QAErC,OAAO,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAC9B,SAAS,CAAC,CAAC,MAAM,KACf,OAAO,CAAC,gBAAgB,KAAK;AAC3B,cAAE,MAAM,CAAC,gBAAgB,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,IAAI,EAAE;AAChE,cAAE,MAAM,CAAC,gBAAgB,CAAC,OAAO,CAAC,CACrC,EACD,GAAG,CAAC,CAAC,KAAK,KAAI;YACZ,IAAI,KAAK,EAAE;gBACT,IAAI,CAAC,SAAS,CAAC,cAAc,CAC3B,OAAO,KAAK,KAAK,QAAQ,GAAG,KAAK,GAAG,KAAK,CAAC,YAAY,CACvD;;AAEL,SAAC,CAAC,EACF,UAAU,CAAC,CAAC,KAAK,KAAI;AACnB,YAAA,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;AAC9B,YAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;AACxB,YAAA,OAAO,UAAU,CAAC,KAAK,CAAC;SACzB,CAAC,CACH;;AAGH;;;;;;;;;;;AAWG;AACH,IAAA,uBAAuB,CACrB,OAAkC,EAAA;AAElC,QAAA,OAAO,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAC9B,SAAS,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,EACxD,GAAG,CAAC,CAAC,KAAK,KAAI;YACZ,IAAI,KAAK,EAAE;AACT,gBAAA,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,KAAK,CAAC;;AAExC,SAAC,CAAC,EACF,UAAU,CAAC,CAAC,KAAK,KAAI;AACnB,YAAA,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;AAC9B,YAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;AACxB,YAAA,OAAO,UAAU,CAAC,KAAK,CAAC;SACzB,CAAC,CACH;;AAGH;;;;;;;;;;;;;;;;;;;;;;;AAuBG;AACH,IAAA,4BAA4B,CAC1B,OAAmC,EAAA;AAEnC,QAAA,OAAO,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAC9B,SAAS,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC,EACnE,GAAG,CAAC,CAAC,aAAa,KAAI;AACpB,YAAA,IAAI,aAAa,CAAC,YAAY,EAAE;gBAC9B,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,aAAa,CAAC,YAAY,CAAC;;AAE7D,SAAC,CAAC,EACF,UAAU,CAAC,CAAC,KAAK,KAAI;AACnB,YAAA,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;AAC9B,YAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;AACxB,YAAA,OAAO,UAAU,CAAC,KAAK,CAAC;SACzB,CAAC,CACH;;AAGH;;;;;;;;;;;;;AAaG;AACH,IAAA,sBAAsB,CACpB,GAAY,EAAA;AAIZ,QAAA,OAAO,KAAK,CAAC,MACX,IAAI,CAAC,WAAW,CAAC,sBAAsB,CAAY,GAAG,CAAC,CACxD,CAAC,IAAI,CACJ,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EACzC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC,KAAI;YAC1B,IAAI,CAAC,SAAS,EAAE;AACd,gBAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;;AAE1B,YAAA,MAAM,QAAQ,GAAG,MAAM,EAAE,QAAQ;AACjC,YAAA,MAAM,MAAM,GAAG,QAAQ,EAAE,MAAM,IAAI,GAAG;YAEtC,IAAI,QAAQ,EAAE;AACZ,gBAAA,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;;AAGtC,YAAA,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,MAAM,CAAC;AACtC,SAAC,CAAC,EACF,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC,CAC1B;;AAGH;;;;;;;;;;AAUG;AACH,IAAA,YAAY,CAAC,EAAW,EAAA;QACtB,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;;AAGhD;;;;;;;;;;;AAWG;IACH,YAAY,CAAC,KAAa,EAAE,EAAW,EAAA;AACrC,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;;AAGvD;;;;;;;;;;;;;;;AAeG;AACH,IAAA,iBAAiB,CAAC,MAKjB,EAAA;QACC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;;AAGzD;;;;;;;;;;;AAWG;AACH,IAAA,aAAa,CACX,MAA+B,EAAA;QAE/B,OAAO,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC;;IAGvC,oBAAoB,GAAA;AAC1B,QAAA,OAAO,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAC7B,GAAG,CAAC,CAAC,MAAM,KAAI;AACb,YAAA,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC;AAChD,YAAA,QACE,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;AACtD,gBAAA,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;gBACzB,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,oBAAoB;SAEjD,CAAC,CACH;;AAxbQ,IAAA,SAAA,IAAA,CAAA,IAAA,GAAA,EAAA,CAAA,kBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,WAAW,kBAwCZ,kBAAkB,EAAA,EAAA,EAAA,KAAA,EAAAA,gBAAA,EAAA,EAAA,EAAA,KAAA,EAAAC,iBAAA,EAAA,EAAA,EAAA,KAAA,EAAAC,SAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;AAxCjB,IAAA,SAAA,IAAA,CAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,WAAW,cAFV,MAAM,EAAA,CAAA,CAAA;;4FAEP,WAAW,EAAA,UAAA,EAAA,CAAA;kBAHvB,UAAU;AAAC,YAAA,IAAA,EAAA,CAAA;AACV,oBAAA,UAAU,EAAE,MAAM;AACnB,iBAAA;;0BAyCI,MAAM;2BAAC,kBAAkB;;;MC3EjB,SAAS,CAAA;AACpB,IAAA,WAAA,CAAoB,IAAiB,EAAA;QAAjB,IAAI,CAAA,IAAA,GAAJ,IAAI;;IAExB,OAAO,CAAC,KAAY,EAAE,QAAsB,EAAA;AAC1C,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;;IAGjD,WAAW,CACT,IAA4B,EAC5B,KAA0B,EAAA;AAE1B,QAAA,OAAO,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC;;IAG9C,gBAAgB,CACd,UAAkC,EAClC,KAA0B,EAAA;AAE1B,QAAA,OAAO,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC;;AAGtC,IAAA,yBAAyB,CAC/B,KAA0B,EAAA;AAE1B,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CACpC,SAAS,CAAC,CAAC,QAAQ,KAAI;YACrB,IAAI,CAAC,QAAQ,EAAE;gBACb,OAAO,IAAI,CAAC;AACT,qBAAA,iBAAiB,CAAC;AACjB,oBAAA,QAAQ,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG,EAAE;iBAChC;qBACA,IAAI,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,CAAC;;AAE3B,YAAA,OAAO,EAAE,CAAC,IAAI,CAAC;SAChB,CAAC,CACH;;+GAnCQ,SAAS,EAAA,IAAA,EAAA,CAAA,EAAA,KAAA,EAAAC,WAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;AAAT,IAAA,SAAA,IAAA,CAAA,KAAA,GAAA,EAAA,CAAA,qBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,SAAS,cAFR,MAAM,EAAA,CAAA,CAAA;;4FAEP,SAAS,EAAA,UAAA,EAAA,CAAA;kBAHrB,UAAU;AAAC,YAAA,IAAA,EAAA,CAAA;AACV,oBAAA,UAAU,EAAE,MAAM;AACnB,iBAAA;;;MCNY,UAAU,CAAA;AACrB;;;;;AAKG;IACH,OAAO,OAAO,CAAC,MAAmB,EAAA;QAChC,OAAO;AACL,YAAA,QAAQ,EAAE,UAAU;AACpB,YAAA,SAAS,EAAE;gBACT,WAAW;gBACX,SAAS;AACT,gBAAA;AACE,oBAAA,OAAO,EAAE,iBAAiB;AAC1B,oBAAA,QAAQ,EAAE,MAAM;AACjB,iBAAA;AACD,gBAAA;AACE,oBAAA,OAAO,EAAE,kBAAkB;oBAC3B,UAAU,EAAE,kBAAkB,CAAC,YAAY;oBAC3C,IAAI,EAAE,CAAC,gBAAgB,CAAC;AACzB,iBAAA;AACF,aAAA;SACF;;+GAvBQ,UAAU,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,QAAA,EAAA,CAAA,CAAA;gHAAV,UAAU,EAAA,CAAA,CAAA;gHAAV,UAAU,EAAA,CAAA,CAAA;;4FAAV,UAAU,EAAA,UAAA,EAAA,CAAA;kBADtB;;;ACgCD,MAAM,SAAS,GACb,CAAU,OAA4B,KACtC,CAAU,OAA4B,KACpC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;MAG7D,mBAAmB,CAAA;AAC9B,IAAA,WAAA,CACU,aAA+B,EACH,WAAwB,EACpD,SAAoB,EACpB,WAAwB,EAAA;QAHxB,IAAa,CAAA,aAAA,GAAb,aAAa;QACe,IAAW,CAAA,WAAA,GAAX,WAAW;QACvC,IAAS,CAAA,SAAA,GAAT,SAAS;QACT,IAAW,CAAA,WAAA,GAAX,WAAW;;IAGrB,SAAS,CACP,GAAqB,EACrB,IAAiB,EAAA;QAEjB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE;AACvC,QAAA,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,WAAW,EAAE;AACxC,YAAA,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;;QAGzB,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,IAAI,CAChD,MAAM,CAAC,CAAC,SAAS,KAAK,CAAC,SAAS,CAAC,CAClC;QAED,OAAO,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAC7D,SAAS,CAAC,CAAC,KAAK,KACd,GAAG;;AAED,QAAA,MAAM,KAAK,KAAK,IAAI;;;AAGpB,QAAA,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CACZ,SAAS,CAAC,SAAS,CAAC,EACpB,KAAK,CAAC,cAAc,CAAC,EACrB,SAAS,CAA8C,CAAC,OAAO,KAC7D,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,IAAI,CACvC,UAAU,CAAC,CAAC,GAAG,KAAI;YACjB,IAAI,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE;AACnC,gBAAA,OAAO,EAAE,CAAC,EAAE,CAAC;;AAGf,YAAA,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC;AAC5B,YAAA,OAAO,UAAU,CAAC,GAAG,CAAC;SACvB,CAAC,CACH,CACF,EACD,SAAS,CAAC,CAAC,KAAa,KAAI;;YAE1B,MAAM,KAAK,GAAG;AACZ,kBAAE,GAAG,CAAC,KAAK,CAAC;AACR,oBAAA,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CACtB,eAAe,EACf,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAClB;iBACF;kBACD,GAAG;AAEP,YAAA,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;AAC3B,SAAC,CAAC,CACH;;;QAGD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CACjB,CACF,CACF;;AAGH;;;;;AAKG;AACK,IAAA,sBAAsB,CAC5B,OAAiC,EAAA;AAEjC,QAAA,OAAO,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAC9B,SAAS,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,EACvD,GAAG,CAAC,CAAC,eAAyD,KAAI;;YAEhE,IAAI,OAAO,eAAe,KAAK,QAAQ;AAAE,gBAAA,OAAO,eAAe;YAC/D,OAAO,eAAe,CAAC,YAAY;SACpC,CAAC,EACF,GAAG,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EACpD,UAAU,CAAC,CAAC,KAAK,KAAI;AACnB,YAAA,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE;AACxB,YAAA,OAAO,UAAU,CAAC,KAAK,CAAC;SACzB,CAAC,CACH;;AAGH;;;;AAIG;AACK,IAAA,cAAc,CAAC,GAAW,EAAA;QAChC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE;AACzB,YAAA,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;;QAGvC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE;AACzB,YAAA,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;;AAGvC,QAAA,OAAO,GAAG;;AAGZ;;;;;;AAMG;IACK,cAAc,CACpB,KAAyB,EACzB,OAAyB,EAAA;AAEzB,QAAA,MAAM,aAAa,GAAG,CAAC,KAAyB,KAAa;YAC3D,IAAI,CAAC,KAAK,EAAE;AACV,gBAAA,OAAO,KAAK;;YAGd,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC;AAEpD,YAAA,IAAI,KAAK,KAAK,WAAW,EAAE;AACzB,gBAAA,OAAO,IAAI;;;AAIb,YAAA,QACE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC;AACvC,gBAAA,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAE7D,SAAC;AAED,QAAA,IAAI,4BAA4B,CAAC,KAAK,CAAC,EAAE;AACvC,YAAA,IAAI,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,UAAU,KAAK,OAAO,CAAC,MAAM,EAAE;AAC3D,gBAAA,OAAO,KAAK;;;YAId,IAAI,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE;AACnC,gBAAA,OAAO,CAAC,IAAI,CACV,+EAA+E,CAChF;;YAGH,OAAO,KAAK,CAAC;kBACT,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG;AAC9B,kBAAE,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC;;AAG9B,QAAA,OAAO,aAAa,CAAC,KAAK,CAAC;;AAG7B;;;;;;AAMG;IACK,iBAAiB,CACvB,OAAyB,EACzB,MAA6B,EAAA;AAE7B,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAClC,KAAK,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,CAC5D;;IAGK,cAAc,CAAC,KAAgC,EAAE,GAAQ,EAAA;QAC/D,QACE,CAAC,CAAC,KAAK;YACP,4BAA4B,CAAC,KAAK,CAAC;YACnC,CAAC,CAAC,KAAK,CAAC,cAAc;AACtB,YAAA,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,uBAAuB,CAAC,CAAC,QAAQ,CACtE,GAAG,CAAC,KAAK,CACV;;AAlLM,IAAA,SAAA,IAAA,CAAA,IAAA,GAAA,EAAA,CAAA,kBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,QAAA,EAAA,EAAA,EAAA,IAAA,EAAA,mBAAmB,+CAGpB,kBAAkB,EAAA,EAAA,EAAA,KAAA,EAAAC,SAAA,EAAA,EAAA,EAAA,KAAA,EAAAC,WAAA,EAAA,CAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;mHAHjB,mBAAmB,EAAA,CAAA,CAAA;;4FAAnB,mBAAmB,EAAA,UAAA,EAAA,CAAA;kBAD/B;;0BAII,MAAM;2BAAC,kBAAkB;;;ACxC9B;;;;;;;;;;;;;;;;AAgBG;AACG,SAAU,YAAY,CAAC,MAAmB,EAAA;AAC9C,IAAA,OAAO,wBAAwB,CAAC;QAC9B,WAAW;QACX,mBAAmB;QACnB,SAAS;AACT,QAAA;AACE,YAAA,OAAO,EAAE,iBAAiB;AAC1B,YAAA,QAAQ,EAAE,MAAM;AACjB,SAAA;AACD,QAAA;AACE,YAAA,OAAO,EAAE,kBAAkB;YAC3B,UAAU,EAAE,kBAAkB,CAAC,YAAY;YAC3C,IAAI,EAAE,CAAC,gBAAgB,CAAC;AACzB,SAAA;AACF,KAAA,CAAC;AACJ;;AChCA;;;;;;;;AAQG;MACU,WAAW,GAAG,CACzB,KAA6B,EAC7B,KAA0B,KACvB,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK;AAE/C;;;;;;;;;AASG;AACU,MAAA,qBAAqB,GAAG,CACnC,GAAqB,EACrB,MAAqE,KAClE,MAAM,CAAC,mBAAmB,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE;;AClC1D;;AAEG;;ACFH;;AAEG;;;;"}
package/lib/auth.service.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { OnDestroy } from '@angular/core';
2
- import { Auth0Client, PopupLoginOptions, PopupConfigOptions, GetTokenSilentlyOptions, GetTokenWithPopupOptions, RedirectLoginResult, GetTokenSilentlyVerboseResponse, ConnectAccountRedirectResult, RedirectConnectAccountOptions, CustomFetchMinimalOutput, Fetcher, FetcherConfig } from '@auth0/auth0-spa-js';
2
+ import { Auth0Client, PopupLoginOptions, PopupConfigOptions, GetTokenSilentlyOptions, GetTokenWithPopupOptions, RedirectLoginResult, GetTokenSilentlyVerboseResponse, ConnectAccountRedirectResult, RedirectConnectAccountOptions, CustomFetchMinimalOutput, Fetcher, FetcherConfig, CustomTokenExchangeOptions, TokenEndpointResponse } from '@auth0/auth0-spa-js';
3
3
  import { Observable } from 'rxjs';
4
4
  import { AbstractNavigator } from './abstract-navigator';
5
5
  import { AuthClientConfig, AppState } from './auth.config';
@@ -138,6 +138,31 @@ export declare class AuthService<TAppState extends AppState = AppState> implemen
138
138
  * results will be valid according to their expiration times.
139
139
  */
140
140
  getAccessTokenWithPopup(options?: GetTokenWithPopupOptions): Observable<string | undefined>;
141
+ /**
142
+ * ```js
143
+ * loginWithCustomTokenExchange(options).subscribe(tokenResponse => ...)
144
+ * ```
145
+ *
146
+ * Exchanges an external subject token for Auth0 tokens and establishes an authenticated session.
147
+ *
148
+ * This method implements the token exchange grant as specified in RFC 8693.
149
+ * It performs a token exchange by sending a request to the `/oauth/token` endpoint
150
+ * with the external token and returns Auth0 tokens (access token, ID token, etc.).
151
+ *
152
+ * The request includes the following parameters:
153
+ * - `grant_type`: Hard-coded to "urn:ietf:params:oauth:grant-type:token-exchange"
154
+ * - `subject_token`: The external token to be exchanged
155
+ * - `subject_token_type`: A namespaced URI identifying the token type (must be under your organization's control)
156
+ * - `audience`: The target audience (falls back to the SDK's default audience if not provided)
157
+ * - `scope`: Space-separated list of scopes (merged with the SDK's default scopes)
158
+ *
159
+ * After a successful token exchange, this method updates the authentication state
160
+ * to ensure consistency with the standard authentication flows.
161
+ *
162
+ * @param options The options required to perform the token exchange
163
+ * @returns An Observable that emits the token endpoint response containing Auth0 tokens
164
+ */
165
+ loginWithCustomTokenExchange(options: CustomTokenExchangeOptions): Observable<TokenEndpointResponse>;
141
166
  /**
142
167
  * ```js
143
168
  * handleRedirectCallback(url).subscribe(result => ...)
package/lib/provide.d.ts CHANGED
@@ -1,10 +1,12 @@
1
- import { Provider } from '@angular/core';
1
+ import { EnvironmentProviders } from '@angular/core';
2
2
  import { AuthConfig } from './auth.config';
3
3
  /**
4
4
  * Initialize the authentication system. Configuration can either be specified here,
5
5
  * or by calling AuthClientConfig.set (perhaps from an APP_INITIALIZER factory function).
6
6
  *
7
- * Note: Should only be used as of Angular 15, and should not be added to a component's providers.
7
+ * Note: Should only be used as of Angular 15. This function returns `EnvironmentProviders`
8
+ * which ensures it can only be used at the application/environment level and cannot be
9
+ * added to a component's providers array (this will result in a compile-time error).
8
10
  *
9
11
  * @param config The optional configuration for the SDK.
10
12
  *
@@ -15,4 +17,4 @@ import { AuthConfig } from './auth.config';
15
17
  * ],
16
18
  * });
17
19
  */
18
- export declare function provideAuth0(config?: AuthConfig): Provider[];
20
+ export declare function provideAuth0(config?: AuthConfig): EnvironmentProviders;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@auth0/auth0-angular",
3
- "version": "2.5.0",
3
+ "version": "2.6.0",
4
4
  "description": "Auth0 SDK for Angular Single Page Applications (SPA)",
5
5
  "keywords": [
6
6
  "auth0",
package/public-api.d.ts CHANGED
@@ -9,4 +9,4 @@ export * from './lib/interfaces';
9
9
  export * from './lib/provide';
10
10
  export * from './lib/functional';
11
11
  export * from './lib/abstract-navigator';
12
- export { AuthorizationParams, PopupLoginOptions, PopupConfigOptions, GetTokenWithPopupOptions, GetTokenSilentlyOptions, RedirectConnectAccountOptions, ICache, Cacheable, LocalStorageCache, InMemoryCache, IdToken, User, GenericError, TimeoutError, MfaRequiredError, PopupTimeoutError, AuthenticationError, PopupCancelledError, MissingRefreshTokenError, Fetcher, FetcherConfig, CustomFetchMinimalOutput, UseDpopNonceError, } from '@auth0/auth0-spa-js';
12
+ export { AuthorizationParams, PopupLoginOptions, PopupConfigOptions, GetTokenWithPopupOptions, GetTokenSilentlyOptions, RedirectConnectAccountOptions, ICache, Cacheable, LocalStorageCache, InMemoryCache, IdToken, User, GenericError, TimeoutError, MfaRequiredError, PopupTimeoutError, AuthenticationError, PopupCancelledError, MissingRefreshTokenError, Fetcher, FetcherConfig, CustomFetchMinimalOutput, UseDpopNonceError, CustomTokenExchangeOptions, TokenEndpointResponse, } from '@auth0/auth0-spa-js';