@bravobit/bb-foundation 0.21.1 → 0.21.2

package/fesm2015/bravobit-bb-foundation-auth.mjs

@@ -13,968 +13,968 @@ import * as i3 from '@bravobit/bb-foundation';
 import * as i7 from '@bravobit/bb-foundation/http';
 import { HttpError } from '@bravobit/bb-foundation/http';
 
-class AuthConfig {
+class AuthConfig {
 }
 
 const USE_AUTHORIZATION = new HttpContextToken(() => true);
 
-class JwtHelper {
-    constructor() {
-        this.baseDecodeUnicode = (value) => {
-            return decodeURIComponent(atob(value).replace(/(.)/g, (_, p) => {
-                let code = p.charCodeAt(0).toString(16).toUpperCase();
-                if (code.length < 2) {
-                    code = '0' + code;
-                }
-                return '%' + code;
-            }));
-        };
-        this.parse = (data) => {
-            return {
-                id: data['iss'] || null,
-                type: data['typ'] || null,
-                audience: data['aud'] || null,
-                issuer: data['iss'] || null,
-                subject: data['sub'] || null,
-                role: data['role'] || null,
-                notValidBefore: this.parseDate(data['nbf']),
-                expiresAt: this.parseDate(data['exp']),
-                issuedAt: this.parseDate(data['iat'])
-            };
-        };
-        this.parseDate = (epochInSeconds) => {
-            if (!epochInSeconds || epochInSeconds <= 0) {
-                return null;
-            }
-            return new Date(epochInSeconds * 1000);
-        };
-    }
-    decode(token) {
-        try {
-            if (token === null || token === undefined) {
-                return null;
-            }
-            const json = JSON.parse(this.urlDecode(token.split('.')[1]));
-            return this.parse(json);
-        }
-        catch (_a) {
-            return null;
-        }
-    }
-    urlDecode(token) {
-        const value = token || '';
-        let output = value
-            .replace(/-/g, '+')
-            .replace(/_/g, '/');
-        switch (output.length % 4) {
-            case 0:
-                break;
-            case 2:
-                output += '==';
-                break;
-            case 3:
-                output += '=';
-                break;
-            default:
-                throw 'Illegal base64url string!';
-        }
-        try {
-            return this.baseDecodeUnicode(output);
-        }
-        catch (_a) {
-            return atob(output);
-        }
-    }
+class JwtHelper {
+    constructor() {
+        this.baseDecodeUnicode = (value) => {
+            return decodeURIComponent(atob(value).replace(/(.)/g, (_, p) => {
+                let code = p.charCodeAt(0).toString(16).toUpperCase();
+                if (code.length < 2) {
+                    code = '0' + code;
+                }
+                return '%' + code;
+            }));
+        };
+        this.parse = (data) => {
+            return {
+                id: data['iss'] || null,
+                type: data['typ'] || null,
+                audience: data['aud'] || null,
+                issuer: data['iss'] || null,
+                subject: data['sub'] || null,
+                role: data['role'] || null,
+                notValidBefore: this.parseDate(data['nbf']),
+                expiresAt: this.parseDate(data['exp']),
+                issuedAt: this.parseDate(data['iat'])
+            };
+        };
+        this.parseDate = (epochInSeconds) => {
+            if (!epochInSeconds || epochInSeconds <= 0) {
+                return null;
+            }
+            return new Date(epochInSeconds * 1000);
+        };
+    }
+    decode(token) {
+        try {
+            if (token === null || token === undefined) {
+                return null;
+            }
+            const json = JSON.parse(this.urlDecode(token.split('.')[1]));
+            return this.parse(json);
+        }
+        catch (_a) {
+            return null;
+        }
+    }
+    urlDecode(token) {
+        const value = token || '';
+        let output = value
+            .replace(/-/g, '+')
+            .replace(/_/g, '/');
+        switch (output.length % 4) {
+            case 0:
+                break;
+            case 2:
+                output += '==';
+                break;
+            case 3:
+                output += '=';
+                break;
+            default:
+                throw 'Illegal base64url string!';
+        }
+        try {
+            return this.baseDecodeUnicode(output);
+        }
+        catch (_a) {
+            return atob(output);
+        }
+    }
 }
 
-class AuthMapper {
-    constructor() {
-        // Routes.
-        this.me = 'auth/me';
-        this.register = 'auth/register';
-        this.resendCode = 'auth/resend';
-        this.logout = 'auth/logout';
-        this.refresh = 'auth/refresh';
-        this.requestPassword = 'auth/reset';
-        this.resetPassword = 'auth/reset-password';
-    }
-    role(data) {
-        return (data && data.role) || null;
-    }
-    toRegister(data) {
-        // Retrieve the params.
-        const { token, refresh_token, user } = data;
-        // Map the data to the correct format.
-        return { accessToken: token, refreshToken: refresh_token, user: user };
-    }
-    toRefresh(data) {
-        // Retrieve the params.
-        const { token, refresh_token } = data;
-        // Map the data to the correct format.
-        return { accessToken: token, refreshToken: refresh_token };
-    }
-}
-AuthMapper.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: AuthMapper, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
-AuthMapper.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: AuthMapper });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: AuthMapper, decorators: [{
-            type: Injectable
+class AuthMapper {
+    constructor() {
+        // Routes.
+        this.me = 'auth/me';
+        this.register = 'auth/register';
+        this.resendCode = 'auth/resend';
+        this.logout = 'auth/logout';
+        this.refresh = 'auth/refresh';
+        this.requestPassword = 'auth/reset';
+        this.resetPassword = 'auth/reset-password';
+    }
+    role(data) {
+        return (data && data.role) || null;
+    }
+    toRegister(data) {
+        // Retrieve the params.
+        const { token, refresh_token, user } = data;
+        // Map the data to the correct format.
+        return { accessToken: token, refreshToken: refresh_token, user: user };
+    }
+    toRefresh(data) {
+        // Retrieve the params.
+        const { token, refresh_token } = data;
+        // Map the data to the correct format.
+        return { accessToken: token, refreshToken: refresh_token };
+    }
+}
+AuthMapper.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthMapper, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
+AuthMapper.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthMapper });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthMapper, decorators: [{
+            type: Injectable
         }] });
 
-class AuthVerifyProvider {
-    constructor(_code, _verifyToken, _endpoint) {
-        this._code = _code;
-        this._verifyToken = _verifyToken;
-        this._endpoint = _endpoint;
-    }
-    authenticate(httpClient) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Execute API call.
-            const data$ = yield httpClient.post(this._endpoint, {
-                token: this._code,
-                verify_token: this._verifyToken
-            });
-            const { token, refresh_token, user } = yield firstValueFrom(data$);
-            // Map the data to the correct format.
-            return { accessToken: token, refreshToken: refresh_token, user: user };
-        });
-    }
+class AuthVerifyProvider {
+    constructor(_code, _verifyToken, _endpoint) {
+        this._code = _code;
+        this._verifyToken = _verifyToken;
+        this._endpoint = _endpoint;
+    }
+    authenticate(httpClient) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Execute API call.
+            const data$ = yield httpClient.post(this._endpoint, {
+                token: this._code,
+                verify_token: this._verifyToken
+            });
+            const { token, refresh_token, user } = yield firstValueFrom(data$);
+            // Map the data to the correct format.
+            return { accessToken: token, refreshToken: refresh_token, user: user };
+        });
+    }
 }
 
-class AuthEmailProvider {
-    constructor(_email, _password, _endpoint) {
-        this._email = _email;
-        this._password = _password;
-        this._endpoint = _endpoint;
-    }
-    authenticate(httpClient) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Execute API call.
-            const data$ = yield httpClient.post(this._endpoint, {
-                email: this._email,
-                password: this._password
-            });
-            const { token, refresh_token, user, provider, verify_token } = yield firstValueFrom(data$);
-            // Map the data to the correct format.
-            return {
-                accessToken: token,
-                refreshToken: refresh_token,
-                user: user,
-                provider: provider,
-                verifyToken: verify_token
-            };
-        });
-    }
+class AuthEmailProvider {
+    constructor(_email, _password, _endpoint) {
+        this._email = _email;
+        this._password = _password;
+        this._endpoint = _endpoint;
+    }
+    authenticate(httpClient) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Execute API call.
+            const data$ = yield httpClient.post(this._endpoint, {
+                email: this._email,
+                password: this._password
+            });
+            const { token, refresh_token, user, provider, verify_token } = yield firstValueFrom(data$);
+            // Map the data to the correct format.
+            return {
+                accessToken: token,
+                refreshToken: refresh_token,
+                user: user,
+                provider: provider,
+                verifyToken: verify_token
+            };
+        });
+    }
 }
 
-class AuthSession {
-    constructor(options) {
-        var _a, _b;
-        // Readonly data.
-        this._jwt = new JwtHelper();
-        // Token strings.
-        this._accessTokenString = null;
-        this._refreshTokenString = null;
-        // Token payloads.
-        this._accessTokenPayload = null;
-        this._refreshTokenPayload = null;
-        // Private user data.
-        this._user$ = new BehaviorSubject(null);
-        // Public user data.
-        this.user = this._user$.pipe(shareReplay(1));
-        this.generateKey = (applicationId, key) => {
-            return [applicationId, key].join('_');
-        };
-        this.isTokenValid = (token) => {
-            var _a;
-            if (!token) {
-                return false;
-            }
-            return ((_a = token === null || token === void 0 ? void 0 : token.expiresAt) === null || _a === void 0 ? void 0 : _a.getTime()) > Date.now();
-        };
-        const applicationId = (_a = options === null || options === void 0 ? void 0 : options.id) !== null && _a !== void 0 ? _a : 'ng';
-        // Setting up the readonly storage keys.
-        this._accessTokenStorageKey = this.generateKey(applicationId, 'au_act');
-        this._refreshTokenStorageKey = this.generateKey(applicationId, 'au_rft');
-        this._userStorageKey = this.generateKey(applicationId, 'au_usr');
-        // Setting up the storage.
-        this._storage = (_b = options === null || options === void 0 ? void 0 : options.storage) !== null && _b !== void 0 ? _b : null;
-        // Init methods.
-        this.restoreFromStorage();
-    }
-    get accessToken() {
-        return this.isTokenValid(this._accessTokenPayload)
-            ? this._accessTokenString
-            : null;
-    }
-    get refreshToken() {
-        return this.isTokenValid(this.refreshTokenPayload)
-            ? this._refreshTokenString
-            : null;
-    }
-    get accessTokenPayload() {
-        var _a;
-        return (_a = this._accessTokenPayload) !== null && _a !== void 0 ? _a : null;
-    }
-    get refreshTokenPayload() {
-        var _a;
-        return (_a = this._refreshTokenPayload) !== null && _a !== void 0 ? _a : null;
-    }
-    authenticated() {
-        return this.isTokenValid(this._accessTokenPayload) || this.isTokenValid(this._refreshTokenPayload);
-    }
-    setTokens(accessToken, refreshToken) {
-        this.setAccessToken(accessToken);
-        this.setRefreshToken(refreshToken);
-        this.syncTokensInStorage();
-    }
-    setUser(user) {
-        this._user$.next(user !== null && user !== void 0 ? user : null);
-        this.syncUserInStorage();
-    }
-    clear() {
-        this.setTokens(null, null);
-        this.setUser(null);
-    }
-    restoreFromStorage() {
-        if (!this._storage) {
-            return;
-        }
-        // Set the access token.
-        const accessToken = this._storage.get(this._accessTokenStorageKey);
-        this.setAccessToken(accessToken);
-        // Set the refresh token.
-        const refreshToken = this._storage.get(this._refreshTokenStorageKey);
-        this.setRefreshToken(refreshToken);
-        // Set the user if we have any correct token payloads.
-        if (this._accessTokenPayload || this._refreshTokenPayload) {
-            const user = this._storage.get(this._userStorageKey);
-            this._user$.next(user !== null && user !== void 0 ? user : null); // Note: just settings here instead of setUser() because of syncing to the storage.
-        }
-    }
-    syncTokensInStorage() {
-        var _a, _b;
-        if (!this._storage) {
-            return;
-        }
-        // Set the access token if completely valid.
-        if (!!this.accessToken) {
-            this._storage.set(this._accessTokenStorageKey, this._accessTokenString, {
-                expires: (_a = this._accessTokenPayload) === null || _a === void 0 ? void 0 : _a.expiresAt
-            });
-        }
-        else {
-            this._storage.remove(this._accessTokenStorageKey);
-        }
-        // Set the refresh token if completely valid.
-        if (!!this.refreshToken) {
-            this._storage.set(this._refreshTokenStorageKey, this._refreshTokenString, {
-                expires: (_b = this._refreshTokenPayload) === null || _b === void 0 ? void 0 : _b.expiresAt
-            });
-        }
-        else {
-            this._storage.remove(this._refreshTokenStorageKey);
-        }
-    }
-    syncUserInStorage() {
-        if (!this._storage) {
-            return;
-        }
-        const user = this._user$.getValue();
-        if (!user) {
-            return this._storage.remove(this._userStorageKey);
-        }
-        const date = new Date();
-        date.setFullYear(date.getFullYear() + 1);
-        this._storage.set(this._userStorageKey, user, {
-            expires: new Date(date.getTime())
-        });
-    }
-    setAccessToken(value) {
-        this._accessTokenString = value !== null && value !== void 0 ? value : null;
-        this._accessTokenPayload = this._jwt.decode(this._accessTokenString);
-    }
-    setRefreshToken(value) {
-        this._refreshTokenString = value !== null && value !== void 0 ? value : null;
-        this._refreshTokenPayload = this._jwt.decode(this._refreshTokenString);
-    }
+class AuthSession {
+    constructor(options) {
+        var _a, _b;
+        // Readonly data.
+        this._jwt = new JwtHelper();
+        // Token strings.
+        this._accessTokenString = null;
+        this._refreshTokenString = null;
+        // Token payloads.
+        this._accessTokenPayload = null;
+        this._refreshTokenPayload = null;
+        // Private user data.
+        this._user$ = new BehaviorSubject(null);
+        // Public user data.
+        this.user = this._user$.pipe(shareReplay(1));
+        this.generateKey = (applicationId, key) => {
+            return [applicationId, key].join('_');
+        };
+        this.isTokenValid = (token) => {
+            var _a;
+            if (!token) {
+                return false;
+            }
+            return ((_a = token === null || token === void 0 ? void 0 : token.expiresAt) === null || _a === void 0 ? void 0 : _a.getTime()) > Date.now();
+        };
+        const applicationId = (_a = options === null || options === void 0 ? void 0 : options.id) !== null && _a !== void 0 ? _a : 'ng';
+        // Setting up the readonly storage keys.
+        this._accessTokenStorageKey = this.generateKey(applicationId, 'au_act');
+        this._refreshTokenStorageKey = this.generateKey(applicationId, 'au_rft');
+        this._userStorageKey = this.generateKey(applicationId, 'au_usr');
+        // Setting up the storage.
+        this._storage = (_b = options === null || options === void 0 ? void 0 : options.storage) !== null && _b !== void 0 ? _b : null;
+        // Init methods.
+        this.restoreFromStorage();
+    }
+    get accessToken() {
+        return this.isTokenValid(this._accessTokenPayload)
+            ? this._accessTokenString
+            : null;
+    }
+    get refreshToken() {
+        return this.isTokenValid(this.refreshTokenPayload)
+            ? this._refreshTokenString
+            : null;
+    }
+    get accessTokenPayload() {
+        var _a;
+        return (_a = this._accessTokenPayload) !== null && _a !== void 0 ? _a : null;
+    }
+    get refreshTokenPayload() {
+        var _a;
+        return (_a = this._refreshTokenPayload) !== null && _a !== void 0 ? _a : null;
+    }
+    authenticated() {
+        return this.isTokenValid(this._accessTokenPayload) || this.isTokenValid(this._refreshTokenPayload);
+    }
+    setTokens(accessToken, refreshToken) {
+        this.setAccessToken(accessToken);
+        this.setRefreshToken(refreshToken);
+        this.syncTokensInStorage();
+    }
+    setUser(user) {
+        this._user$.next(user !== null && user !== void 0 ? user : null);
+        this.syncUserInStorage();
+    }
+    clear() {
+        this.setTokens(null, null);
+        this.setUser(null);
+    }
+    restoreFromStorage() {
+        if (!this._storage) {
+            return;
+        }
+        // Set the access token.
+        const accessToken = this._storage.get(this._accessTokenStorageKey);
+        this.setAccessToken(accessToken);
+        // Set the refresh token.
+        const refreshToken = this._storage.get(this._refreshTokenStorageKey);
+        this.setRefreshToken(refreshToken);
+        // Set the user if we have any correct token payloads.
+        if (this._accessTokenPayload || this._refreshTokenPayload) {
+            const user = this._storage.get(this._userStorageKey);
+            this._user$.next(user !== null && user !== void 0 ? user : null); // Note: just settings here instead of setUser() because of syncing to the storage.
+        }
+    }
+    syncTokensInStorage() {
+        var _a, _b;
+        if (!this._storage) {
+            return;
+        }
+        // Set the access token if completely valid.
+        if (!!this.accessToken) {
+            this._storage.set(this._accessTokenStorageKey, this._accessTokenString, {
+                expires: (_a = this._accessTokenPayload) === null || _a === void 0 ? void 0 : _a.expiresAt
+            });
+        }
+        else {
+            this._storage.remove(this._accessTokenStorageKey);
+        }
+        // Set the refresh token if completely valid.
+        if (!!this.refreshToken) {
+            this._storage.set(this._refreshTokenStorageKey, this._refreshTokenString, {
+                expires: (_b = this._refreshTokenPayload) === null || _b === void 0 ? void 0 : _b.expiresAt
+            });
+        }
+        else {
+            this._storage.remove(this._refreshTokenStorageKey);
+        }
+    }
+    syncUserInStorage() {
+        if (!this._storage) {
+            return;
+        }
+        const user = this._user$.getValue();
+        if (!user) {
+            return this._storage.remove(this._userStorageKey);
+        }
+        const date = new Date();
+        date.setFullYear(date.getFullYear() + 1);
+        this._storage.set(this._userStorageKey, user, {
+            expires: new Date(date.getTime())
+        });
+    }
+    setAccessToken(value) {
+        this._accessTokenString = value !== null && value !== void 0 ? value : null;
+        this._accessTokenPayload = this._jwt.decode(this._accessTokenString);
+    }
+    setRefreshToken(value) {
+        this._refreshTokenString = value !== null && value !== void 0 ? value : null;
+        this._refreshTokenPayload = this._jwt.decode(this._refreshTokenString);
+    }
 }
 
-class Auth {
-    constructor(_storage, _mapper, _injector, _platform, _httpClient, _config, _state, _httpConfig) {
-        var _a, _b, _c;
-        this._storage = _storage;
-        this._mapper = _mapper;
-        this._injector = _injector;
-        this._platform = _platform;
-        this._httpClient = _httpClient;
-        this._config = _config;
-        this._state = _state;
-        this._httpConfig = _httpConfig;
-        // Readonly data.
-        this._authStateKey = makeStateKey(`bbAuthStateKey`);
-        this._httpAlias = (_b = (_a = this._httpConfig) === null || _a === void 0 ? void 0 : _a.defaultAlias) !== null && _b !== void 0 ? _b : null;
-        this._refreshHandler = null;
-        // We select a storage strategy based on the server/browser.
-        // Only cookies CAN work on the server.
-        const storageStrategy = this._platform.isBrowser
-            ? this._storage.select(["cookie" /* StorageOption.Cookie */, "local" /* StorageOption.Local */])
-            : this._storage.cookie;
-        // Starting the new session.
-        this.session = new AuthSession({
-            id: (_c = this._config) === null || _c === void 0 ? void 0 : _c.applicationId,
-            storage: storageStrategy
-        });
-        this.user = this.session.user;
-    }
-    initialize() {
-        return () => __awaiter(this, void 0, void 0, function* () {
-            var _a, _b, _c, _d, _e, _f;
-            // Check if the app should bootstrap the authentication.
-            const shouldBootstrap = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.bootstrap) !== null && _b !== void 0 ? _b : true;
-            if (!shouldBootstrap) {
-                return this.handleAutoRefreshing();
-            }
-            // Only retrieve from the server when we are actually authenticated.
-            if (!this.session.authenticated()) {
-                return;
-            }
-            // Get the key from the server state.
-            if (this._state && ((_c = this._state) === null || _c === void 0 ? void 0 : _c.hasKey(this._authStateKey))) {
-                const user = (_e = (_d = this._state) === null || _d === void 0 ? void 0 : _d.get(this._authStateKey, null)) !== null && _e !== void 0 ? _e : null;
-                return this.session.setUser(user);
-            }
-            // Try to fetch the user from the server.
-            const user$ = this.me();
-            const user = yield firstValueFrom(user$, { defaultValue: null });
-            // Set the state if exists.
-            if (this._state) {
-                (_f = this._state) === null || _f === void 0 ? void 0 : _f.set(this._authStateKey, user !== null && user !== void 0 ? user : null);
-            }
-            // Save the user in the storage and handle auto refreshing.
-            this.session.setUser(user);
-            this.handleAutoRefreshing();
-        });
-    }
-    me() {
-        const url = this.getUrl('auth/me');
-        return this._httpClient.get(url);
-    }
-    signIn(provider, as) {
-        var _a, _b;
-        return __awaiter(this, void 0, void 0, function* () {
-            const _c = yield provider.authenticate(this._httpClient), { accessToken, refreshToken, user } = _c, result = __rest(_c, ["accessToken", "refreshToken", "user"]);
-            // Check if the role matches.
-            if (as && !as.includes(this._mapper.role(user))) {
-                throw new Error('Invalid role.');
-            }
-            // Validate if the provider is one of the available
-            // providers then return the user object and the provider.
-            const apiProvider = (_a = result === null || result === void 0 ? void 0 : result.provider) !== null && _a !== void 0 ? _a : null;
-            const apiVerifyToken = (_b = result === null || result === void 0 ? void 0 : result.verifyToken) !== null && _b !== void 0 ? _b : null;
-            const availableProviders = ['email', 'sms', 'totp'];
-            if (availableProviders.includes(apiProvider)) {
-                return { user, provider: apiProvider, verifyToken: apiVerifyToken };
-            }
-            // Set the tokens in storage.
-            this.setTokens(accessToken, refreshToken);
-            // Set the user in storage.
-            this.session.setUser(user);
-            // Return the user.
-            return { user };
-        });
-    }
-    signInWithEmail(email, password, as) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const url = this.getUrl('auth/login');
-            return this.signIn(new AuthEmailProvider(email, password, url), as);
-        });
-    }
-    signInWithVerifyCode(code, verifyToken) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const url = this.getUrl('auth/verify');
-            return this.signIn(new AuthVerifyProvider(code, verifyToken, url));
-        });
-    }
-    resendVerifyCode(verifyToken) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const url = this.getUrl('auth/resend');
-            const result$ = this._httpClient.post(url, {
-                verify_token: verifyToken
-            });
-            return firstValueFrom(result$);
-        });
-    }
-    register(data, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Execute API call.
-            const url = this.getUrl('auth/register');
-            const result$ = this._httpClient.post(url, data, options);
-            const result = yield firstValueFrom(result$);
-            // Map to the correct response.
-            const { accessToken, refreshToken, user } = this._mapper.toRegister(result);
-            // Set the tokens in storage.
-            this.setTokens(accessToken, refreshToken);
-            // Set the user in storage.
-            this.session.setUser(user);
-            // Return the user.
-            return user;
-        });
-    }
-    logout() {
-        // If we don't have a refresh token just clear the session.
-        // Note: We do this because else we try to invalidate
-        // an "undefined" refresh token.
-        const refreshToken = this.session.refreshToken;
-        if (!refreshToken) {
-            return this.session.clear();
-        }
-        // We do have a refresh token, so try to
-        // invalidate it in the backend.
-        try {
-            const url = this.getUrl('auth/logout');
-            const observable$ = this._httpClient.get(url, {
-                headers: { Authorization: refreshToken }
-            });
-            firstValueFrom(observable$).then(_ => _);
-        }
-        catch (_a) {
-            // Do nothing because the tokens will be deleted anyways from the session.
-        }
-        // Delete the tokens from the session.
-        return this.session.clear();
-    }
-    refresh() {
-        var _a, _b;
-        // If the refresh token does
-        // not exist just return an observable of null.
-        const refreshToken = this.session.refreshToken;
-        if (!refreshToken) {
-            return of(null);
-        }
-        // Perform the refresh call.
-        const scheme = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.scheme) !== null && _b !== void 0 ? _b : 'Bearer';
-        const url = this.getUrl('auth/refresh');
-        const context = new HttpContext()
-            .set(USE_AUTHORIZATION, false);
-        return this._httpClient.get(url, {
-            headers: { Authorization: `${scheme} ${refreshToken}` },
-            context: context
-        }).pipe(map(data => this._mapper.toRefresh(data)), tap(({ accessToken, refreshToken }) => this.setTokens(accessToken, refreshToken)), map(({ accessToken }) => accessToken));
-    }
-    requestPassword(email, extraParams = {}) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const url = this.getUrl('auth/reset');
-            const observable$ = this._httpClient.post(url, Object.assign(Object.assign({}, extraParams), { email }));
-            return firstValueFrom(observable$);
-        });
-    }
-    resetPassword(token, newPassword, extraParams = {}) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const url = this.getUrl('auth/reset-password');
-            const observable$ = this._httpClient.post(url, Object.assign(Object.assign({}, extraParams), { token, password: newPassword }));
-            return firstValueFrom(observable$);
-        });
-    }
-    guard(type, redirectUrl) {
-        var _a, _b, _c, _d, _e, _f;
-        let newUrl = null;
-        // Get the correct new url.
-        switch (type) {
-            case 'authenticated':
-                newUrl = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.loggedInUrl) !== null && _b !== void 0 ? _b : null;
-                break;
-            case 'unauthenticated':
-                newUrl = (_d = (_c = this._config) === null || _c === void 0 ? void 0 : _c.redirectUrl) !== null && _d !== void 0 ? _d : null;
-                break;
-        }
-        // Append a redirect url if the user is deemed
-        // unauthenticated.
-        if (type === 'unauthenticated') {
-            const setRedirectOnFailedAuth = (_f = (_e = this._config) === null || _e === void 0 ? void 0 : _e.setRedirectOnFailedAuth) !== null && _f !== void 0 ? _f : true;
-            if (setRedirectOnFailedAuth && redirectUrl && newUrl) {
-                newUrl += `?redirectUrl=${redirectUrl}`;
-            }
-        }
-        // Parse the url if it exists.
-        if (this.router && newUrl) {
-            return this.router.parseUrl(newUrl);
-        }
-        // Return false if the user is not allowed.
-        return false;
-    }
-    clearAndRedirect() {
-        var _a, _b;
-        // 1. Delete the tokens from the session.
-        this.session.clear();
-        // 2. Compose the route url.
-        const redirectUrl = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.redirectUrl) !== null && _b !== void 0 ? _b : null;
-        // 3. Route back if the user provided a redirect url.
-        if (this.router && redirectUrl) {
-            this.router.navigate([redirectUrl]).then(_ => _);
-        }
-    }
-    setTokens(accessToken, refreshToken) {
-        // Set the tokens in our session.
-        this.session.setTokens(accessToken, refreshToken);
-        // We need to update the auto refresh of the refresh token.
-        this.handleAutoRefreshing();
-    }
-    handleAutoRefreshing() {
-        var _a, _b, _c, _d;
-        const shouldAutoRefresh = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.autoRefresh) !== null && _b !== void 0 ? _b : false;
-        if (!shouldAutoRefresh) {
-            return;
-        }
-        const expiresAt = (_d = (_c = this.session.refreshTokenPayload) === null || _c === void 0 ? void 0 : _c.expiresAt) !== null && _d !== void 0 ? _d : null;
-        if (expiresAt === null || !this._platform.isBrowser) {
-            return;
-        }
-        const differenceInMilliseconds = expiresAt.getTime() - Date.now();
-        const offsetInMilliseconds = 10000; // 10 seconds.
-        // We want to start the refresh 10 seconds before it expires.
-        const actualTiming = differenceInMilliseconds - offsetInMilliseconds;
-        if (actualTiming <= 0) {
-            return;
-        }
-        // We need to cap the timings because if
-        // we get large numbers it might cause unwanted results.
-        const maxTiming = 1000 * 60 * 60 * 24; // 24 hours.
-        const cappedTiming = Math.max(1, Math.min(actualTiming, maxTiming));
-        try {
-            if (this._refreshHandler !== null) {
-                clearTimeout === null || clearTimeout === void 0 ? void 0 : clearTimeout(this._refreshHandler);
-                this._refreshHandler = null;
-            }
-            this._refreshHandler = setTimeout === null || setTimeout === void 0 ? void 0 : setTimeout(() => this.autoRefresh(), cappedTiming);
-        }
-        catch (_e) {
-            // Just ignore it.
-        }
-    }
-    autoRefresh() {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                // We just need to wait for it to refresh.
-                const refresh$ = this.refresh();
-                yield firstValueFrom(refresh$);
-            }
-            catch (_a) {
-                // Something went wrong refreshing, we need to clear.
-                this.clearAndRedirect();
-            }
-        });
-    }
-    get router() {
-        return this._injector.get(Router);
-    }
-    getUrl(endpoint) {
-        return [this._httpAlias, endpoint]
-            .filter(item => !!item)
-            .join('/');
-    }
-}
-Auth.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: Auth, deps: [{ token: i1.Storage }, { token: AuthMapper }, { token: i0.Injector }, { token: i3.Platform }, { token: i4.HttpClient }, { token: AuthConfig, optional: true }, { token: i6.TransferState, optional: true }, { token: i7.HttpConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
-Auth.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: Auth });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: Auth, decorators: [{
-            type: Injectable
-        }], ctorParameters: function () {
-        return [{ type: i1.Storage }, { type: AuthMapper }, { type: i0.Injector }, { type: i3.Platform }, { type: i4.HttpClient }, { type: AuthConfig, decorators: [{
-                        type: Optional
-                    }] }, { type: i6.TransferState, decorators: [{
-                        type: Optional
-                    }] }, { type: i7.HttpConfig, decorators: [{
-                        type: Optional
-                    }] }];
+class Auth {
+    constructor(_storage, _mapper, _injector, _platform, _httpClient, _config, _state, _httpConfig) {
+        var _a, _b, _c;
+        this._storage = _storage;
+        this._mapper = _mapper;
+        this._injector = _injector;
+        this._platform = _platform;
+        this._httpClient = _httpClient;
+        this._config = _config;
+        this._state = _state;
+        this._httpConfig = _httpConfig;
+        // Readonly data.
+        this._authStateKey = makeStateKey(`bbAuthStateKey`);
+        this._httpAlias = (_b = (_a = this._httpConfig) === null || _a === void 0 ? void 0 : _a.defaultAlias) !== null && _b !== void 0 ? _b : null;
+        this._refreshHandler = null;
+        // We select a storage strategy based on the server/browser.
+        // Only cookies CAN work on the server.
+        const storageStrategy = this._platform.isBrowser
+            ? this._storage.select(["cookie" /* StorageOption.Cookie */, "local" /* StorageOption.Local */])
+            : this._storage.cookie;
+        // Starting the new session.
+        this.session = new AuthSession({
+            id: (_c = this._config) === null || _c === void 0 ? void 0 : _c.applicationId,
+            storage: storageStrategy
+        });
+        this.user = this.session.user;
+    }
+    initialize() {
+        return () => __awaiter(this, void 0, void 0, function* () {
+            var _a, _b, _c, _d, _e, _f;
+            // Check if the app should bootstrap the authentication.
+            const shouldBootstrap = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.bootstrap) !== null && _b !== void 0 ? _b : true;
+            if (!shouldBootstrap) {
+                return this.handleAutoRefreshing();
+            }
+            // Only retrieve from the server when we are actually authenticated.
+            if (!this.session.authenticated()) {
+                return;
+            }
+            // Get the key from the server state.
+            if (this._state && ((_c = this._state) === null || _c === void 0 ? void 0 : _c.hasKey(this._authStateKey))) {
+                const user = (_e = (_d = this._state) === null || _d === void 0 ? void 0 : _d.get(this._authStateKey, null)) !== null && _e !== void 0 ? _e : null;
+                return this.session.setUser(user);
+            }
+            // Try to fetch the user from the server.
+            const user$ = this.me();
+            const user = yield firstValueFrom(user$, { defaultValue: null });
+            // Set the state if exists.
+            if (this._state) {
+                (_f = this._state) === null || _f === void 0 ? void 0 : _f.set(this._authStateKey, user !== null && user !== void 0 ? user : null);
+            }
+            // Save the user in the storage and handle auto refreshing.
+            this.session.setUser(user);
+            this.handleAutoRefreshing();
+        });
+    }
+    me() {
+        const url = this.getUrl('auth/me');
+        return this._httpClient.get(url);
+    }
+    signIn(provider, as) {
+        var _a, _b;
+        return __awaiter(this, void 0, void 0, function* () {
+            const _c = yield provider.authenticate(this._httpClient), { accessToken, refreshToken, user } = _c, result = __rest(_c, ["accessToken", "refreshToken", "user"]);
+            // Check if the role matches.
+            if (as && !as.includes(this._mapper.role(user))) {
+                throw new Error('Invalid role.');
+            }
+            // Validate if the provider is one of the available
+            // providers then return the user object and the provider.
+            const apiProvider = (_a = result === null || result === void 0 ? void 0 : result.provider) !== null && _a !== void 0 ? _a : null;
+            const apiVerifyToken = (_b = result === null || result === void 0 ? void 0 : result.verifyToken) !== null && _b !== void 0 ? _b : null;
+            const availableProviders = ['email', 'sms', 'totp'];
+            if (availableProviders.includes(apiProvider)) {
+                return { user, provider: apiProvider, verifyToken: apiVerifyToken };
+            }
+            // Set the tokens in storage.
+            this.setTokens(accessToken, refreshToken);
+            // Set the user in storage.
+            this.session.setUser(user);
+            // Return the user.
+            return { user };
+        });
+    }
+    signInWithEmail(email, password, as) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const url = this.getUrl('auth/login');
+            return this.signIn(new AuthEmailProvider(email, password, url), as);
+        });
+    }
+    signInWithVerifyCode(code, verifyToken) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const url = this.getUrl('auth/verify');
+            return this.signIn(new AuthVerifyProvider(code, verifyToken, url));
+        });
+    }
+    resendVerifyCode(verifyToken) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const url = this.getUrl('auth/resend');
+            const result$ = this._httpClient.post(url, {
+                verify_token: verifyToken
+            });
+            return firstValueFrom(result$);
+        });
+    }
+    register(data, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Execute API call.
+            const url = this.getUrl('auth/register');
+            const result$ = this._httpClient.post(url, data, options);
+            const result = yield firstValueFrom(result$);
+            // Map to the correct response.
+            const { accessToken, refreshToken, user } = this._mapper.toRegister(result);
+            // Set the tokens in storage.
+            this.setTokens(accessToken, refreshToken);
+            // Set the user in storage.
+            this.session.setUser(user);
+            // Return the user.
+            return user;
+        });
+    }
+    logout() {
+        // If we don't have a refresh token just clear the session.
+        // Note: We do this because else we try to invalidate
+        // an "undefined" refresh token.
+        const refreshToken = this.session.refreshToken;
+        if (!refreshToken) {
+            return this.session.clear();
+        }
+        // We do have a refresh token, so try to
+        // invalidate it in the backend.
+        try {
+            const url = this.getUrl('auth/logout');
+            const observable$ = this._httpClient.get(url, {
+                headers: { Authorization: refreshToken }
+            });
+            firstValueFrom(observable$).then(_ => _);
+        }
+        catch (_a) {
+            // Do nothing because the tokens will be deleted anyways from the session.
+        }
+        // Delete the tokens from the session.
+        return this.session.clear();
+    }
+    refresh() {
+        var _a, _b;
+        // If the refresh token does
+        // not exist just return an observable of null.
+        const refreshToken = this.session.refreshToken;
+        if (!refreshToken) {
+            return of(null);
+        }
+        // Perform the refresh call.
+        const scheme = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.scheme) !== null && _b !== void 0 ? _b : 'Bearer';
+        const url = this.getUrl('auth/refresh');
+        const context = new HttpContext()
+            .set(USE_AUTHORIZATION, false);
+        return this._httpClient.get(url, {
+            headers: { Authorization: `${scheme} ${refreshToken}` },
+            context: context
+        }).pipe(map(data => this._mapper.toRefresh(data)), tap(({ accessToken, refreshToken }) => this.setTokens(accessToken, refreshToken)), map(({ accessToken }) => accessToken));
+    }
+    requestPassword(email, extraParams = {}) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const url = this.getUrl('auth/reset');
+            const observable$ = this._httpClient.post(url, Object.assign(Object.assign({}, extraParams), { email }));
+            return firstValueFrom(observable$);
+        });
+    }
+    resetPassword(token, newPassword, extraParams = {}) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const url = this.getUrl('auth/reset-password');
+            const observable$ = this._httpClient.post(url, Object.assign(Object.assign({}, extraParams), { token, password: newPassword }));
+            return firstValueFrom(observable$);
+        });
+    }
+    guard(type, redirectUrl) {
+        var _a, _b, _c, _d, _e, _f;
+        let newUrl = null;
+        // Get the correct new url.
+        switch (type) {
+            case 'authenticated':
+                newUrl = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.loggedInUrl) !== null && _b !== void 0 ? _b : null;
+                break;
+            case 'unauthenticated':
+                newUrl = (_d = (_c = this._config) === null || _c === void 0 ? void 0 : _c.redirectUrl) !== null && _d !== void 0 ? _d : null;
+                break;
+        }
+        // Append a redirect url if the user is deemed
+        // unauthenticated.
+        if (type === 'unauthenticated') {
+            const setRedirectOnFailedAuth = (_f = (_e = this._config) === null || _e === void 0 ? void 0 : _e.setRedirectOnFailedAuth) !== null && _f !== void 0 ? _f : true;
+            if (setRedirectOnFailedAuth && redirectUrl && newUrl) {
+                newUrl += `?redirectUrl=${redirectUrl}`;
+            }
+        }
+        // Parse the url if it exists.
+        if (this.router && newUrl) {
+            return this.router.parseUrl(newUrl);
+        }
+        // Return false if the user is not allowed.
+        return false;
+    }
+    clearAndRedirect() {
+        var _a, _b;
+        // 1. Delete the tokens from the session.
+        this.session.clear();
+        // 2. Compose the route url.
+        const redirectUrl = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.redirectUrl) !== null && _b !== void 0 ? _b : null;
+        // 3. Route back if the user provided a redirect url.
+        if (this.router && redirectUrl) {
+            this.router.navigate([redirectUrl]).then(_ => _);
+        }
+    }
+    setTokens(accessToken, refreshToken) {
+        // Set the tokens in our session.
+        this.session.setTokens(accessToken, refreshToken);
+        // We need to update the auto refresh of the refresh token.
+        this.handleAutoRefreshing();
+    }
+    handleAutoRefreshing() {
+        var _a, _b, _c, _d;
+        const shouldAutoRefresh = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.autoRefresh) !== null && _b !== void 0 ? _b : false;
+        if (!shouldAutoRefresh) {
+            return;
+        }
+        const expiresAt = (_d = (_c = this.session.refreshTokenPayload) === null || _c === void 0 ? void 0 : _c.expiresAt) !== null && _d !== void 0 ? _d : null;
+        if (expiresAt === null || !this._platform.isBrowser) {
+            return;
+        }
+        const differenceInMilliseconds = expiresAt.getTime() - Date.now();
+        const offsetInMilliseconds = 10000; // 10 seconds.
+        // We want to start the refresh 10 seconds before it expires.
+        const actualTiming = differenceInMilliseconds - offsetInMilliseconds;
+        if (actualTiming <= 0) {
+            return;
+        }
+        // We need to cap the timings because if
+        // we get large numbers it might cause unwanted results.
+        const maxTiming = 1000 * 60 * 60 * 24; // 24 hours.
+        const cappedTiming = Math.max(1, Math.min(actualTiming, maxTiming));
+        try {
+            if (this._refreshHandler !== null) {
+                clearTimeout === null || clearTimeout === void 0 ? void 0 : clearTimeout(this._refreshHandler);
+                this._refreshHandler = null;
+            }
+            this._refreshHandler = setTimeout === null || setTimeout === void 0 ? void 0 : setTimeout(() => this.autoRefresh(), cappedTiming);
+        }
+        catch (_e) {
+            // Just ignore it.
+        }
+    }
+    autoRefresh() {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                // We just need to wait for it to refresh.
+                const refresh$ = this.refresh();
+                yield firstValueFrom(refresh$);
+            }
+            catch (_a) {
+                // Something went wrong refreshing, we need to clear.
+                this.clearAndRedirect();
+            }
+        });
+    }
+    get router() {
+        return this._injector.get(Router);
+    }
+    getUrl(endpoint) {
+        return [this._httpAlias, endpoint]
+            .filter(item => !!item)
+            .join('/');
+    }
+}
+Auth.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Auth, deps: [{ token: i1.Storage }, { token: AuthMapper }, { token: i0.Injector }, { token: i3.Platform }, { token: i4.HttpClient }, { token: AuthConfig, optional: true }, { token: i6.TransferState, optional: true }, { token: i7.HttpConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
+Auth.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Auth });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Auth, decorators: [{
+            type: Injectable
+        }], ctorParameters: function () {
+        return [{ type: i1.Storage }, { type: AuthMapper }, { type: i0.Injector }, { type: i3.Platform }, { type: i4.HttpClient }, { type: AuthConfig, decorators: [{
+                        type: Optional
+                    }] }, { type: i6.TransferState, decorators: [{
+                        type: Optional
+                    }] }, { type: i7.HttpConfig, decorators: [{
+                        type: Optional
+                    }] }];
     } });
 
-class BbAuthenticated {
-    constructor(_auth, _template, _viewContainerRef) {
-        this._auth = _auth;
-        this._template = _template;
-        this._viewContainerRef = _viewContainerRef;
-    }
-    ngOnInit() {
-        this._subscription = this._auth.user.pipe(map(user => !!user), distinctUntilChanged()).subscribe(isAuthenticated => {
-            if (!isAuthenticated) {
-                return this._viewContainerRef.clear();
-            }
-            this._viewContainerRef.createEmbeddedView(this._template);
-        });
-    }
-    ngOnDestroy() {
-        var _a;
-        (_a = this._subscription) === null || _a === void 0 ? void 0 : _a.unsubscribe();
-    }
-}
-BbAuthenticated.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbAuthenticated, deps: [{ token: Auth }, { token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive });
-BbAuthenticated.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "14.0.3", type: BbAuthenticated, selector: "[bbAuthenticated]", ngImport: i0 });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbAuthenticated, decorators: [{
-            type: Directive,
-            args: [{
-                    selector: '[bbAuthenticated]'
-                }]
+class BbAuthenticated {
+    constructor(_auth, _template, _viewContainerRef) {
+        this._auth = _auth;
+        this._template = _template;
+        this._viewContainerRef = _viewContainerRef;
+    }
+    ngOnInit() {
+        this._subscription = this._auth.user.pipe(map(user => !!user), distinctUntilChanged()).subscribe(isAuthenticated => {
+            if (!isAuthenticated) {
+                return this._viewContainerRef.clear();
+            }
+            this._viewContainerRef.createEmbeddedView(this._template);
+        });
+    }
+    ngOnDestroy() {
+        var _a;
+        (_a = this._subscription) === null || _a === void 0 ? void 0 : _a.unsubscribe();
+    }
+}
+BbAuthenticated.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAuthenticated, deps: [{ token: Auth }, { token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive });
+BbAuthenticated.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "14.0.4", type: BbAuthenticated, selector: "[bbAuthenticated]", ngImport: i0 });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAuthenticated, decorators: [{
+            type: Directive,
+            args: [{
+                    selector: '[bbAuthenticated]'
+                }]
         }], ctorParameters: function () { return [{ type: Auth }, { type: i0.TemplateRef }, { type: i0.ViewContainerRef }]; } });
 
-class BbRole {
-    constructor(_auth, _template, _viewContainerRef) {
-        this._auth = _auth;
-        this._template = _template;
-        this._viewContainerRef = _viewContainerRef;
-        this.getAllowedRoles = (value) => {
-            return Array.isArray(value) ? value : [value];
-        };
-    }
-    ngOnInit() {
-        this._subscription = this._auth.user.pipe(map(user => { var _a; return (_a = user === null || user === void 0 ? void 0 : user.role) !== null && _a !== void 0 ? _a : null; }), distinctUntilChanged()).subscribe(role => {
-            const allowedRoles = this.getAllowedRoles(this.bbRole);
-            if (!allowedRoles.includes(role)) {
-                return this._viewContainerRef.clear();
-            }
-            this._viewContainerRef.createEmbeddedView(this._template);
-        });
-    }
-    ngOnDestroy() {
-        var _a;
-        (_a = this._subscription) === null || _a === void 0 ? void 0 : _a.unsubscribe();
-    }
-}
-BbRole.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbRole, deps: [{ token: Auth }, { token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive });
-BbRole.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "14.0.3", type: BbRole, selector: "[bbRole]", inputs: { bbRole: "bbRole" }, ngImport: i0 });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbRole, decorators: [{
-            type: Directive,
-            args: [{
-                    selector: '[bbRole]'
-                }]
-        }], ctorParameters: function () { return [{ type: Auth }, { type: i0.TemplateRef }, { type: i0.ViewContainerRef }]; }, propDecorators: { bbRole: [{
-                type: Input
+class BbRole {
+    constructor(_auth, _template, _viewContainerRef) {
+        this._auth = _auth;
+        this._template = _template;
+        this._viewContainerRef = _viewContainerRef;
+        this.getAllowedRoles = (value) => {
+            return Array.isArray(value) ? value : [value];
+        };
+    }
+    ngOnInit() {
+        this._subscription = this._auth.user.pipe(map(user => { var _a; return (_a = user === null || user === void 0 ? void 0 : user.role) !== null && _a !== void 0 ? _a : null; }), distinctUntilChanged()).subscribe(role => {
+            const allowedRoles = this.getAllowedRoles(this.bbRole);
+            if (!allowedRoles.includes(role)) {
+                return this._viewContainerRef.clear();
+            }
+            this._viewContainerRef.createEmbeddedView(this._template);
+        });
+    }
+    ngOnDestroy() {
+        var _a;
+        (_a = this._subscription) === null || _a === void 0 ? void 0 : _a.unsubscribe();
+    }
+}
+BbRole.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbRole, deps: [{ token: Auth }, { token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive });
+BbRole.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "14.0.4", type: BbRole, selector: "[bbRole]", inputs: { bbRole: "bbRole" }, ngImport: i0 });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbRole, decorators: [{
+            type: Directive,
+            args: [{
+                    selector: '[bbRole]'
+                }]
+        }], ctorParameters: function () { return [{ type: Auth }, { type: i0.TemplateRef }, { type: i0.ViewContainerRef }]; }, propDecorators: { bbRole: [{
+                type: Input
             }] } });
 
-class Permissions {
-    constructor(_auth, _config) {
-        var _a, _b;
-        this._auth = _auth;
-        this._config = _config;
-        // Data.
-        this._permissions = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.permissions) !== null && _b !== void 0 ? _b : {};
-        this._role$ = this._auth.user.pipe(map(user => { var _a; return (_a = user === null || user === void 0 ? void 0 : user.role) !== null && _a !== void 0 ? _a : null; }), distinctUntilChanged());
-    }
-    has(value) {
-        const requiredPermissions = Array.isArray(value)
-            ? value
-            : [value];
-        return this._role$.pipe(map(role => {
-            if (role === null || role === undefined) {
-                return false;
-            }
-            for (const requiredPermission of requiredPermissions) {
-                const result = this.validatePermission(requiredPermission, role);
-                if (!result) {
-                    return false;
-                }
-            }
-            return true;
-        }));
-    }
-    validatePermission(type, role) {
-        var _a, _b, _c, _d, _e;
-        const permission = (_b = (_a = this._permissions) === null || _a === void 0 ? void 0 : _a[type]) !== null && _b !== void 0 ? _b : null;
-        if (!permission) {
-            (_c = console === null || console === void 0 ? void 0 : console.warn) === null || _c === void 0 ? void 0 : _c.call(console, `Permissions: Invalid permission requested "${type}".`);
-            return false;
-        }
-        if ((permission === null || permission === void 0 ? void 0 : permission.length) <= 0) {
-            (_d = console === null || console === void 0 ? void 0 : console.warn) === null || _d === void 0 ? void 0 : _d.call(console, `Permissions: No roles were set, please add some roles to this permission.`);
-            return false;
-        }
-        // If the permission includes a "*" we allow everyone.
-        if (permission.includes('*')) {
-            return true;
-        }
-        // Validate the role against the permissions.
-        return (_e = permission === null || permission === void 0 ? void 0 : permission.includes(role)) !== null && _e !== void 0 ? _e : false;
-    }
-}
-Permissions.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: Permissions, deps: [{ token: Auth }, { token: AuthConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
-Permissions.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: Permissions });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: Permissions, decorators: [{
-            type: Injectable
-        }], ctorParameters: function () {
-        return [{ type: Auth }, { type: AuthConfig, decorators: [{
-                        type: Optional
-                    }] }];
+class Permissions {
+    constructor(_auth, _config) {
+        var _a, _b;
+        this._auth = _auth;
+        this._config = _config;
+        // Data.
+        this._permissions = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.permissions) !== null && _b !== void 0 ? _b : {};
+        this._role$ = this._auth.user.pipe(map(user => { var _a; return (_a = user === null || user === void 0 ? void 0 : user.role) !== null && _a !== void 0 ? _a : null; }), distinctUntilChanged());
+    }
+    has(value) {
+        const requiredPermissions = Array.isArray(value)
+            ? value
+            : [value];
+        return this._role$.pipe(map(role => {
+            if (role === null || role === undefined) {
+                return false;
+            }
+            for (const requiredPermission of requiredPermissions) {
+                const result = this.validatePermission(requiredPermission, role);
+                if (!result) {
+                    return false;
+                }
+            }
+            return true;
+        }));
+    }
+    validatePermission(type, role) {
+        var _a, _b, _c, _d, _e;
+        const permission = (_b = (_a = this._permissions) === null || _a === void 0 ? void 0 : _a[type]) !== null && _b !== void 0 ? _b : null;
+        if (!permission) {
+            (_c = console === null || console === void 0 ? void 0 : console.warn) === null || _c === void 0 ? void 0 : _c.call(console, `Permissions: Invalid permission requested "${type}".`);
+            return false;
+        }
+        if ((permission === null || permission === void 0 ? void 0 : permission.length) <= 0) {
+            (_d = console === null || console === void 0 ? void 0 : console.warn) === null || _d === void 0 ? void 0 : _d.call(console, `Permissions: No roles were set, please add some roles to this permission.`);
+            return false;
+        }
+        // If the permission includes a "*" we allow everyone.
+        if (permission.includes('*')) {
+            return true;
+        }
+        // Validate the role against the permissions.
+        return (_e = permission === null || permission === void 0 ? void 0 : permission.includes(role)) !== null && _e !== void 0 ? _e : false;
+    }
+}
+Permissions.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Permissions, deps: [{ token: Auth }, { token: AuthConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
+Permissions.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Permissions });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Permissions, decorators: [{
+            type: Injectable
+        }], ctorParameters: function () {
+        return [{ type: Auth }, { type: AuthConfig, decorators: [{
+                        type: Optional
+                    }] }];
     } });
 
-class BbPermission {
-    constructor(_permissions, _templateRef, _viewContainerRef) {
-        this._permissions = _permissions;
-        this._templateRef = _templateRef;
-        this._viewContainerRef = _viewContainerRef;
-        // Data.
-        this._permission$ = new BehaviorSubject([]);
-        this._valid = false;
-        this._elseTemplateRef = null;
-        this._thenViewRef = null;
-        this._elseViewRef = null;
-        this.getAllowedPermissions = (value) => {
-            return Array.isArray(value) ? value : [value];
-        };
-        this.assertTemplate = (property, templateRef) => {
-            const isTemplateRefOrNull = !!(!templateRef || templateRef.createEmbeddedView);
-            if (!isTemplateRefOrNull) {
-                throw new Error(`${property} must be a TemplateRef.`);
-            }
-        };
-    }
-    set bbPermission(value) {
-        const permissions = this.getAllowedPermissions(value);
-        this._permission$.next(permissions);
-        this.updateView();
-    }
-    set bbPermissionElse(templateRef) {
-        this.assertTemplate('bbPermissionElse', templateRef);
-        this._elseTemplateRef = templateRef;
-        this.updateView();
-    }
-    ngOnInit() {
-        const check$ = this._permission$.pipe(switchMap(permissions => this._permissions.has(permissions)));
-        this._subscription = check$.subscribe(valid => {
-            this._valid = valid;
-            this.updateView();
-        });
-    }
-    ngOnDestroy() {
-        var _a;
-        (_a = this._subscription) === null || _a === void 0 ? void 0 : _a.unsubscribe();
-    }
-    updateView() {
-        if (this._valid) {
-            if (!this._thenViewRef) {
-                this._viewContainerRef.clear();
-                this._elseViewRef = null;
-                if (this._templateRef) {
-                    this._thenViewRef = this._viewContainerRef.createEmbeddedView(this._templateRef);
-                }
-            }
-        }
-        else {
-            if (!this._elseViewRef) {
-                this._viewContainerRef.clear();
-                this._thenViewRef = null;
-                if (this._elseTemplateRef) {
-                    this._elseViewRef = this._viewContainerRef.createEmbeddedView(this._elseTemplateRef);
-                }
-            }
-        }
-    }
-}
-BbPermission.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbPermission, deps: [{ token: Permissions }, { token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive });
-BbPermission.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "14.0.3", type: BbPermission, selector: "[bbPermission]", inputs: { bbPermission: "bbPermission", bbPermissionElse: "bbPermissionElse" }, ngImport: i0 });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbPermission, decorators: [{
-            type: Directive,
-            args: [{
-                    selector: '[bbPermission]'
-                }]
-        }], ctorParameters: function () { return [{ type: Permissions }, { type: i0.TemplateRef }, { type: i0.ViewContainerRef }]; }, propDecorators: { bbPermission: [{
-                type: Input
-            }], bbPermissionElse: [{
-                type: Input
+class BbPermission {
+    constructor(_permissions, _templateRef, _viewContainerRef) {
+        this._permissions = _permissions;
+        this._templateRef = _templateRef;
+        this._viewContainerRef = _viewContainerRef;
+        // Data.
+        this._permission$ = new BehaviorSubject([]);
+        this._valid = false;
+        this._elseTemplateRef = null;
+        this._thenViewRef = null;
+        this._elseViewRef = null;
+        this.getAllowedPermissions = (value) => {
+            return Array.isArray(value) ? value : [value];
+        };
+        this.assertTemplate = (property, templateRef) => {
+            const isTemplateRefOrNull = !!(!templateRef || templateRef.createEmbeddedView);
+            if (!isTemplateRefOrNull) {
+                throw new Error(`${property} must be a TemplateRef.`);
+            }
+        };
+    }
+    set bbPermission(value) {
+        const permissions = this.getAllowedPermissions(value);
+        this._permission$.next(permissions);
+        this.updateView();
+    }
+    set bbPermissionElse(templateRef) {
+        this.assertTemplate('bbPermissionElse', templateRef);
+        this._elseTemplateRef = templateRef;
+        this.updateView();
+    }
+    ngOnInit() {
+        const check$ = this._permission$.pipe(switchMap(permissions => this._permissions.has(permissions)));
+        this._subscription = check$.subscribe(valid => {
+            this._valid = valid;
+            this.updateView();
+        });
+    }
+    ngOnDestroy() {
+        var _a;
+        (_a = this._subscription) === null || _a === void 0 ? void 0 : _a.unsubscribe();
+    }
+    updateView() {
+        if (this._valid) {
+            if (!this._thenViewRef) {
+                this._viewContainerRef.clear();
+                this._elseViewRef = null;
+                if (this._templateRef) {
+                    this._thenViewRef = this._viewContainerRef.createEmbeddedView(this._templateRef);
+                }
+            }
+        }
+        else {
+            if (!this._elseViewRef) {
+                this._viewContainerRef.clear();
+                this._thenViewRef = null;
+                if (this._elseTemplateRef) {
+                    this._elseViewRef = this._viewContainerRef.createEmbeddedView(this._elseTemplateRef);
+                }
+            }
+        }
+    }
+}
+BbPermission.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbPermission, deps: [{ token: Permissions }, { token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive });
+BbPermission.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "14.0.4", type: BbPermission, selector: "[bbPermission]", inputs: { bbPermission: "bbPermission", bbPermissionElse: "bbPermissionElse" }, ngImport: i0 });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbPermission, decorators: [{
+            type: Directive,
+            args: [{
+                    selector: '[bbPermission]'
+                }]
+        }], ctorParameters: function () { return [{ type: Permissions }, { type: i0.TemplateRef }, { type: i0.ViewContainerRef }]; }, propDecorators: { bbPermission: [{
+                type: Input
+            }], bbPermissionElse: [{
+                type: Input
             }] } });
 
-class BbAnonymousGuard {
-    constructor(_auth) {
-        this._auth = _auth;
-    }
-    canActivate(_, state) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Check if the user is authenticated.
-            const isAuthenticated$ = yield this._auth.user.pipe(map(user => !!user));
-            // If the user is not authenticated it can
-            // access the anonymous page.
-            const isAuthenticated = yield firstValueFrom(isAuthenticated$, { defaultValue: null });
-            if (!isAuthenticated) {
-                return true;
-            }
-            // Return the user back to the authenticated page.
-            return this._auth.guard('authenticated', state.url);
-        });
-    }
-    canActivateChild(childRoute, state) {
-        return this.canActivate(childRoute, state);
-    }
-}
-BbAnonymousGuard.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbAnonymousGuard, deps: [{ token: Auth }], target: i0.ɵɵFactoryTarget.Injectable });
-BbAnonymousGuard.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbAnonymousGuard, providedIn: 'root' });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbAnonymousGuard, decorators: [{
-            type: Injectable,
-            args: [{
-                    providedIn: 'root'
-                }]
+class BbAnonymousGuard {
+    constructor(_auth) {
+        this._auth = _auth;
+    }
+    canActivate(_, state) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Check if the user is authenticated.
+            const isAuthenticated$ = yield this._auth.user.pipe(map(user => !!user));
+            // If the user is not authenticated it can
+            // access the anonymous page.
+            const isAuthenticated = yield firstValueFrom(isAuthenticated$, { defaultValue: null });
+            if (!isAuthenticated) {
+                return true;
+            }
+            // Return the user back to the authenticated page.
+            return this._auth.guard('authenticated', state.url);
+        });
+    }
+    canActivateChild(childRoute, state) {
+        return this.canActivate(childRoute, state);
+    }
+}
+BbAnonymousGuard.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAnonymousGuard, deps: [{ token: Auth }], target: i0.ɵɵFactoryTarget.Injectable });
+BbAnonymousGuard.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAnonymousGuard, providedIn: 'root' });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAnonymousGuard, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root'
+                }]
         }], ctorParameters: function () { return [{ type: Auth }]; } });
 
-class BbAuthenticatedGuard {
-    constructor(_auth) {
-        this._auth = _auth;
-    }
-    canActivate(_, state) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Check if the user is authenticated.
-            const isAuthenticated$ = yield this._auth.user.pipe(map(user => !!user));
-            // If the user is authenticated it can
-            // access the authenticated page.
-            const isAuthenticated = yield firstValueFrom(isAuthenticated$, { defaultValue: null });
-            if (isAuthenticated) {
-                return true;
-            }
-            // The user is not authorized to see that
-            // page so un-authorize him.
-            return this._auth.guard('unauthenticated', state.url);
-        });
-    }
-    canActivateChild(childRoute, state) {
-        return this.canActivate(childRoute, state);
-    }
-}
-BbAuthenticatedGuard.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbAuthenticatedGuard, deps: [{ token: Auth }], target: i0.ɵɵFactoryTarget.Injectable });
-BbAuthenticatedGuard.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbAuthenticatedGuard, providedIn: 'root' });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: BbAuthenticatedGuard, decorators: [{
-            type: Injectable,
-            args: [{
-                    providedIn: 'root'
-                }]
+class BbAuthenticatedGuard {
+    constructor(_auth) {
+        this._auth = _auth;
+    }
+    canActivate(_, state) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Check if the user is authenticated.
+            const isAuthenticated$ = yield this._auth.user.pipe(map(user => !!user));
+            // If the user is authenticated it can
+            // access the authenticated page.
+            const isAuthenticated = yield firstValueFrom(isAuthenticated$, { defaultValue: null });
+            if (isAuthenticated) {
+                return true;
+            }
+            // The user is not authorized to see that
+            // page so un-authorize him.
+            return this._auth.guard('unauthenticated', state.url);
+        });
+    }
+    canActivateChild(childRoute, state) {
+        return this.canActivate(childRoute, state);
+    }
+}
+BbAuthenticatedGuard.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAuthenticatedGuard, deps: [{ token: Auth }], target: i0.ɵɵFactoryTarget.Injectable });
+BbAuthenticatedGuard.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAuthenticatedGuard, providedIn: 'root' });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAuthenticatedGuard, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root'
+                }]
         }], ctorParameters: function () { return [{ type: Auth }]; } });
 
-class AuthInterceptor {
-    constructor(_auth, _config) {
-        this._auth = _auth;
-        this._config = _config;
-        // Readonly data.
-        this._authHeaderString = 'Authorization';
-        // Data.
-        this.isRefreshing = false;
-        this.refreshingAccessToken$ = new BehaviorSubject(null);
-        this.getAccessToken = (request) => {
-            // Get the token based on header.
-            if (request.headers.has('Authorization')) {
-                return request.headers.get('Authorization');
-            }
-            // Return the default access token.
-            return this._auth.session.accessToken;
-        };
-        this.addAuthorizationHeader = (request, accessToken = null) => {
-            // Remove auth header when we do not have
-            // an access token.
-            if (!accessToken) {
-                return request.clone({
-                    headers: request.headers.delete(this._authHeaderString)
-                });
-            }
-            // Add the auth header to the request.
-            return request.clone({
-                setHeaders: { [this._authHeaderString]: this.getFullAuthorizationHeader(accessToken) }
-            });
-        };
-        this.getFullAuthorizationHeader = (token) => {
-            var _a, _b;
-            const authScheme = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.scheme) !== null && _b !== void 0 ? _b : 'Bearer';
-            return [authScheme, token].join(' ');
-        };
-    }
-    intercept(request, next) {
-        // 1. Check if the user wants to use the authorization for this request.
-        if (!request.context.get(USE_AUTHORIZATION)) {
-            return next.handle(request);
-        }
-        // 2. Compose the new request.
-        const accessToken = this.getAccessToken(request);
-        const newRequest = this.addAuthorizationHeader(request, accessToken);
-        // 3. Handle all errors.
-        return next.handle(newRequest).pipe(catchError(error => {
-            // Handle the HTTP401 error.
-            if ((error instanceof HttpErrorResponse || error instanceof HttpError) && (error === null || error === void 0 ? void 0 : error.status) === 401) {
-                return this.handle401Error(request, next);
-            }
-            // Just re-throw the parsed error.
-            return throwError(() => error);
-        }));
-    }
-    handle401Error(request, next) {
-        // If already refreshing wait for the refresh token to complete.
-        if (this.isRefreshing) {
-            return this.refreshingAccessToken$.pipe(filter(accessToken => accessToken !== null), take(1), switchMap(accessToken => next.handle(this.addAuthorizationHeader(request, accessToken))));
-        }
-        // Set the refreshing to true.
-        this.isRefreshing = true;
-        this.refreshingAccessToken$.next(null);
-        return this._auth.refresh().pipe(switchMap(newAccessToken => {
-            if (!newAccessToken) {
-                return throwError(() => new Error('No refresh token was available.'));
-            }
-            this.refreshingAccessToken$.next(newAccessToken);
-            return next.handle(this.addAuthorizationHeader(request, newAccessToken));
-        }), catchError(() => this.logoutUser()), finalize(() => this.isRefreshing = false));
-    }
-    logoutUser() {
-        // Handle the refresh error.
-        this._auth.clearAndRedirect();
-        // Return null as data.
-        return of(null);
-    }
-}
-AuthInterceptor.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: AuthInterceptor, deps: [{ token: Auth }, { token: AuthConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
-AuthInterceptor.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: AuthInterceptor });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: AuthInterceptor, decorators: [{
-            type: Injectable
-        }], ctorParameters: function () {
-        return [{ type: Auth }, { type: AuthConfig, decorators: [{
-                        type: Optional
-                    }] }];
+class AuthInterceptor {
+    constructor(_auth, _config) {
+        this._auth = _auth;
+        this._config = _config;
+        // Readonly data.
+        this._authHeaderString = 'Authorization';
+        // Data.
+        this.isRefreshing = false;
+        this.refreshingAccessToken$ = new BehaviorSubject(null);
+        this.getAccessToken = (request) => {
+            // Get the token based on header.
+            if (request.headers.has('Authorization')) {
+                return request.headers.get('Authorization');
+            }
+            // Return the default access token.
+            return this._auth.session.accessToken;
+        };
+        this.addAuthorizationHeader = (request, accessToken = null) => {
+            // Remove auth header when we do not have
+            // an access token.
+            if (!accessToken) {
+                return request.clone({
+                    headers: request.headers.delete(this._authHeaderString)
+                });
+            }
+            // Add the auth header to the request.
+            return request.clone({
+                setHeaders: { [this._authHeaderString]: this.getFullAuthorizationHeader(accessToken) }
+            });
+        };
+        this.getFullAuthorizationHeader = (token) => {
+            var _a, _b;
+            const authScheme = (_b = (_a = this._config) === null || _a === void 0 ? void 0 : _a.scheme) !== null && _b !== void 0 ? _b : 'Bearer';
+            return [authScheme, token].join(' ');
+        };
+    }
+    intercept(request, next) {
+        // 1. Check if the user wants to use the authorization for this request.
+        if (!request.context.get(USE_AUTHORIZATION)) {
+            return next.handle(request);
+        }
+        // 2. Compose the new request.
+        const accessToken = this.getAccessToken(request);
+        const newRequest = this.addAuthorizationHeader(request, accessToken);
+        // 3. Handle all errors.
+        return next.handle(newRequest).pipe(catchError(error => {
+            // Handle the HTTP401 error.
+            if ((error instanceof HttpErrorResponse || error instanceof HttpError) && (error === null || error === void 0 ? void 0 : error.status) === 401) {
+                return this.handle401Error(request, next);
+            }
+            // Just re-throw the parsed error.
+            return throwError(() => error);
+        }));
+    }
+    handle401Error(request, next) {
+        // If already refreshing wait for the refresh token to complete.
+        if (this.isRefreshing) {
+            return this.refreshingAccessToken$.pipe(filter(accessToken => accessToken !== null), take(1), switchMap(accessToken => next.handle(this.addAuthorizationHeader(request, accessToken))));
+        }
+        // Set the refreshing to true.
+        this.isRefreshing = true;
+        this.refreshingAccessToken$.next(null);
+        return this._auth.refresh().pipe(switchMap(newAccessToken => {
+            if (!newAccessToken) {
+                return throwError(() => new Error('No refresh token was available.'));
+            }
+            this.refreshingAccessToken$.next(newAccessToken);
+            return next.handle(this.addAuthorizationHeader(request, newAccessToken));
+        }), catchError(() => this.logoutUser()), finalize(() => this.isRefreshing = false));
+    }
+    logoutUser() {
+        // Handle the refresh error.
+        this._auth.clearAndRedirect();
+        // Return null as data.
+        return of(null);
+    }
+}
+AuthInterceptor.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthInterceptor, deps: [{ token: Auth }, { token: AuthConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
+AuthInterceptor.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthInterceptor });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthInterceptor, decorators: [{
+            type: Injectable
+        }], ctorParameters: function () {
+        return [{ type: Auth }, { type: AuthConfig, decorators: [{
+                        type: Optional
+                    }] }];
     } });
 
-const DECLARATIONS_EXPORTS = [
-    BbAuthenticated,
-    BbRole,
-    BbPermission
-];
-class AuthModule {
-    static forRoot(config) {
-        return {
-            ngModule: AuthModule,
-            providers: [
-                Auth,
-                Permissions,
-                { provide: AuthConfig, useValue: config },
-                { provide: HTTP_INTERCEPTORS, useClass: AuthInterceptor, multi: true },
-                { useFactory: initializeAuth, provide: APP_INITIALIZER, deps: [Auth], multi: true }
-            ]
-        };
-    }
-}
-AuthModule.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: AuthModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule });
-AuthModule.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "14.0.0", version: "14.0.3", ngImport: i0, type: AuthModule, declarations: [BbAuthenticated,
-        BbRole,
-        BbPermission], imports: [HttpClientModule], exports: [BbAuthenticated,
-        BbRole,
-        BbPermission] });
-AuthModule.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: AuthModule, providers: [
-        { provide: AuthMapper, useClass: AuthMapper }
-    ], imports: [HttpClientModule] });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.3", ngImport: i0, type: AuthModule, decorators: [{
-            type: NgModule,
-            args: [{
-                    imports: [HttpClientModule],
-                    declarations: [...DECLARATIONS_EXPORTS],
-                    exports: [...DECLARATIONS_EXPORTS],
-                    providers: [
-                        { provide: AuthMapper, useClass: AuthMapper }
-                    ]
-                }]
-        }] });
-function initializeAuth(auth) {
-    return auth.initialize();
+const DECLARATIONS_EXPORTS = [
+    BbAuthenticated,
+    BbRole,
+    BbPermission
+];
+class AuthModule {
+    static forRoot(config) {
+        return {
+            ngModule: AuthModule,
+            providers: [
+                Auth,
+                Permissions,
+                { provide: AuthConfig, useValue: config },
+                { provide: HTTP_INTERCEPTORS, useClass: AuthInterceptor, multi: true },
+                { useFactory: initializeAuth, provide: APP_INITIALIZER, deps: [Auth], multi: true }
+            ]
+        };
+    }
+}
+AuthModule.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule });
+AuthModule.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "14.0.0", version: "14.0.4", ngImport: i0, type: AuthModule, declarations: [BbAuthenticated,
+        BbRole,
+        BbPermission], imports: [HttpClientModule], exports: [BbAuthenticated,
+        BbRole,
+        BbPermission] });
+AuthModule.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthModule, providers: [
+        { provide: AuthMapper, useClass: AuthMapper }
+    ], imports: [HttpClientModule] });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthModule, decorators: [{
+            type: NgModule,
+            args: [{
+                    imports: [HttpClientModule],
+                    declarations: [...DECLARATIONS_EXPORTS],
+                    exports: [...DECLARATIONS_EXPORTS],
+                    providers: [
+                        { provide: AuthMapper, useClass: AuthMapper }
+                    ]
+                }]
+        }] });
+function initializeAuth(auth) {
+    return auth.initialize();
 }
 
-/**
- * Generated bundle index. Do not edit.
+/**
+ * Generated bundle index. Do not edit.
  */
 
 export { Auth, AuthConfig, AuthEmailProvider, AuthMapper, AuthModule, AuthSession, AuthVerifyProvider, BbAnonymousGuard, BbAuthenticated, BbAuthenticatedGuard, BbPermission, BbRole, JwtHelper, Permissions, USE_AUTHORIZATION, initializeAuth };