@meshmakers/shared-auth 3.3.33 → 3.3.380

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +205 -13
  2. package/fesm2022/meshmakers-shared-auth-login-ui.mjs +127 -0
  3. package/fesm2022/meshmakers-shared-auth-login-ui.mjs.map +1 -0
  4. package/fesm2022/meshmakers-shared-auth.mjs +336 -240
  5. package/fesm2022/meshmakers-shared-auth.mjs.map +1 -1
  6. package/package.json +27 -5
  7. package/types/meshmakers-shared-auth-login-ui.d.ts +42 -0
  8. package/types/meshmakers-shared-auth.d.ts +222 -0
  9. package/index.d.ts +0 -118
package/fesm2022/meshmakers-shared-auth.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"meshmakers-shared-auth.mjs","sources":["../../../../projects/meshmakers/shared-auth/src/lib/authorize.service.ts","../../../../projects/meshmakers/shared-auth/src/lib/roles.ts","../../../../projects/meshmakers/shared-auth/src/lib/login-menu/login-menu.component.ts","../../../../projects/meshmakers/shared-auth/src/lib/login-menu/login-menu.component.html","../../../../projects/meshmakers/shared-auth/src/lib/authorize.guard.ts","../../../../projects/meshmakers/shared-auth/src/lib/authorize.interceptor.ts","../../../../projects/meshmakers/shared-auth/src/lib/shared-auth.module.ts","../../../../projects/meshmakers/shared-auth/src/public-api.ts","../../../../projects/meshmakers/shared-auth/src/meshmakers-shared-auth.ts"],"sourcesContent":["import { Injectable, inject } from \"@angular/core\";\nimport { BehaviorSubject, firstValueFrom, Observable } from \"rxjs\";\nimport { filter, map } from \"rxjs/operators\";\nimport { AuthConfig, OAuthService } from \"angular-oauth2-oidc\";\nimport { Roles } from \"./roles\";\n\nexport interface IUser {\n family_name: string | null;\n given_name: string | null;\n name: string;\n role: string[] | null;\n sub: string;\n idp: string;\n email: string | null;\n}\n\nexport class AuthorizeOptions {\n wellKnownServiceUris?: string[];\n // Url of the Identity Provider\n issuer?: string;\n // URL of the SPA to redirect the user to after login\n redirectUri?: string;\n postLogoutRedirectUri?: string;\n // The SPA's id. The SPA is registered with this id at the auth-server\n clientId?: string;\n // set the scope for the permissions the client should request\n // The first three are defined by OIDC. The 4th is a use case-specific one\n scope?: string;\n showDebugInformation?: boolean;\n sessionChecksEnabled?: boolean;\n // Use popup flow for Office Add-Ins to avoid iframe issues\n usePopupFlow?: boolean;\n}\n\n@Injectable()\nexport class AuthorizeService {\n private readonly oauthService = inject(OAuthService);\n\n private readonly _isAuthenticated = new BehaviorSubject<boolean>(false);\n private readonly _issuer: BehaviorSubject<string | null> = new BehaviorSubject<string | null>(null);\n\n private readonly _accessToken: BehaviorSubject<string | null> = new BehaviorSubject<string | null>(null);\n\n private readonly _user: BehaviorSubject<IUser | null> = new BehaviorSubject<IUser | null>(null);\n private readonly _userInitials: BehaviorSubject<string | null> = new BehaviorSubject<string | null>(null);\n\n private readonly _isInitialized = new BehaviorSubject<boolean>(false);\n private readonly _isInitializing = new BehaviorSubject<boolean>(false);\n\n private readonly _sessionLoading = new BehaviorSubject<boolean>(false);\n\n private authorizeOptions: AuthorizeOptions | null = null;\n\n constructor() {\n console.debug(\"AuthorizeService::created\");\n\n this.oauthService.discoveryDocumentLoaded$.subscribe((_) => {\n console.debug(\"discoveryDocumentLoaded$\");\n\n });\n\n this.oauthService.events.subscribe((e) => {\n console.debug(\"oauth/oidc event\", e);\n });\n\n this.oauthService.events.pipe(filter((e) => e.type === \"session_terminated\")).subscribe((_) => {\n console.debug(\"Your session has been terminated!\");\n this._accessToken.next(null);\n this._user.next(null);\n this._isAuthenticated.next(false);\n });\n\n this.oauthService.events.pipe(filter((e) => e.type === \"token_received\")).subscribe(async (_) => {\n await this.loadUserAsync();\n });\n\n this.oauthService.events.pipe(filter((e) => e.type === \"session_unchanged\")).subscribe(async (_) => {\n if (this._user.value == null) {\n await this.loadUserAsync();\n }\n });\n\n this.oauthService.events.pipe(filter((e) => e.type === \"logout\")).subscribe((_) => {\n this._accessToken.next(null);\n this._user.next(null);\n this._isAuthenticated.next(false);\n });\n }\n\n public isInRole(role: Roles): boolean {\n return this._user?.value?.role?.includes(role) ?? false;\n }\n\n public getRoles(): Observable<string[]> {\n return this.user.pipe(map((u) => (u?.role != null ? u.role : new Array<string>())));\n }\n\n public getServiceUris(): string[] | null {\n return this.authorizeOptions?.wellKnownServiceUris ?? null;\n }\n\n public get issuer(): Observable<string | null> {\n return this._issuer;\n }\n\n public get isAuthenticated(): Observable<boolean> {\n return this._isAuthenticated;\n }\n\n public get sessionLoading(): Observable<boolean> {\n return this._sessionLoading;\n }\n\n public get accessToken(): Observable<string | null> {\n return this._accessToken;\n }\n\n public get user(): Observable<IUser | null> {\n return this._user;\n }\n\n public get userInitials(): Observable<string | null> {\n return this._userInitials;\n }\n\n public login(): void {\n if (this.authorizeOptions?.usePopupFlow) {\n this.loginWithPopup();\n } else {\n this.oauthService.initImplicitFlow();\n }\n }\n\n protected loginWithPopup(): void {\n // Initiate login flow and get the authorization URL\n this.oauthService.initLoginFlow();\n\n // For popup flow, we need to handle the callback differently\n // The popup will redirect back, and we need to process the code\n window.addEventListener('storage', (e) => {\n if (e.key === 'oauth_code_received') {\n // Process the authentication after popup closes\n this.oauthService.tryLoginCodeFlow().then(() => {\n localStorage.removeItem('oauth_code_received');\n });\n }\n });\n }\n\n public logout(): void {\n this.oauthService.logOut(false);\n }\n\n public async initialize(authorizeOptions: AuthorizeOptions): Promise<void> {\n console.debug(\"AuthorizeService::initialize::started\");\n\n await this.uninitialize();\n\n if (await firstValueFrom(this._isInitializing)) {\n return;\n }\n if (await firstValueFrom(this._isInitialized)) {\n console.debug(\"AuthorizeService::initialize::alreadyInitialized\");\n return;\n }\n this._isInitializing.next(true);\n\n try {\n const config: AuthConfig = {\n responseType: \"code\",\n issuer: authorizeOptions.issuer,\n redirectUri: authorizeOptions.redirectUri,\n postLogoutRedirectUri: authorizeOptions.postLogoutRedirectUri,\n clientId: authorizeOptions.clientId,\n scope: authorizeOptions.scope,\n showDebugInformation: authorizeOptions.showDebugInformation,\n sessionChecksEnabled: authorizeOptions.sessionChecksEnabled,\n sessionCheckIntervall: 60 * 1000,\n preserveRequestedRoute: true\n };\n\n this.authorizeOptions = authorizeOptions;\n\n this.oauthService.setStorage(localStorage);\n this.oauthService.configure(config);\n console.debug(\"AuthorizeService::initialize::loadingDiscoveryDocumentAndTryLogin\");\n await this.oauthService.loadDiscoveryDocumentAndTryLogin();\n\n console.debug(\"AuthorizeService::initialize::setupAutomaticSilentRefresh\");\n this.oauthService.setupAutomaticSilentRefresh();\n\n this._issuer.next(authorizeOptions.issuer ?? null);\n\n if (this.oauthService.hasValidIdToken()) {\n // if the idToken is still valid, we can use the session\n console.debug(\"AuthorizeService::initialize::hasValidIdToken\");\n this._sessionLoading.next(true);\n await this.oauthService.refreshToken();\n }\n\n this._isInitialized.next(true);\n console.debug(\"AuthorizeService::initialize::done\");\n } finally {\n this._isInitializing.next(false);\n }\n\n console.debug(\"AuthorizeService::initialize::completed\");\n }\n\n public async uninitialize(): Promise<void> {\n console.debug(\"AuthorizeService::uninitialize::started\");\n\n if (await firstValueFrom(this._isInitializing)) {\n return;\n }\n if (!await firstValueFrom(this._isInitialized)) {\n console.debug(\"AuthorizeService::uninitialize::alreadyUninitialized\");\n return;\n }\n\n try {\n this._isInitializing.next(true);\n\n this.oauthService.stopAutomaticRefresh();\n\n this.authorizeOptions = null;\n\n this._isInitialized.next(false);\n console.debug(\"AuthorizeService::uninitialize::done\");\n } finally {\n this._isInitializing.next(false);\n }\n\n console.debug(\"AuthorizeService::uninitialize::completed\");\n }\n\n private async loadUserAsync(): Promise<void> {\n const claims = this.oauthService.getIdentityClaims();\n if (!claims) {\n console.error(\"claims where null when loading identity claims\");\n return;\n }\n\n const user = claims as IUser;\n if (user.family_name && user.given_name){\n const initials = user.given_name.charAt(0) + user.family_name.charAt(0);\n this._userInitials.next(initials);\n }\n else {\n this._userInitials.next(user.name.charAt(0) + user.name.charAt(1));\n }\n\n const accessToken = this.oauthService.getAccessToken();\n this._user.next(user);\n this._accessToken.next(accessToken);\n this._isAuthenticated.next(true);\n this._sessionLoading.next(false);\n console.debug(\"AuthorizeService::loadUserAsync::done\");\n }\n}\n","export enum Roles {\n ReportingManagement = 'ReportingManagement',\n ReportingViewer = 'ReportingViewer',\n AdminPanelManagement = 'AdminPanelManagement',\n BotManagement = 'BotManagement',\n UserManagement = 'UserManagement',\n CommunicationManagement = 'CommunicationManagement',\n TenantManagement = 'TenantManagement',\n Development = 'Development'\n}\n","import { Component, OnInit, inject } from '@angular/core';\nimport { AuthorizeService } from '../authorize.service';\nimport { Observable } from 'rxjs';\nimport { map } from 'rxjs/operators';\n\n@Component({\n selector: 'mm-login-menu',\n standalone: false,\n templateUrl: './login-menu.component.html',\n styleUrls: ['./login-menu.component.css']\n})\nexport class LoginMenuComponent implements OnInit {\n private readonly authorizeService = inject(AuthorizeService);\n\n public isAuthenticated: Observable<boolean>;\n public userName: Observable<string | null>;\n\n constructor() {\n this.isAuthenticated = this.authorizeService.isAuthenticated;\n this.userName = this.authorizeService.user.pipe(map((u) => u?.name ?? null));\n }\n\n ngOnInit(): void {\n const isIFrame = window.self !== window.top;\n\n console.log('app-login-menu::created');\n\n this.isAuthenticated.subscribe((x) => {\n console.log(`isAuthenticated changed to ${x} (iframe ${isIFrame})`);\n });\n }\n\n public login(): void {\n this.authorizeService.login();\n }\n\n public logout(): void {\n this.authorizeService.logout();\n }\n\n public register(): void {}\n}\n","<ul *ngIf=\"isAuthenticated | async\" class=\"navbar-nav\">\n <li class=\"nav-item dropdown\">\n <a aria-expanded=\"false\" aria-haspopup=\"true\" class=\"nav-link dropdown-toggle\" data-toggle=\"dropdown\" href=\"#\"\n id=\"navbarDropdownLogin\" role=\"button\">\n {{ userName | async }} <b class=\"caret\"></b>\n </a>\n <div aria-labelledby=\"navbarDropdown\" class=\"dropdown-menu\">\n <!--<a class=\"dropdown-item\" asp-action=\"Index\" asp-area=\"Authentication\" asp-controller=\"Grants\">Client Application Access</a>-->\n <!--<a class=\"dropdown-item\" [routerLink]='[\"/authentication/profile\"]' title=\"Manage\">Manage</a>-->\n <!--<a class=\"dropdown-item\" asp-action=\"Index\" asp-area=\"Authentication\" asp-controller=\"Diagnostics\">Diagnostics</a>-->\n <div class=\"dropdown-divider\"></div>\n <a (click)='logout()' class=\"dropdown-item\" routerLink=\"\" title=\"Logout\">Logout</a>\n </div>\n </li>\n</ul>\n<ul *ngIf=\"!(isAuthenticated | async)\" class=\"navbar-nav\">\n <li class=\"nav-item\">\n <a (click)='register()' class=\"nav-link\" routerLink=\"\">Register</a>\n </li>\n <li class=\"nav-item\">\n <a (click)='login()' class=\"nav-link\" routerLink=\"\">Login</a>\n </li>\n</ul>\n","import { Injectable, inject } from '@angular/core';\nimport { ActivatedRouteSnapshot, Route, Router, RouterStateSnapshot, UrlSegment, UrlTree } from '@angular/router';\nimport { AuthorizeService } from './authorize.service';\nimport { firstValueFrom, Observable } from 'rxjs';\n\n@Injectable()\nexport class AuthorizeGuard {\n private readonly authorizeService = inject(AuthorizeService);\n private readonly router = inject(Router);\n\n canActivate(\n next: ActivatedRouteSnapshot,\n state: RouterStateSnapshot\n ): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree {\n const url: string = state.url;\n return this.handleAuthorization(next, url);\n }\n\n canActivateChild(\n next: ActivatedRouteSnapshot,\n state: RouterStateSnapshot\n ): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree {\n return this.canActivate(next, state);\n }\n\n canDeactivate(\n _component: unknown,\n _currentRoute: ActivatedRouteSnapshot,\n _currentState: RouterStateSnapshot,\n _nextState?: RouterStateSnapshot\n ): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree {\n return true;\n }\n\n canLoad(_route: Route, _segments: UrlSegment[]): Observable<boolean> | Promise<boolean> | boolean {\n return true;\n }\n\n private async handleAuthorization(route: ActivatedRouteSnapshot, _url: any): Promise<boolean> {\n const isAuthenticated = await firstValueFrom(this.authorizeService.isAuthenticated);\n if (isAuthenticated) {\n const userRoles = await firstValueFrom(this.authorizeService.getRoles());\n if (route.data['roles'] && !route.data['roles'].some((role: string) => userRoles.includes(role))) {\n await this.router.navigate(['']);\n return false;\n }\n return true;\n } else {\n this.authorizeService.login();\n }\n\n return false;\n }\n}\n","import { Injectable, inject } from '@angular/core';\nimport { HttpEvent, HttpHandler, HttpInterceptor, HttpRequest } from '@angular/common/http';\nimport { Observable } from 'rxjs';\nimport { AuthorizeService } from './authorize.service';\n\n@Injectable()\nexport class AuthorizeInterceptor implements HttpInterceptor {\n private readonly authorize = inject(AuthorizeService);\n\n accessToken: string | null;\n\n constructor() {\n const authorize = this.authorize;\n\n this.accessToken = null;\n authorize.accessToken.subscribe((value) => (this.accessToken = value));\n }\n\n private static isSameOriginUrl(req: HttpRequest<any>): boolean {\n // It's an absolute url with the same origin.\n if (req.url.startsWith(`${window.location.origin}/`)) {\n return true;\n }\n\n // It's a protocol relative url with the same origin.\n // For example: //www.example.com/api/Products\n if (req.url.startsWith(`//${window.location.host}/`)) {\n return true;\n }\n\n // It's a relative url like /api/Products\n if (/^\\/[^/].*/.test(req.url)) {\n return true;\n }\n\n // It's an absolute or protocol relative url that\n // doesn't have the same origin.\n return false;\n }\n\n // Checks if there is an access_token available in the authorize service\n // and adds it to the request in case it's targeted at the same origin as the\n\n intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {\n return this.processRequestWithToken(this.accessToken, req, next);\n }\n\n // single page application.\n private processRequestWithToken(token: string | null, req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {\n if (!!token && (AuthorizeInterceptor.isSameOriginUrl(req) || this.isKnownServiceUri(req))) {\n req = req.clone({\n setHeaders: {\n Authorization: `Bearer ${token}`\n }\n });\n }\n\n return next.handle(req);\n }\n\n private isKnownServiceUri(req: any): boolean {\n const serviceUris = this.authorize.getServiceUris();\n\n if (serviceUris != null) {\n for (const serviceUri of serviceUris) {\n if (req.url.startsWith(`${serviceUri}`)) {\n return true;\n }\n }\n }\n\n // It's an absolute or protocol relative url that\n // doesn't have the same origin.\n return false;\n }\n}\n","import { ModuleWithProviders, NgModule } from '@angular/core';\nimport { CommonModule } from '@angular/common';\nimport { HttpClientModule } from '@angular/common/http';\nimport { LoginMenuComponent } from './login-menu/login-menu.component';\nimport { AuthorizeOptions, AuthorizeService } from './authorize.service';\nimport { OAuthModule } from 'angular-oauth2-oidc';\nimport { AuthorizeGuard } from './authorize.guard';\nimport { RouterLink } from '@angular/router';\nimport { AuthorizeInterceptor } from \"./authorize.interceptor\";\n\n@NgModule({\n declarations: [LoginMenuComponent],\n exports: [LoginMenuComponent],\n providers: [],\n imports: [CommonModule, HttpClientModule, OAuthModule.forRoot(), RouterLink]\n})\nexport class SharedAuthModule {\n static forRoot(authorizeOptions: AuthorizeOptions): ModuleWithProviders<SharedAuthModule> {\n return {\n ngModule: SharedAuthModule,\n providers: [\n {\n provide: AuthorizeOptions,\n useValue: authorizeOptions\n },\n AuthorizeService,\n AuthorizeInterceptor,\n AuthorizeGuard\n ]\n };\n }\n}\n","/*\n * Public API Surface of shared-auth\n */\n\nexport * from './lib/authorize.service';\nexport * from './lib/roles';\nexport * from './lib/login-menu/login-menu.component';\nexport * from './lib/shared-auth.module';\nexport * from './lib/authorize.interceptor';\nexport * from './lib/authorize.guard';\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './public-api';\n"],"names":["i1"],"mappings":";;;;;;;;;;;;MAgBa,gBAAgB,CAAA;AAC3B,IAAA,oBAAoB;;AAEpB,IAAA,MAAM;;AAEN,IAAA,WAAW;AACX,IAAA,qBAAqB;;AAErB,IAAA,QAAQ;;;AAGR,IAAA,KAAK;AACL,IAAA,oBAAoB;AACpB,IAAA,oBAAoB;;AAEpB,IAAA,YAAY;AACb;MAGY,gBAAgB,CAAA;AACV,IAAA,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;AAEnC,IAAA,gBAAgB,GAAG,IAAI,eAAe,CAAU,KAAK,CAAC;AACtD,IAAA,OAAO,GAAmC,IAAI,eAAe,CAAgB,IAAI,CAAC;AAElF,IAAA,YAAY,GAAmC,IAAI,eAAe,CAAgB,IAAI,CAAC;AAEvF,IAAA,KAAK,GAAkC,IAAI,eAAe,CAAe,IAAI,CAAC;AAC9E,IAAA,aAAa,GAAmC,IAAI,eAAe,CAAgB,IAAI,CAAC;AAExF,IAAA,cAAc,GAAG,IAAI,eAAe,CAAU,KAAK,CAAC;AACpD,IAAA,eAAe,GAAG,IAAI,eAAe,CAAU,KAAK,CAAC;AAErD,IAAA,eAAe,GAAG,IAAI,eAAe,CAAU,KAAK,CAAC;IAE9D,gBAAgB,GAA4B,IAAI;AAExD,IAAA,WAAA,GAAA;AACE,QAAA,OAAO,CAAC,KAAK,CAAC,2BAA2B,CAAC;QAE1C,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,KAAI;AACzD,YAAA,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC;AAE3C,QAAA,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,KAAI;AACvC,YAAA,OAAO,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC,CAAC;AACtC,QAAA,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAI;AAC5F,YAAA,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC;AAClD,YAAA,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;AAC5B,YAAA,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;AACrB,YAAA,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC;AACnC,QAAA,CAAC,CAAC;AAEF,QAAA,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,KAAI;AAC9F,YAAA,MAAM,IAAI,CAAC,aAAa,EAAE;AAC5B,QAAA,CAAC,CAAC;AAEF,QAAA,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,KAAI;YACjG,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,EAAE;AAC5B,gBAAA,MAAM,IAAI,CAAC,aAAa,EAAE;YAC5B;AACF,QAAA,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAI;AAChF,YAAA,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;AAC5B,YAAA,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;AACrB,YAAA,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC;AACnC,QAAA,CAAC,CAAC;IACJ;AAEO,IAAA,QAAQ,CAAC,IAAW,EAAA;AACzB,QAAA,OAAO,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK;IACzD;IAEO,QAAQ,GAAA;AACb,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,IAAI,IAAI,GAAG,CAAC,CAAC,IAAI,GAAG,IAAI,KAAK,EAAU,CAAC,CAAC,CAAC;IACrF;IAEO,cAAc,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,gBAAgB,EAAE,oBAAoB,IAAI,IAAI;IAC5D;AAEA,IAAA,IAAW,MAAM,GAAA;QACf,OAAO,IAAI,CAAC,OAAO;IACrB;AAEA,IAAA,IAAW,eAAe,GAAA;QACxB,OAAO,IAAI,CAAC,gBAAgB;IAC9B;AAEA,IAAA,IAAW,cAAc,GAAA;QACvB,OAAO,IAAI,CAAC,eAAe;IAC7B;AAEA,IAAA,IAAW,WAAW,GAAA;QACpB,OAAO,IAAI,CAAC,YAAY;IAC1B;AAEA,IAAA,IAAW,IAAI,GAAA;QACb,OAAO,IAAI,CAAC,KAAK;IACnB;AAEA,IAAA,IAAW,YAAY,GAAA;QACrB,OAAO,IAAI,CAAC,aAAa;IAC3B;IAEO,KAAK,GAAA;AACV,QAAA,IAAI,IAAI,CAAC,gBAAgB,EAAE,YAAY,EAAE;YACvC,IAAI,CAAC,cAAc,EAAE;QACvB;aAAO;AACL,YAAA,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE;QACtC;IACF;IAEU,cAAc,GAAA;;AAEtB,QAAA,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE;;;QAIjC,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,CAAC,KAAI;AACvC,YAAA,IAAI,CAAC,CAAC,GAAG,KAAK,qBAAqB,EAAE;;gBAEnC,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,MAAK;AAC7C,oBAAA,YAAY,CAAC,UAAU,CAAC,qBAAqB,CAAC;AAChD,gBAAA,CAAC,CAAC;YACJ;AACF,QAAA,CAAC,CAAC;IACJ;IAEO,MAAM,GAAA;AACX,QAAA,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC;IACjC;IAEO,MAAM,UAAU,CAAC,gBAAkC,EAAA;AACxD,QAAA,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC;AAEtD,QAAA,MAAM,IAAI,CAAC,YAAY,EAAE;QAEzB,IAAI,MAAM,cAAc,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE;YAC9C;QACF;QACA,IAAI,MAAM,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE;AAC7C,YAAA,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC;YACjE;QACF;AACA,QAAA,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;AAE/B,QAAA,IAAI;AACF,YAAA,MAAM,MAAM,GAAe;AACzB,gBAAA,YAAY,EAAE,MAAM;gBACpB,MAAM,EAAE,gBAAgB,CAAC,MAAM;gBAC/B,WAAW,EAAE,gBAAgB,CAAC,WAAW;gBACzC,qBAAqB,EAAE,gBAAgB,CAAC,qBAAqB;gBAC7D,QAAQ,EAAE,gBAAgB,CAAC,QAAQ;gBACnC,KAAK,EAAE,gBAAgB,CAAC,KAAK;gBAC7B,oBAAoB,EAAE,gBAAgB,CAAC,oBAAoB;gBAC3D,oBAAoB,EAAE,gBAAgB,CAAC,oBAAoB;gBAC3D,qBAAqB,EAAE,EAAE,GAAG,IAAI;AAChC,gBAAA,sBAAsB,EAAE;aACzB;AAED,YAAA,IAAI,CAAC,gBAAgB,GAAG,gBAAgB;AAExC,YAAA,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,YAAY,CAAC;AAC1C,YAAA,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC;AACnC,YAAA,OAAO,CAAC,KAAK,CAAC,mEAAmE,CAAC;AAClF,YAAA,MAAM,IAAI,CAAC,YAAY,CAAC,gCAAgC,EAAE;AAE1D,YAAA,OAAO,CAAC,KAAK,CAAC,2DAA2D,CAAC;AAC1E,YAAA,IAAI,CAAC,YAAY,CAAC,2BAA2B,EAAE;YAE/C,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,IAAI,CAAC;AAElD,YAAA,IAAI,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,EAAE;;AAEvC,gBAAA,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC;AAC9D,gBAAA,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;AAC/B,gBAAA,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE;YACxC;AAEA,YAAA,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;AAC9B,YAAA,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC;QACrD;gBAAU;AACR,YAAA,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC;QAClC;AAEA,QAAA,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC;IAC1D;AAEO,IAAA,MAAM,YAAY,GAAA;AACvB,QAAA,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC;QAExD,IAAI,MAAM,cAAc,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE;YAC9C;QACF;QACA,IAAI,CAAC,MAAM,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE;AAC9C,YAAA,OAAO,CAAC,KAAK,CAAC,sDAAsD,CAAC;YACrE;QACF;AAEA,QAAA,IAAI;AACF,YAAA,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;AAE/B,YAAA,IAAI,CAAC,YAAY,CAAC,oBAAoB,EAAE;AAExC,YAAA,IAAI,CAAC,gBAAgB,GAAG,IAAI;AAE5B,YAAA,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC;AAC/B,YAAA,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC;QACvD;gBAAU;AACR,YAAA,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC;QAClC;AAEA,QAAA,OAAO,CAAC,KAAK,CAAC,2CAA2C,CAAC;IAC5D;AAEQ,IAAA,MAAM,aAAa,GAAA;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,iBAAiB,EAAE;QACpD,IAAI,CAAC,MAAM,EAAE;AACX,YAAA,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC;YAC/D;QACF;QAEA,MAAM,IAAI,GAAG,MAAe;QAC5B,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,UAAU,EAAC;AACtC,YAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;AACvE,YAAA,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC;QACnC;aACK;YACH,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACpE;QAEA,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE;AACtD,QAAA,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;AACrB,QAAA,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC;AACnC,QAAA,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AAChC,QAAA,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC;AAChC,QAAA,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC;IACxD;wGA/NW,gBAAgB,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;4GAAhB,gBAAgB,EAAA,CAAA;;4FAAhB,gBAAgB,EAAA,UAAA,EAAA,CAAA;kBAD5B;;;IClCW;AAAZ,CAAA,UAAY,KAAK,EAAA;AACf,IAAA,KAAA,CAAA,qBAAA,CAAA,GAAA,qBAA2C;AAC3C,IAAA,KAAA,CAAA,iBAAA,CAAA,GAAA,iBAAmC;AACnC,IAAA,KAAA,CAAA,sBAAA,CAAA,GAAA,sBAA6C;AAC7C,IAAA,KAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,KAAA,CAAA,gBAAA,CAAA,GAAA,gBAAiC;AACjC,IAAA,KAAA,CAAA,yBAAA,CAAA,GAAA,yBAAmD;AACnD,IAAA,KAAA,CAAA,kBAAA,CAAA,GAAA,kBAAqC;AACrC,IAAA,KAAA,CAAA,aAAA,CAAA,GAAA,aAA2B;AAC7B,CAAC,EATW,KAAK,KAAL,KAAK,GAAA,EAAA,CAAA,CAAA;;MCWJ,kBAAkB,CAAA;AACZ,IAAA,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;AAErD,IAAA,eAAe;AACf,IAAA,QAAQ;AAEf,IAAA,WAAA,GAAA;QACE,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC,eAAe;QAC5D,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC,CAAC;IAC9E;IAEA,QAAQ,GAAA;QACN,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,GAAG;AAE3C,QAAA,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;QAEtC,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,KAAI;YACnC,OAAO,CAAC,GAAG,CAAC,CAAA,2BAAA,EAA8B,CAAC,CAAA,SAAA,EAAY,QAAQ,CAAA,CAAA,CAAG,CAAC;AACrE,QAAA,CAAC,CAAC;IACJ;IAEO,KAAK,GAAA;AACV,QAAA,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE;IAC/B;IAEO,MAAM,GAAA;AACX,QAAA,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;IAChC;AAEO,IAAA,QAAQ,KAAU;wGA7Bd,kBAAkB,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,SAAA,EAAA,CAAA;AAAlB,IAAA,OAAA,IAAA,GAAA,EAAA,CAAA,oBAAA,CAAA,EAAA,UAAA,EAAA,QAAA,EAAA,OAAA,EAAA,SAAA,EAAA,IAAA,EAAA,kBAAkB,0ECX/B,svCAuBA,EAAA,MAAA,EAAA,CAAA,EAAA,CAAA,EAAA,YAAA,EAAA,CAAA,EAAA,IAAA,EAAA,WAAA,EAAA,IAAA,EAAA,EAAA,CAAA,IAAA,EAAA,QAAA,EAAA,QAAA,EAAA,MAAA,EAAA,CAAA,MAAA,EAAA,UAAA,EAAA,UAAA,CAAA,EAAA,EAAA,EAAA,IAAA,EAAA,WAAA,EAAA,IAAA,EAAA,EAAA,CAAA,UAAA,EAAA,QAAA,EAAA,cAAA,EAAA,MAAA,EAAA,CAAA,QAAA,EAAA,aAAA,EAAA,UAAA,EAAA,qBAAA,EAAA,OAAA,EAAA,MAAA,EAAA,YAAA,EAAA,kBAAA,EAAA,oBAAA,EAAA,YAAA,EAAA,YAAA,CAAA,EAAA,EAAA,EAAA,IAAA,EAAA,MAAA,EAAA,IAAA,EAAA,EAAA,CAAA,SAAA,EAAA,IAAA,EAAA,OAAA,EAAA,CAAA,EAAA,CAAA;;4FDZa,kBAAkB,EAAA,UAAA,EAAA,CAAA;kBAN9B,SAAS;AACE,YAAA,IAAA,EAAA,CAAA,EAAA,QAAA,EAAA,eAAe,cACb,KAAK,EAAA,QAAA,EAAA,svCAAA,EAAA;;;MEDN,cAAc,CAAA;AACR,IAAA,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;AAC3C,IAAA,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAExC,WAAW,CACT,IAA4B,EAC5B,KAA0B,EAAA;AAE1B,QAAA,MAAM,GAAG,GAAW,KAAK,CAAC,GAAG;QAC7B,OAAO,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,GAAG,CAAC;IAC5C;IAEA,gBAAgB,CACd,IAA4B,EAC5B,KAA0B,EAAA;QAE1B,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,CAAC;IACtC;AAEA,IAAA,aAAa,CACX,UAAmB,EACnB,aAAqC,EACrC,aAAkC,EAClC,UAAgC,EAAA;AAEhC,QAAA,OAAO,IAAI;IACb;IAEA,OAAO,CAAC,MAAa,EAAE,SAAuB,EAAA;AAC5C,QAAA,OAAO,IAAI;IACb;AAEQ,IAAA,MAAM,mBAAmB,CAAC,KAA6B,EAAE,IAAS,EAAA;QACxE,MAAM,eAAe,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC;QACnF,IAAI,eAAe,EAAE;AACnB,YAAA,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,CAAC;AACxE,YAAA,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,IAAY,KAAK,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE;gBAChG,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;AAChC,gBAAA,OAAO,KAAK;YACd;AACA,YAAA,OAAO,IAAI;QACb;aAAO;AACL,YAAA,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE;QAC/B;AAEA,QAAA,OAAO,KAAK;IACd;wGA9CW,cAAc,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;4GAAd,cAAc,EAAA,CAAA;;4FAAd,cAAc,EAAA,UAAA,EAAA,CAAA;kBAD1B;;;MCCY,oBAAoB,CAAA;AACd,IAAA,SAAS,GAAG,MAAM,CAAC,gBAAgB,CAAC;AAErD,IAAA,WAAW;AAEX,IAAA,WAAA,GAAA;AACE,QAAA,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS;AAEhC,QAAA,IAAI,CAAC,WAAW,GAAG,IAAI;AACvB,QAAA,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,CAAC;IACxE;IAEQ,OAAO,eAAe,CAAC,GAAqB,EAAA;;AAElD,QAAA,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA,EAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAA,CAAA,CAAG,CAAC,EAAE;AACpD,YAAA,OAAO,IAAI;QACb;;;AAIA,QAAA,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA,EAAA,EAAK,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAA,CAAA,CAAG,CAAC,EAAE;AACpD,YAAA,OAAO,IAAI;QACb;;QAGA,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;AAC7B,YAAA,OAAO,IAAI;QACb;;;AAIA,QAAA,OAAO,KAAK;IACd;;;IAKA,SAAS,CAAC,GAAqB,EAAE,IAAiB,EAAA;AAChD,QAAA,OAAO,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,IAAI,CAAC;IAClE;;AAGQ,IAAA,uBAAuB,CAAC,KAAoB,EAAE,GAAqB,EAAE,IAAiB,EAAA;QAC5F,IAAI,CAAC,CAAC,KAAK,KAAK,oBAAoB,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,EAAE;AACzF,YAAA,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC;AACd,gBAAA,UAAU,EAAE;oBACV,aAAa,EAAE,CAAA,OAAA,EAAU,KAAK,CAAA;AAC/B;AACF,aAAA,CAAC;QACJ;AAEA,QAAA,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC;IACzB;AAEQ,IAAA,iBAAiB,CAAC,GAAQ,EAAA;QAChC,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE;AAEnD,QAAA,IAAI,WAAW,IAAI,IAAI,EAAE;AACvB,YAAA,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;gBACpC,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA,EAAG,UAAU,CAAA,CAAE,CAAC,EAAE;AACvC,oBAAA,OAAO,IAAI;gBACb;YACF;QACF;;;AAIA,QAAA,OAAO,KAAK;IACd;wGApEW,oBAAoB,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;4GAApB,oBAAoB,EAAA,CAAA;;4FAApB,oBAAoB,EAAA,UAAA,EAAA,CAAA;kBADhC;;;MCWY,gBAAgB,CAAA;IAC3B,OAAO,OAAO,CAAC,gBAAkC,EAAA;QAC/C,OAAO;AACL,YAAA,QAAQ,EAAE,gBAAgB;AAC1B,YAAA,SAAS,EAAE;AACT,gBAAA;AACE,oBAAA,OAAO,EAAE,gBAAgB;AACzB,oBAAA,QAAQ,EAAE;AACX,iBAAA;gBACD,gBAAgB;gBAChB,oBAAoB;gBACpB;AACD;SACF;IACH;wGAdW,gBAAgB,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,QAAA,EAAA,CAAA;yGAAhB,gBAAgB,EAAA,YAAA,EAAA,CALZ,kBAAkB,CAAA,EAAA,OAAA,EAAA,CAGvB,YAAY,EAAE,gBAAgB,EAAAA,IAAA,CAAA,WAAA,EAAyB,UAAU,CAAA,EAAA,OAAA,EAAA,CAFjE,kBAAkB,CAAA,EAAA,CAAA;yGAIjB,gBAAgB,EAAA,OAAA,EAAA,CAFjB,YAAY,EAAE,gBAAgB,EAAE,WAAW,CAAC,OAAO,EAAE,CAAA,EAAA,CAAA;;4FAEpD,gBAAgB,EAAA,UAAA,EAAA,CAAA;kBAN5B,QAAQ;AAAC,YAAA,IAAA,EAAA,CAAA;oBACR,YAAY,EAAE,CAAC,kBAAkB,CAAC;oBAClC,OAAO,EAAE,CAAC,kBAAkB,CAAC;AAC7B,oBAAA,SAAS,EAAE,EAAE;AACb,oBAAA,OAAO,EAAE,CAAC,YAAY,EAAE,gBAAgB,EAAE,WAAW,CAAC,OAAO,EAAE,EAAE,UAAU;AAC5E,iBAAA;;;ACfD;;AAEG;;ACFH;;AAEG;;;;"}
1
+ {"version":3,"file":"meshmakers-shared-auth.mjs","sources":["../../../../projects/meshmakers/shared-auth/src/lib/authorize.service.ts","../../../../projects/meshmakers/shared-auth/src/lib/roles.ts","../../../../projects/meshmakers/shared-auth/src/lib/authorize.interceptor.ts","../../../../projects/meshmakers/shared-auth/src/lib/authorize.guard.ts","../../../../projects/meshmakers/shared-auth/src/public-api.ts","../../../../projects/meshmakers/shared-auth/src/meshmakers-shared-auth.ts"],"sourcesContent":["import { Injectable, Signal, WritableSignal, computed, inject, signal } from \"@angular/core\";\nimport { AuthConfig, OAuthService } from \"angular-oauth2-oidc\";\nimport { Roles } from \"./roles\";\n\nexport interface IUser {\n family_name: string | null;\n given_name: string | null;\n name: string;\n role: string[] | null;\n sub: string;\n idp: string;\n email: string | null;\n}\n\nexport class AuthorizeOptions {\n wellKnownServiceUris?: string[];\n // Url of the Identity Provider\n issuer?: string;\n // URL of the SPA to redirect the user to after login\n redirectUri?: string;\n postLogoutRedirectUri?: string;\n // The SPA's id. The SPA is registered with this id at the auth-server\n clientId?: string;\n // set the scope for the permissions the client should request\n // The first three are defined by OIDC. The 4th is a use case-specific one\n scope?: string;\n showDebugInformation?: boolean;\n sessionChecksEnabled?: boolean;\n}\n\n@Injectable()\nexport class AuthorizeService {\n private readonly oauthService = inject(OAuthService);\n\n // =============================================================================\n // INTERNAL STATE (Writable Signals)\n // =============================================================================\n\n private readonly _isAuthenticated: WritableSignal<boolean> = signal(false);\n private readonly _issuer: WritableSignal<string | null> = signal(null);\n private readonly _accessToken: WritableSignal<string | null> = signal(null);\n private readonly _user: WritableSignal<IUser | null> = signal(null);\n private readonly _userInitials: WritableSignal<string | null> = signal(null);\n private readonly _isInitialized: WritableSignal<boolean> = signal(false);\n private readonly _isInitializing: WritableSignal<boolean> = signal(false);\n private readonly _sessionLoading: WritableSignal<boolean> = signal(false);\n\n private authorizeOptions: AuthorizeOptions | null = null;\n\n // =============================================================================\n // PUBLIC API (Readonly Signals) - NEW API\n // =============================================================================\n\n /**\n * Signal indicating whether the user is currently authenticated.\n */\n readonly isAuthenticated: Signal<boolean> = this._isAuthenticated.asReadonly();\n\n /**\n * Signal containing the issuer URL.\n */\n readonly issuer: Signal<string | null> = this._issuer.asReadonly();\n\n /**\n * Signal containing the current access token.\n */\n readonly accessToken: Signal<string | null> = this._accessToken.asReadonly();\n\n /**\n * Signal containing the current user information.\n */\n readonly user: Signal<IUser | null> = this._user.asReadonly();\n\n /**\n * Computed signal containing the user's initials (e.g., \"JD\" for John Doe).\n */\n readonly userInitials: Signal<string | null> = this._userInitials.asReadonly();\n\n /**\n * Signal indicating whether the session is currently loading.\n */\n readonly sessionLoading: Signal<boolean> = this._sessionLoading.asReadonly();\n\n /**\n * Computed signal containing the user's roles.\n */\n readonly roles: Signal<string[]> = computed(() => this._user()?.role ?? []);\n\n constructor() {\n console.debug(\"AuthorizeService::created\");\n\n this.oauthService.discoveryDocumentLoaded$.subscribe((_) => {\n console.debug(\"discoveryDocumentLoaded$\");\n });\n\n this.oauthService.events.subscribe((e) => {\n console.debug(\"oauth/oidc event\", e);\n });\n\n this.oauthService.events\n .pipe((source) => source)\n .subscribe((e) => {\n if (e.type === \"session_terminated\") {\n console.debug(\"Your session has been terminated!\");\n this._accessToken.set(null);\n this._user.set(null);\n this._isAuthenticated.set(false);\n // Reload the page to trigger the auth flow and redirect to login\n this.reloadPage();\n }\n });\n\n this.oauthService.events.subscribe(async (e) => {\n if (e.type === \"token_received\") {\n await this.loadUserAsync();\n }\n });\n\n this.oauthService.events.subscribe(async (e) => {\n if (e.type === \"session_unchanged\") {\n if (this._user() == null) {\n await this.loadUserAsync();\n }\n }\n });\n\n this.oauthService.events.subscribe((e) => {\n if (e.type === \"logout\") {\n console.debug(\"AuthorizeService: Logout event received\");\n this._accessToken.set(null);\n this._user.set(null);\n this._isAuthenticated.set(false);\n // Reload the page to trigger the auth flow and redirect to login\n this.reloadPage();\n }\n });\n\n // Listen for storage events from other tabs (e.g., SLO logout callback)\n // This enables immediate cross-tab logout detection\n window.addEventListener('storage', (event) => {\n console.debug(\"AuthorizeService: Storage event received\", event.key, event.newValue);\n // Check if access_token was removed (logout in another tab)\n // Note: OAuth library may set to empty string or null when clearing\n if (event.key === 'access_token' && (event.newValue === null || event.newValue === '') && this._isAuthenticated()) {\n console.debug(\"AuthorizeService: Access token removed in another tab - logging out and reloading\");\n this._accessToken.set(null);\n this._user.set(null);\n this._isAuthenticated.set(false);\n // Reload the page to trigger the auth flow and redirect to login\n this.reloadPage();\n }\n });\n\n // Also listen for BroadcastChannel messages for cross-tab logout\n // This is more reliable than storage events for iframe-based SLO\n if (typeof BroadcastChannel !== 'undefined') {\n console.debug(\"AuthorizeService: Setting up BroadcastChannel listener for 'octo-auth-logout'\");\n const logoutChannel = new BroadcastChannel('octo-auth-logout');\n logoutChannel.onmessage = (event) => {\n console.debug(\"AuthorizeService: BroadcastChannel message received\", event.data);\n if (event.data?.type === 'logout' && this._isAuthenticated()) {\n console.debug(\"AuthorizeService: Logout broadcast received - reloading\");\n this._accessToken.set(null);\n this._user.set(null);\n this._isAuthenticated.set(false);\n this.reloadPage();\n }\n };\n } else {\n console.warn(\"AuthorizeService: BroadcastChannel not supported in this browser\");\n }\n }\n\n /**\n * Checks if the current user has the specified role.\n */\n public isInRole(role: Roles): boolean {\n return this._user()?.role?.includes(role) ?? false;\n }\n\n /**\n * Gets the configured service URIs that should receive the authorization token.\n */\n public getServiceUris(): string[] | null {\n return this.authorizeOptions?.wellKnownServiceUris ?? null;\n }\n\n /**\n * Gets the current access token synchronously.\n * Use this for functional interceptors that need immediate access to the token.\n *\n * @returns The current access token or null if not authenticated\n */\n public getAccessTokenSync(): string | null {\n return this._accessToken();\n }\n\n /**\n * Initiates the login flow.\n */\n public login(): void {\n this.oauthService.initImplicitFlow();\n }\n\n /**\n * Logs out the current user.\n */\n public logout(): void {\n this.oauthService.logOut(false);\n }\n\n /**\n * Initializes the authorization service with the specified options.\n */\n public async initialize(authorizeOptions: AuthorizeOptions): Promise<void> {\n console.debug(\"AuthorizeService::initialize::started\");\n\n await this.uninitialize();\n\n if (this._isInitializing()) {\n return;\n }\n if (this._isInitialized()) {\n console.debug(\"AuthorizeService::initialize::alreadyInitialized\");\n return;\n }\n this._isInitializing.set(true);\n\n try {\n const config: AuthConfig = {\n responseType: \"code\",\n issuer: authorizeOptions.issuer,\n redirectUri: authorizeOptions.redirectUri,\n postLogoutRedirectUri: authorizeOptions.postLogoutRedirectUri,\n clientId: authorizeOptions.clientId,\n scope: authorizeOptions.scope,\n showDebugInformation: authorizeOptions.showDebugInformation,\n sessionChecksEnabled: authorizeOptions.sessionChecksEnabled,\n sessionCheckIntervall: 60 * 1000,\n preserveRequestedRoute: true\n };\n\n this.authorizeOptions = authorizeOptions;\n\n this.oauthService.setStorage(localStorage);\n this.oauthService.configure(config);\n console.debug(\"AuthorizeService::initialize::loadingDiscoveryDocumentAndTryLogin\");\n await this.oauthService.loadDiscoveryDocumentAndTryLogin();\n\n console.debug(\"AuthorizeService::initialize::setupAutomaticSilentRefresh\");\n this.oauthService.setupAutomaticSilentRefresh();\n\n this._issuer.set(authorizeOptions.issuer ?? null);\n\n if (this.oauthService.hasValidIdToken()) {\n // if the idToken is still valid, we can use the session\n console.debug(\"AuthorizeService::initialize::hasValidIdToken\");\n this._sessionLoading.set(true);\n await this.oauthService.refreshToken();\n }\n\n this._isInitialized.set(true);\n console.debug(\"AuthorizeService::initialize::done\");\n } finally {\n this._isInitializing.set(false);\n }\n\n console.debug(\"AuthorizeService::initialize::completed\");\n }\n\n /**\n * Uninitializes the authorization service.\n */\n public async uninitialize(): Promise<void> {\n console.debug(\"AuthorizeService::uninitialize::started\");\n\n if (this._isInitializing()) {\n return;\n }\n if (!this._isInitialized()) {\n console.debug(\"AuthorizeService::uninitialize::alreadyUninitialized\");\n return;\n }\n\n try {\n this._isInitializing.set(true);\n\n this.oauthService.stopAutomaticRefresh();\n\n this.authorizeOptions = null;\n\n this._isInitialized.set(false);\n console.debug(\"AuthorizeService::uninitialize::done\");\n } finally {\n this._isInitializing.set(false);\n }\n\n console.debug(\"AuthorizeService::uninitialize::completed\");\n }\n\n private async loadUserAsync(): Promise<void> {\n const claims = this.oauthService.getIdentityClaims();\n if (!claims) {\n console.error(\"claims where null when loading identity claims\");\n return;\n }\n\n const user = claims as IUser;\n if (user.family_name && user.given_name) {\n const initials = user.given_name.charAt(0) + user.family_name.charAt(0);\n this._userInitials.set(initials);\n } else {\n this._userInitials.set(user.name.charAt(0) + user.name.charAt(1));\n }\n\n const accessToken = this.oauthService.getAccessToken();\n this._user.set(user);\n this._accessToken.set(accessToken);\n this._isAuthenticated.set(true);\n this._sessionLoading.set(false);\n console.debug(\"AuthorizeService::loadUserAsync::done\");\n }\n\n /**\n * Reloads the page. This method is protected to allow mocking in tests.\n * @internal\n */\n protected reloadPage(): void {\n window.location.reload();\n }\n}\n","export enum Roles {\n ReportingManagement = 'ReportingManagement',\n ReportingViewer = 'ReportingViewer',\n AdminPanelManagement = 'AdminPanelManagement',\n BotManagement = 'BotManagement',\n UserManagement = 'UserManagement',\n CommunicationManagement = 'CommunicationManagement',\n TenantManagement = 'TenantManagement',\n Development = 'Development'\n}\n","import { inject } from '@angular/core';\nimport { HttpHandlerFn, HttpInterceptorFn, HttpRequest } from '@angular/common/http';\nimport { AuthorizeService } from './authorize.service';\n\n// =============================================================================\n// URL MATCHING UTILITIES\n// =============================================================================\n\n/**\n * Checks if the request URL is from the same origin as the application.\n */\nfunction isSameOriginUrl(req: HttpRequest<unknown>): boolean {\n // It's an absolute url with the same origin.\n if (req.url.startsWith(`${window.location.origin}/`)) {\n return true;\n }\n\n // It's a protocol relative url with the same origin.\n // For example: //www.example.com/api/Products\n if (req.url.startsWith(`//${window.location.host}/`)) {\n return true;\n }\n\n // It's a relative url like /api/Products\n if (/^\\/[^/].*/.test(req.url)) {\n return true;\n }\n\n // It's an absolute or protocol relative url that doesn't have the same origin.\n return false;\n}\n\n/**\n * Checks if the request URL matches any of the known service URIs.\n */\nfunction isKnownServiceUri(req: HttpRequest<unknown>, serviceUris: string[] | null): boolean {\n if (serviceUris != null) {\n for (const serviceUri of serviceUris) {\n if (req.url.startsWith(serviceUri)) {\n return true;\n }\n }\n }\n return false;\n}\n\n// =============================================================================\n// FUNCTIONAL INTERCEPTOR (RECOMMENDED)\n// =============================================================================\n\n/**\n * Functional HTTP interceptor that adds Bearer token to authorized requests.\n *\n * Adds the Authorization header to requests that are either:\n * - Same-origin requests (relative URLs or same host)\n * - Requests to known service URIs configured in AuthorizeOptions\n *\n * @example\n * ```typescript\n * // app.config.ts\n * import { provideHttpClient, withInterceptors } from '@angular/common/http';\n * import { authorizeInterceptor } from '@meshmakers/shared-auth';\n *\n * export const appConfig: ApplicationConfig = {\n * providers: [\n * provideHttpClient(withInterceptors([authorizeInterceptor])),\n * provideMmSharedAuth(),\n * ]\n * };\n * ```\n */\nexport const authorizeInterceptor: HttpInterceptorFn = (req: HttpRequest<unknown>, next: HttpHandlerFn) => {\n const authorizeService = inject(AuthorizeService);\n const token = authorizeService.getAccessTokenSync();\n const serviceUris = authorizeService.getServiceUris();\n\n if (token && (isSameOriginUrl(req) || isKnownServiceUri(req, serviceUris))) {\n req = req.clone({\n setHeaders: {\n Authorization: `Bearer ${token}`\n }\n });\n }\n\n return next(req);\n};\n","import { inject } from '@angular/core';\nimport { ActivatedRouteSnapshot, CanActivateFn, CanMatchFn, Router } from '@angular/router';\nimport { AuthorizeService } from './authorize.service';\n\n/**\n * Handles authorization check for route activation.\n * Redirects to login if not authenticated, or to home if user lacks required roles.\n *\n * @param route - The activated route snapshot containing route data\n * @returns true if authorized, false otherwise\n *\n * @example\n * ```typescript\n * // Route without role requirements\n * { path: 'dashboard', component: DashboardComponent, canActivate: [authorizeGuard] }\n *\n * // Route with role requirements\n * { path: 'admin', component: AdminComponent, canActivate: [authorizeGuard], data: { roles: ['AdminPanelManagement'] } }\n * ```\n */\nexport const authorizeGuard: CanActivateFn = async (route: ActivatedRouteSnapshot) => {\n const authorizeService = inject(AuthorizeService);\n const router = inject(Router);\n\n // Use signal directly (synchronous)\n const isAuthenticated = authorizeService.isAuthenticated();\n\n if (!isAuthenticated) {\n authorizeService.login();\n return false;\n }\n\n // Use roles signal directly (synchronous)\n const userRoles = authorizeService.roles();\n const requiredRoles = route.data['roles'] as string[] | undefined;\n\n if (requiredRoles && !requiredRoles.some(role => userRoles.includes(role))) {\n await router.navigate(['']);\n return false;\n }\n\n return true;\n};\n\n/**\n * Guard for child routes. Delegates to authorizeGuard.\n *\n * @example\n * ```typescript\n * {\n * path: 'parent',\n * canActivateChild: [authorizeChildGuard],\n * children: [\n * { path: 'child', component: ChildComponent, data: { roles: ['RequiredRole'] } }\n * ]\n * }\n * ```\n */\nexport const authorizeChildGuard: CanActivateFn = authorizeGuard;\n\n/**\n * Guard for lazy-loaded routes. Checks if user is authenticated.\n * Replaces the deprecated canLoad guard.\n *\n * @example\n * ```typescript\n * {\n * path: 'lazy',\n * loadChildren: () => import('./lazy/lazy.routes'),\n * canMatch: [authorizeMatchGuard]\n * }\n * ```\n */\nexport const authorizeMatchGuard: CanMatchFn = () => {\n const authorizeService = inject(AuthorizeService);\n\n // Use signal directly (synchronous)\n const isAuthenticated = authorizeService.isAuthenticated();\n\n if (!isAuthenticated) {\n authorizeService.login();\n return false;\n }\n\n return true;\n};\n\n/**\n * Guard that always allows deactivation.\n * Use this as a placeholder or override in specific routes.\n *\n * @example\n * ```typescript\n * { path: 'form', component: FormComponent, canDeactivate: [authorizeDeactivateGuard] }\n * ```\n */\nexport const authorizeDeactivateGuard = () => true;\n","/*\n * Public API Surface of shared-auth\n */\n\nimport { EnvironmentProviders, makeEnvironmentProviders } from '@angular/core';\nimport { AuthorizeService } from './lib/authorize.service';\nimport { provideOAuthClient } from 'angular-oauth2-oidc';\n\n// Core services\nexport * from './lib/authorize.service';\nexport * from './lib/roles';\n\n// Functional interceptor\nexport { authorizeInterceptor } from './lib/authorize.interceptor';\n\n// Functional guards\nexport {\n authorizeGuard,\n authorizeChildGuard,\n authorizeMatchGuard,\n authorizeDeactivateGuard\n} from './lib/authorize.guard';\n\n// UI Components (Kendo) - available via '@meshmakers/shared-auth/login-ui'\n// import { LoginAppBarSectionComponent } from '@meshmakers/shared-auth/login-ui';\n\n/**\n * Provides all shared-auth dependencies.\n *\n * @example\n * ```typescript\n * // app.config.ts\n * import { provideHttpClient, withInterceptors } from '@angular/common/http';\n * import { provideMmSharedAuth, authorizeInterceptor } from '@meshmakers/shared-auth';\n *\n * export const appConfig: ApplicationConfig = {\n * providers: [\n * provideHttpClient(withInterceptors([authorizeInterceptor])),\n * provideMmSharedAuth(),\n * // ... other providers\n * ]\n * };\n * ```\n *\n * @remarks\n * Functional guards and interceptors don't need to be provided - they use inject() internally.\n * For the functional interceptor, use `provideHttpClient(withInterceptors([authorizeInterceptor]))`.\n */\nexport function provideMmSharedAuth(): EnvironmentProviders {\n return makeEnvironmentProviders([\n provideOAuthClient(),\n AuthorizeService\n ]);\n}\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './public-api';\n"],"names":[],"mappings":";;;;;MAca,gBAAgB,CAAA;AAC3B,IAAA,oBAAoB;;AAEpB,IAAA,MAAM;;AAEN,IAAA,WAAW;AACX,IAAA,qBAAqB;;AAErB,IAAA,QAAQ;;;AAGR,IAAA,KAAK;AACL,IAAA,oBAAoB;AACpB,IAAA,oBAAoB;AACrB;MAGY,gBAAgB,CAAA;AACV,IAAA,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;;;;AAMnC,IAAA,gBAAgB,GAA4B,MAAM,CAAC,KAAK,4DAAC;AACzD,IAAA,OAAO,GAAkC,MAAM,CAAC,IAAI,mDAAC;AACrD,IAAA,YAAY,GAAkC,MAAM,CAAC,IAAI,wDAAC;AAC1D,IAAA,KAAK,GAAiC,MAAM,CAAC,IAAI,iDAAC;AAClD,IAAA,aAAa,GAAkC,MAAM,CAAC,IAAI,yDAAC;AAC3D,IAAA,cAAc,GAA4B,MAAM,CAAC,KAAK,0DAAC;AACvD,IAAA,eAAe,GAA4B,MAAM,CAAC,KAAK,2DAAC;AACxD,IAAA,eAAe,GAA4B,MAAM,CAAC,KAAK,2DAAC;IAEjE,gBAAgB,GAA4B,IAAI;;;;AAMxD;;AAEG;AACM,IAAA,eAAe,GAAoB,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE;AAE9E;;AAEG;AACM,IAAA,MAAM,GAA0B,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;AAElE;;AAEG;AACM,IAAA,WAAW,GAA0B,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE;AAE5E;;AAEG;AACM,IAAA,IAAI,GAAyB,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE;AAE7D;;AAEG;AACM,IAAA,YAAY,GAA0B,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE;AAE9E;;AAEG;AACM,IAAA,cAAc,GAAoB,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE;AAE5E;;AAEG;AACM,IAAA,KAAK,GAAqB,QAAQ,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,EAAE,IAAI,IAAI,EAAE,iDAAC;AAE3E,IAAA,WAAA,GAAA;AACE,QAAA,OAAO,CAAC,KAAK,CAAC,2BAA2B,CAAC;QAE1C,IAAI,CAAC,YAAY,CAAC,wBAAwB,CAAC,SAAS,CAAC,CAAC,CAAC,KAAI;AACzD,YAAA,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC;AAC3C,QAAA,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,KAAI;AACvC,YAAA,OAAO,CAAC,KAAK,CAAC,kBAAkB,EAAE,CAAC,CAAC;AACtC,QAAA,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC;AACf,aAAA,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM;AACvB,aAAA,SAAS,CAAC,CAAC,CAAC,KAAI;AACf,YAAA,IAAI,CAAC,CAAC,IAAI,KAAK,oBAAoB,EAAE;AACnC,gBAAA,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC;AAClD,gBAAA,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC;AAC3B,gBAAA,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;AACpB,gBAAA,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC;;gBAEhC,IAAI,CAAC,UAAU,EAAE;YACnB;AACF,QAAA,CAAC,CAAC;QAEJ,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,KAAI;AAC7C,YAAA,IAAI,CAAC,CAAC,IAAI,KAAK,gBAAgB,EAAE;AAC/B,gBAAA,MAAM,IAAI,CAAC,aAAa,EAAE;YAC5B;AACF,QAAA,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,KAAI;AAC7C,YAAA,IAAI,CAAC,CAAC,IAAI,KAAK,mBAAmB,EAAE;AAClC,gBAAA,IAAI,IAAI,CAAC,KAAK,EAAE,IAAI,IAAI,EAAE;AACxB,oBAAA,MAAM,IAAI,CAAC,aAAa,EAAE;gBAC5B;YACF;AACF,QAAA,CAAC,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,KAAI;AACvC,YAAA,IAAI,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE;AACvB,gBAAA,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC;AACxD,gBAAA,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC;AAC3B,gBAAA,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;AACpB,gBAAA,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC;;gBAEhC,IAAI,CAAC,UAAU,EAAE;YACnB;AACF,QAAA,CAAC,CAAC;;;QAIF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,KAAK,KAAI;AAC3C,YAAA,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,QAAQ,CAAC;;;YAGpF,IAAI,KAAK,CAAC,GAAG,KAAK,cAAc,KAAK,KAAK,CAAC,QAAQ,KAAK,IAAI,IAAI,KAAK,CAAC,QAAQ,KAAK,EAAE,CAAC,IAAI,IAAI,CAAC,gBAAgB,EAAE,EAAE;AACjH,gBAAA,OAAO,CAAC,KAAK,CAAC,mFAAmF,CAAC;AAClG,gBAAA,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC;AAC3B,gBAAA,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;AACpB,gBAAA,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC;;gBAEhC,IAAI,CAAC,UAAU,EAAE;YACnB;AACF,QAAA,CAAC,CAAC;;;AAIF,QAAA,IAAI,OAAO,gBAAgB,KAAK,WAAW,EAAE;AAC3C,YAAA,OAAO,CAAC,KAAK,CAAC,+EAA+E,CAAC;AAC9F,YAAA,MAAM,aAAa,GAAG,IAAI,gBAAgB,CAAC,kBAAkB,CAAC;AAC9D,YAAA,aAAa,CAAC,SAAS,GAAG,CAAC,KAAK,KAAI;gBAClC,OAAO,CAAC,KAAK,CAAC,qDAAqD,EAAE,KAAK,CAAC,IAAI,CAAC;AAChF,gBAAA,IAAI,KAAK,CAAC,IAAI,EAAE,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,gBAAgB,EAAE,EAAE;AAC5D,oBAAA,OAAO,CAAC,KAAK,CAAC,yDAAyD,CAAC;AACxE,oBAAA,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC;AAC3B,oBAAA,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;AACpB,oBAAA,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC;oBAChC,IAAI,CAAC,UAAU,EAAE;gBACnB;AACF,YAAA,CAAC;QACH;aAAO;AACL,YAAA,OAAO,CAAC,IAAI,CAAC,kEAAkE,CAAC;QAClF;IACF;AAEA;;AAEG;AACI,IAAA,QAAQ,CAAC,IAAW,EAAA;AACzB,QAAA,OAAO,IAAI,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK;IACpD;AAEA;;AAEG;IACI,cAAc,GAAA;AACnB,QAAA,OAAO,IAAI,CAAC,gBAAgB,EAAE,oBAAoB,IAAI,IAAI;IAC5D;AAEA;;;;;AAKG;IACI,kBAAkB,GAAA;AACvB,QAAA,OAAO,IAAI,CAAC,YAAY,EAAE;IAC5B;AAEA;;AAEG;IACI,KAAK,GAAA;AACV,QAAA,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE;IACtC;AAEA;;AAEG;IACI,MAAM,GAAA;AACX,QAAA,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC;IACjC;AAEA;;AAEG;IACI,MAAM,UAAU,CAAC,gBAAkC,EAAA;AACxD,QAAA,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC;AAEtD,QAAA,MAAM,IAAI,CAAC,YAAY,EAAE;AAEzB,QAAA,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE;YAC1B;QACF;AACA,QAAA,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE;AACzB,YAAA,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC;YACjE;QACF;AACA,QAAA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC;AAE9B,QAAA,IAAI;AACF,YAAA,MAAM,MAAM,GAAe;AACzB,gBAAA,YAAY,EAAE,MAAM;gBACpB,MAAM,EAAE,gBAAgB,CAAC,MAAM;gBAC/B,WAAW,EAAE,gBAAgB,CAAC,WAAW;gBACzC,qBAAqB,EAAE,gBAAgB,CAAC,qBAAqB;gBAC7D,QAAQ,EAAE,gBAAgB,CAAC,QAAQ;gBACnC,KAAK,EAAE,gBAAgB,CAAC,KAAK;gBAC7B,oBAAoB,EAAE,gBAAgB,CAAC,oBAAoB;gBAC3D,oBAAoB,EAAE,gBAAgB,CAAC,oBAAoB;gBAC3D,qBAAqB,EAAE,EAAE,GAAG,IAAI;AAChC,gBAAA,sBAAsB,EAAE;aACzB;AAED,YAAA,IAAI,CAAC,gBAAgB,GAAG,gBAAgB;AAExC,YAAA,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,YAAY,CAAC;AAC1C,YAAA,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC;AACnC,YAAA,OAAO,CAAC,KAAK,CAAC,mEAAmE,CAAC;AAClF,YAAA,MAAM,IAAI,CAAC,YAAY,CAAC,gCAAgC,EAAE;AAE1D,YAAA,OAAO,CAAC,KAAK,CAAC,2DAA2D,CAAC;AAC1E,YAAA,IAAI,CAAC,YAAY,CAAC,2BAA2B,EAAE;YAE/C,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,IAAI,IAAI,CAAC;AAEjD,YAAA,IAAI,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,EAAE;;AAEvC,gBAAA,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC;AAC9D,gBAAA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC;AAC9B,gBAAA,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE;YACxC;AAEA,YAAA,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC;AAC7B,YAAA,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC;QACrD;gBAAU;AACR,YAAA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC;QACjC;AAEA,QAAA,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC;IAC1D;AAEA;;AAEG;AACI,IAAA,MAAM,YAAY,GAAA;AACvB,QAAA,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC;AAExD,QAAA,IAAI,IAAI,CAAC,eAAe,EAAE,EAAE;YAC1B;QACF;AACA,QAAA,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE;AAC1B,YAAA,OAAO,CAAC,KAAK,CAAC,sDAAsD,CAAC;YACrE;QACF;AAEA,QAAA,IAAI;AACF,YAAA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC;AAE9B,YAAA,IAAI,CAAC,YAAY,CAAC,oBAAoB,EAAE;AAExC,YAAA,IAAI,CAAC,gBAAgB,GAAG,IAAI;AAE5B,YAAA,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC;AAC9B,YAAA,OAAO,CAAC,KAAK,CAAC,sCAAsC,CAAC;QACvD;gBAAU;AACR,YAAA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC;QACjC;AAEA,QAAA,OAAO,CAAC,KAAK,CAAC,2CAA2C,CAAC;IAC5D;AAEQ,IAAA,MAAM,aAAa,GAAA;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,iBAAiB,EAAE;QACpD,IAAI,CAAC,MAAM,EAAE;AACX,YAAA,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC;YAC/D;QACF;QAEA,MAAM,IAAI,GAAG,MAAe;QAC5B,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,UAAU,EAAE;AACvC,YAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;AACvE,YAAA,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC;QAClC;aAAO;YACL,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACnE;QAEA,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE;AACtD,QAAA,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;AACpB,QAAA,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;AAClC,QAAA,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC;AAC/B,QAAA,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC;AAC/B,QAAA,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC;IACxD;AAEA;;;AAGG;IACO,UAAU,GAAA;AAClB,QAAA,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE;IAC1B;uGA1SW,gBAAgB,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA;2GAAhB,gBAAgB,EAAA,CAAA;;2FAAhB,gBAAgB,EAAA,UAAA,EAAA,CAAA;kBAD5B;;;IC9BW;AAAZ,CAAA,UAAY,KAAK,EAAA;AACf,IAAA,KAAA,CAAA,qBAAA,CAAA,GAAA,qBAA2C;AAC3C,IAAA,KAAA,CAAA,iBAAA,CAAA,GAAA,iBAAmC;AACnC,IAAA,KAAA,CAAA,sBAAA,CAAA,GAAA,sBAA6C;AAC7C,IAAA,KAAA,CAAA,eAAA,CAAA,GAAA,eAA+B;AAC/B,IAAA,KAAA,CAAA,gBAAA,CAAA,GAAA,gBAAiC;AACjC,IAAA,KAAA,CAAA,yBAAA,CAAA,GAAA,yBAAmD;AACnD,IAAA,KAAA,CAAA,kBAAA,CAAA,GAAA,kBAAqC;AACrC,IAAA,KAAA,CAAA,aAAA,CAAA,GAAA,aAA2B;AAC7B,CAAC,EATW,KAAK,KAAL,KAAK,GAAA,EAAA,CAAA,CAAA;;ACIjB;AACA;AACA;AAEA;;AAEG;AACH,SAAS,eAAe,CAAC,GAAyB,EAAA;;AAEhD,IAAA,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA,EAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAA,CAAA,CAAG,CAAC,EAAE;AACpD,QAAA,OAAO,IAAI;IACb;;;AAIA,IAAA,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA,EAAA,EAAK,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAA,CAAA,CAAG,CAAC,EAAE;AACpD,QAAA,OAAO,IAAI;IACb;;IAGA,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;AAC7B,QAAA,OAAO,IAAI;IACb;;AAGA,IAAA,OAAO,KAAK;AACd;AAEA;;AAEG;AACH,SAAS,iBAAiB,CAAC,GAAyB,EAAE,WAA4B,EAAA;AAChF,IAAA,IAAI,WAAW,IAAI,IAAI,EAAE;AACvB,QAAA,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE;AAClC,gBAAA,OAAO,IAAI;YACb;QACF;IACF;AACA,IAAA,OAAO,KAAK;AACd;AAEA;AACA;AACA;AAEA;;;;;;;;;;;;;;;;;;;;AAoBG;MACU,oBAAoB,GAAsB,CAAC,GAAyB,EAAE,IAAmB,KAAI;AACxG,IAAA,MAAM,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;AACjD,IAAA,MAAM,KAAK,GAAG,gBAAgB,CAAC,kBAAkB,EAAE;AACnD,IAAA,MAAM,WAAW,GAAG,gBAAgB,CAAC,cAAc,EAAE;AAErD,IAAA,IAAI,KAAK,KAAK,eAAe,CAAC,GAAG,CAAC,IAAI,iBAAiB,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,EAAE;AAC1E,QAAA,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC;AACd,YAAA,UAAU,EAAE;gBACV,aAAa,EAAE,CAAA,OAAA,EAAU,KAAK,CAAA;AAC/B;AACF,SAAA,CAAC;IACJ;AAEA,IAAA,OAAO,IAAI,CAAC,GAAG,CAAC;AAClB;;ACjFA;;;;;;;;;;;;;;;AAeG;MACU,cAAc,GAAkB,OAAO,KAA6B,KAAI;AACnF,IAAA,MAAM,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;AACjD,IAAA,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;;AAG7B,IAAA,MAAM,eAAe,GAAG,gBAAgB,CAAC,eAAe,EAAE;IAE1D,IAAI,CAAC,eAAe,EAAE;QACpB,gBAAgB,CAAC,KAAK,EAAE;AACxB,QAAA,OAAO,KAAK;IACd;;AAGA,IAAA,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,EAAE;IAC1C,MAAM,aAAa,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAyB;AAEjE,IAAA,IAAI,aAAa,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE;QAC1E,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;AAC3B,QAAA,OAAO,KAAK;IACd;AAEA,IAAA,OAAO,IAAI;AACb;AAEA;;;;;;;;;;;;;AAaG;AACI,MAAM,mBAAmB,GAAkB;AAElD;;;;;;;;;;;;AAYG;AACI,MAAM,mBAAmB,GAAe,MAAK;AAClD,IAAA,MAAM,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;;AAGjD,IAAA,MAAM,eAAe,GAAG,gBAAgB,CAAC,eAAe,EAAE;IAE1D,IAAI,CAAC,eAAe,EAAE;QACpB,gBAAgB,CAAC,KAAK,EAAE;AACxB,QAAA,OAAO,KAAK;IACd;AAEA,IAAA,OAAO,IAAI;AACb;AAEA;;;;;;;;AAQG;MACU,wBAAwB,GAAG,MAAM;;AChG9C;;AAEG;AAqBH;AACA;AAEA;;;;;;;;;;;;;;;;;;;;;AAqBG;SACa,mBAAmB,GAAA;AACjC,IAAA,OAAO,wBAAwB,CAAC;AAC9B,QAAA,kBAAkB,EAAE;QACpB;AACD,KAAA,CAAC;AACJ;;ACrDA;;AAEG;;;;"}
package/package.json CHANGED
@@ -1,24 +1,46 @@
1
1
  {
2
2
  "name": "@meshmakers/shared-auth",
3
- "version": "3.3.33",
3
+ "version": "3.3.380",
4
4
  "peerDependencies": {
5
- "@angular/common": "^20.3.9",
6
- "@angular/core": "^20.3.9",
5
+ "@angular/common": "^21.0.6",
6
+ "@angular/core": "^21.0.6",
7
+ "@progress/kendo-angular-buttons": "^21.3.0",
8
+ "@progress/kendo-angular-indicators": "^21.3.0",
9
+ "@progress/kendo-angular-layout": "^21.3.0",
10
+ "@progress/kendo-angular-popup": "^21.3.0",
7
11
  "angular-oauth2-oidc": "^20.0.2"
8
12
  },
13
+ "peerDependenciesMeta": {
14
+ "@progress/kendo-angular-buttons": {
15
+ "optional": true
16
+ },
17
+ "@progress/kendo-angular-indicators": {
18
+ "optional": true
19
+ },
20
+ "@progress/kendo-angular-layout": {
21
+ "optional": true
22
+ },
23
+ "@progress/kendo-angular-popup": {
24
+ "optional": true
25
+ }
26
+ },
9
27
  "dependencies": {
10
28
  "tslib": "^2.8.1"
11
29
  },
12
30
  "sideEffects": false,
13
31
  "module": "fesm2022/meshmakers-shared-auth.mjs",
14
- "typings": "index.d.ts",
32
+ "typings": "types/meshmakers-shared-auth.d.ts",
15
33
  "exports": {
16
34
  "./package.json": {
17
35
  "default": "./package.json"
18
36
  },
19
37
  ".": {
20
- "types": "./index.d.ts",
38
+ "types": "./types/meshmakers-shared-auth.d.ts",
21
39
  "default": "./fesm2022/meshmakers-shared-auth.mjs"
40
+ },
41
+ "./login-ui": {
42
+ "types": "./types/meshmakers-shared-auth-login-ui.d.ts",
43
+ "default": "./fesm2022/meshmakers-shared-auth-login-ui.mjs"
22
44
  }
23
45
  }
24
46
  }
package/types/meshmakers-shared-auth-login-ui.d.ts ADDED
@@ -0,0 +1,42 @@
1
+ import * as i0 from '@angular/core';
2
+ import { OnInit, Signal, WritableSignal, EventEmitter } from '@angular/core';
3
+ import { AuthorizeService } from '@meshmakers/shared-auth';
4
+
5
+ declare class LoginAppBarSectionComponent implements OnInit {
6
+ protected readonly authorizeService: AuthorizeService;
7
+ private readonly _register;
8
+ private _showRegister;
9
+ private _showPopup;
10
+ /**
11
+ * Computed signal for the user's display name.
12
+ */
13
+ protected readonly userName: Signal<string | null>;
14
+ /**
15
+ * Computed signal for the user's full name (given name + family name).
16
+ */
17
+ protected readonly fullName: Signal<string | null>;
18
+ /**
19
+ * Signal for the profile management URI.
20
+ */
21
+ protected readonly profileUri: WritableSignal<string | null>;
22
+ private anchor;
23
+ private popup;
24
+ constructor();
25
+ ngOnInit(): Promise<void>;
26
+ get register(): EventEmitter<any>;
27
+ get showPopup(): boolean;
28
+ set showPopup(value: boolean);
29
+ get showRegister(): boolean;
30
+ set showRegister(value: boolean);
31
+ keydown(event: KeyboardEvent): void;
32
+ documentClick(event: MouseEvent): void;
33
+ private contains;
34
+ onToggle(show?: boolean): void;
35
+ protected onLogin(): void;
36
+ protected onLogout(): void;
37
+ protected onRegister(): void;
38
+ static ɵfac: i0.ɵɵFactoryDeclaration<LoginAppBarSectionComponent, never>;
39
+ static ɵcmp: i0.ɵɵComponentDeclaration<LoginAppBarSectionComponent, "mm-login-app-bar-section", never, { "showRegister": { "alias": "showRegister"; "required": false; }; }, { "register": "register"; }, never, never, true, never>;
40
+ }
41
+
42
+ export { LoginAppBarSectionComponent };
package/types/meshmakers-shared-auth.d.ts ADDED
@@ -0,0 +1,222 @@
1
+ import * as i0 from '@angular/core';
2
+ import { Signal, EnvironmentProviders } from '@angular/core';
3
+ import { CanActivateFn, CanMatchFn } from '@angular/router';
4
+ import { HttpInterceptorFn } from '@angular/common/http';
5
+
6
+ declare enum Roles {
7
+ ReportingManagement = "ReportingManagement",
8
+ ReportingViewer = "ReportingViewer",
9
+ AdminPanelManagement = "AdminPanelManagement",
10
+ BotManagement = "BotManagement",
11
+ UserManagement = "UserManagement",
12
+ CommunicationManagement = "CommunicationManagement",
13
+ TenantManagement = "TenantManagement",
14
+ Development = "Development"
15
+ }
16
+
17
+ interface IUser {
18
+ family_name: string | null;
19
+ given_name: string | null;
20
+ name: string;
21
+ role: string[] | null;
22
+ sub: string;
23
+ idp: string;
24
+ email: string | null;
25
+ }
26
+ declare class AuthorizeOptions {
27
+ wellKnownServiceUris?: string[];
28
+ issuer?: string;
29
+ redirectUri?: string;
30
+ postLogoutRedirectUri?: string;
31
+ clientId?: string;
32
+ scope?: string;
33
+ showDebugInformation?: boolean;
34
+ sessionChecksEnabled?: boolean;
35
+ }
36
+ declare class AuthorizeService {
37
+ private readonly oauthService;
38
+ private readonly _isAuthenticated;
39
+ private readonly _issuer;
40
+ private readonly _accessToken;
41
+ private readonly _user;
42
+ private readonly _userInitials;
43
+ private readonly _isInitialized;
44
+ private readonly _isInitializing;
45
+ private readonly _sessionLoading;
46
+ private authorizeOptions;
47
+ /**
48
+ * Signal indicating whether the user is currently authenticated.
49
+ */
50
+ readonly isAuthenticated: Signal<boolean>;
51
+ /**
52
+ * Signal containing the issuer URL.
53
+ */
54
+ readonly issuer: Signal<string | null>;
55
+ /**
56
+ * Signal containing the current access token.
57
+ */
58
+ readonly accessToken: Signal<string | null>;
59
+ /**
60
+ * Signal containing the current user information.
61
+ */
62
+ readonly user: Signal<IUser | null>;
63
+ /**
64
+ * Computed signal containing the user's initials (e.g., "JD" for John Doe).
65
+ */
66
+ readonly userInitials: Signal<string | null>;
67
+ /**
68
+ * Signal indicating whether the session is currently loading.
69
+ */
70
+ readonly sessionLoading: Signal<boolean>;
71
+ /**
72
+ * Computed signal containing the user's roles.
73
+ */
74
+ readonly roles: Signal<string[]>;
75
+ constructor();
76
+ /**
77
+ * Checks if the current user has the specified role.
78
+ */
79
+ isInRole(role: Roles): boolean;
80
+ /**
81
+ * Gets the configured service URIs that should receive the authorization token.
82
+ */
83
+ getServiceUris(): string[] | null;
84
+ /**
85
+ * Gets the current access token synchronously.
86
+ * Use this for functional interceptors that need immediate access to the token.
87
+ *
88
+ * @returns The current access token or null if not authenticated
89
+ */
90
+ getAccessTokenSync(): string | null;
91
+ /**
92
+ * Initiates the login flow.
93
+ */
94
+ login(): void;
95
+ /**
96
+ * Logs out the current user.
97
+ */
98
+ logout(): void;
99
+ /**
100
+ * Initializes the authorization service with the specified options.
101
+ */
102
+ initialize(authorizeOptions: AuthorizeOptions): Promise<void>;
103
+ /**
104
+ * Uninitializes the authorization service.
105
+ */
106
+ uninitialize(): Promise<void>;
107
+ private loadUserAsync;
108
+ /**
109
+ * Reloads the page. This method is protected to allow mocking in tests.
110
+ * @internal
111
+ */
112
+ protected reloadPage(): void;
113
+ static ɵfac: i0.ɵɵFactoryDeclaration<AuthorizeService, never>;
114
+ static ɵprov: i0.ɵɵInjectableDeclaration<AuthorizeService>;
115
+ }
116
+
117
+ /**
118
+ * Functional HTTP interceptor that adds Bearer token to authorized requests.
119
+ *
120
+ * Adds the Authorization header to requests that are either:
121
+ * - Same-origin requests (relative URLs or same host)
122
+ * - Requests to known service URIs configured in AuthorizeOptions
123
+ *
124
+ * @example
125
+ * ```typescript
126
+ * // app.config.ts
127
+ * import { provideHttpClient, withInterceptors } from '@angular/common/http';
128
+ * import { authorizeInterceptor } from '@meshmakers/shared-auth';
129
+ *
130
+ * export const appConfig: ApplicationConfig = {
131
+ * providers: [
132
+ * provideHttpClient(withInterceptors([authorizeInterceptor])),
133
+ * provideMmSharedAuth(),
134
+ * ]
135
+ * };
136
+ * ```
137
+ */
138
+ declare const authorizeInterceptor: HttpInterceptorFn;
139
+
140
+ /**
141
+ * Handles authorization check for route activation.
142
+ * Redirects to login if not authenticated, or to home if user lacks required roles.
143
+ *
144
+ * @param route - The activated route snapshot containing route data
145
+ * @returns true if authorized, false otherwise
146
+ *
147
+ * @example
148
+ * ```typescript
149
+ * // Route without role requirements
150
+ * { path: 'dashboard', component: DashboardComponent, canActivate: [authorizeGuard] }
151
+ *
152
+ * // Route with role requirements
153
+ * { path: 'admin', component: AdminComponent, canActivate: [authorizeGuard], data: { roles: ['AdminPanelManagement'] } }
154
+ * ```
155
+ */
156
+ declare const authorizeGuard: CanActivateFn;
157
+ /**
158
+ * Guard for child routes. Delegates to authorizeGuard.
159
+ *
160
+ * @example
161
+ * ```typescript
162
+ * {
163
+ * path: 'parent',
164
+ * canActivateChild: [authorizeChildGuard],
165
+ * children: [
166
+ * { path: 'child', component: ChildComponent, data: { roles: ['RequiredRole'] } }
167
+ * ]
168
+ * }
169
+ * ```
170
+ */
171
+ declare const authorizeChildGuard: CanActivateFn;
172
+ /**
173
+ * Guard for lazy-loaded routes. Checks if user is authenticated.
174
+ * Replaces the deprecated canLoad guard.
175
+ *
176
+ * @example
177
+ * ```typescript
178
+ * {
179
+ * path: 'lazy',
180
+ * loadChildren: () => import('./lazy/lazy.routes'),
181
+ * canMatch: [authorizeMatchGuard]
182
+ * }
183
+ * ```
184
+ */
185
+ declare const authorizeMatchGuard: CanMatchFn;
186
+ /**
187
+ * Guard that always allows deactivation.
188
+ * Use this as a placeholder or override in specific routes.
189
+ *
190
+ * @example
191
+ * ```typescript
192
+ * { path: 'form', component: FormComponent, canDeactivate: [authorizeDeactivateGuard] }
193
+ * ```
194
+ */
195
+ declare const authorizeDeactivateGuard: () => boolean;
196
+
197
+ /**
198
+ * Provides all shared-auth dependencies.
199
+ *
200
+ * @example
201
+ * ```typescript
202
+ * // app.config.ts
203
+ * import { provideHttpClient, withInterceptors } from '@angular/common/http';
204
+ * import { provideMmSharedAuth, authorizeInterceptor } from '@meshmakers/shared-auth';
205
+ *
206
+ * export const appConfig: ApplicationConfig = {
207
+ * providers: [
208
+ * provideHttpClient(withInterceptors([authorizeInterceptor])),
209
+ * provideMmSharedAuth(),
210
+ * // ... other providers
211
+ * ]
212
+ * };
213
+ * ```
214
+ *
215
+ * @remarks
216
+ * Functional guards and interceptors don't need to be provided - they use inject() internally.
217
+ * For the functional interceptor, use `provideHttpClient(withInterceptors([authorizeInterceptor]))`.
218
+ */
219
+ declare function provideMmSharedAuth(): EnvironmentProviders;
220
+
221
+ export { AuthorizeOptions, AuthorizeService, Roles, authorizeChildGuard, authorizeDeactivateGuard, authorizeGuard, authorizeInterceptor, authorizeMatchGuard, provideMmSharedAuth };
222
+ export type { IUser };
package/index.d.ts DELETED
@@ -1,118 +0,0 @@
1
- import { Observable } from 'rxjs';
2
- import * as i0 from '@angular/core';
3
- import { OnInit, ModuleWithProviders } from '@angular/core';
4
- import * as i2 from '@angular/common';
5
- import * as i3 from '@angular/common/http';
6
- import { HttpInterceptor, HttpRequest, HttpHandler, HttpEvent } from '@angular/common/http';
7
- import * as i4 from 'angular-oauth2-oidc';
8
- import * as i5 from '@angular/router';
9
- import { ActivatedRouteSnapshot, RouterStateSnapshot, UrlTree, Route, UrlSegment } from '@angular/router';
10
-
11
- declare enum Roles {
12
- ReportingManagement = "ReportingManagement",
13
- ReportingViewer = "ReportingViewer",
14
- AdminPanelManagement = "AdminPanelManagement",
15
- BotManagement = "BotManagement",
16
- UserManagement = "UserManagement",
17
- CommunicationManagement = "CommunicationManagement",
18
- TenantManagement = "TenantManagement",
19
- Development = "Development"
20
- }
21
-
22
- interface IUser {
23
- family_name: string | null;
24
- given_name: string | null;
25
- name: string;
26
- role: string[] | null;
27
- sub: string;
28
- idp: string;
29
- email: string | null;
30
- }
31
- declare class AuthorizeOptions {
32
- wellKnownServiceUris?: string[];
33
- issuer?: string;
34
- redirectUri?: string;
35
- postLogoutRedirectUri?: string;
36
- clientId?: string;
37
- scope?: string;
38
- showDebugInformation?: boolean;
39
- sessionChecksEnabled?: boolean;
40
- usePopupFlow?: boolean;
41
- }
42
- declare class AuthorizeService {
43
- private readonly oauthService;
44
- private readonly _isAuthenticated;
45
- private readonly _issuer;
46
- private readonly _accessToken;
47
- private readonly _user;
48
- private readonly _userInitials;
49
- private readonly _isInitialized;
50
- private readonly _isInitializing;
51
- private readonly _sessionLoading;
52
- private authorizeOptions;
53
- constructor();
54
- isInRole(role: Roles): boolean;
55
- getRoles(): Observable<string[]>;
56
- getServiceUris(): string[] | null;
57
- get issuer(): Observable<string | null>;
58
- get isAuthenticated(): Observable<boolean>;
59
- get sessionLoading(): Observable<boolean>;
60
- get accessToken(): Observable<string | null>;
61
- get user(): Observable<IUser | null>;
62
- get userInitials(): Observable<string | null>;
63
- login(): void;
64
- protected loginWithPopup(): void;
65
- logout(): void;
66
- initialize(authorizeOptions: AuthorizeOptions): Promise<void>;
67
- uninitialize(): Promise<void>;
68
- private loadUserAsync;
69
- static ɵfac: i0.ɵɵFactoryDeclaration<AuthorizeService, never>;
70
- static ɵprov: i0.ɵɵInjectableDeclaration<AuthorizeService>;
71
- }
72
-
73
- declare class LoginMenuComponent implements OnInit {
74
- private readonly authorizeService;
75
- isAuthenticated: Observable<boolean>;
76
- userName: Observable<string | null>;
77
- constructor();
78
- ngOnInit(): void;
79
- login(): void;
80
- logout(): void;
81
- register(): void;
82
- static ɵfac: i0.ɵɵFactoryDeclaration<LoginMenuComponent, never>;
83
- static ɵcmp: i0.ɵɵComponentDeclaration<LoginMenuComponent, "mm-login-menu", never, {}, {}, never, never, false, never>;
84
- }
85
-
86
- declare class SharedAuthModule {
87
- static forRoot(authorizeOptions: AuthorizeOptions): ModuleWithProviders<SharedAuthModule>;
88
- static ɵfac: i0.ɵɵFactoryDeclaration<SharedAuthModule, never>;
89
- static ɵmod: i0.ɵɵNgModuleDeclaration<SharedAuthModule, [typeof LoginMenuComponent], [typeof i2.CommonModule, typeof i3.HttpClientModule, typeof i4.OAuthModule, typeof i5.RouterLink], [typeof LoginMenuComponent]>;
90
- static ɵinj: i0.ɵɵInjectorDeclaration<SharedAuthModule>;
91
- }
92
-
93
- declare class AuthorizeInterceptor implements HttpInterceptor {
94
- private readonly authorize;
95
- accessToken: string | null;
96
- constructor();
97
- private static isSameOriginUrl;
98
- intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>>;
99
- private processRequestWithToken;
100
- private isKnownServiceUri;
101
- static ɵfac: i0.ɵɵFactoryDeclaration<AuthorizeInterceptor, never>;
102
- static ɵprov: i0.ɵɵInjectableDeclaration<AuthorizeInterceptor>;
103
- }
104
-
105
- declare class AuthorizeGuard {
106
- private readonly authorizeService;
107
- private readonly router;
108
- canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree;
109
- canActivateChild(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree;
110
- canDeactivate(_component: unknown, _currentRoute: ActivatedRouteSnapshot, _currentState: RouterStateSnapshot, _nextState?: RouterStateSnapshot): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree;
111
- canLoad(_route: Route, _segments: UrlSegment[]): Observable<boolean> | Promise<boolean> | boolean;
112
- private handleAuthorization;
113
- static ɵfac: i0.ɵɵFactoryDeclaration<AuthorizeGuard, never>;
114
- static ɵprov: i0.ɵɵInjectableDeclaration<AuthorizeGuard>;
115
- }
116
-
117
- export { AuthorizeGuard, AuthorizeInterceptor, AuthorizeOptions, AuthorizeService, LoginMenuComponent, Roles, SharedAuthModule };
118
- export type { IUser };