@odx/auth 7.0.0 → 8.0.1

package/fesm2022/odx-auth.mjs

@@ -1,6 +1,6 @@
 import * as i0 from '@angular/core';
-import { inject, EnvironmentInjector, InjectionToken, Injectable, ErrorHandler, Component, ChangeDetectionStrategy, ViewEncapsulation, Input, Directive, EventEmitter, Output, HostListener, NgModule, makeEnvironmentProviders, ENVIRONMENT_INITIALIZER, APP_INITIALIZER } from '@angular/core';
-import { WindowRef, CoreModule } from '@odx/angular';
+import { inject, EnvironmentInjector, InjectionToken, Injector, Injectable, Component, ChangeDetectionStrategy, ViewEncapsulation, Input, DestroyRef, ENVIRONMENT_INITIALIZER, makeEnvironmentProviders, APP_INITIALIZER, ErrorHandler, Directive, EventEmitter, Output, HostListener, NgModule } from '@angular/core';
+import { Environment, WindowRef, CoreModule } from '@odx/angular';
 import * as i3$1 from '@odx/angular/components/area-header';
 import { AreaHeaderModule } from '@odx/angular/components/area-header';
 import * as i8 from '@odx/angular/components/dropdown';
@@ -10,30 +10,35 @@ import * as i1$1 from '@odx/angular/components/loading-spinner';
 import { LoadingSpinnerDirective, LoadingSpinnerModule } from '@odx/angular/components/loading-spinner';
 import { LogoDirective } from '@odx/angular/components/logo';
 import { TranslatePipe, provideTranslations } from '@odx/angular/internal/translate';
-import { isString, createConfigTokens, injectElement, untilDestroyed, Position, buildUrl } from '@odx/angular/utils';
-import { OAuthErrorEvent, OAuthService, provideOAuthClient, OAuthModuleConfig, OAuthStorage } from 'angular-oauth2-oidc';
-import { filter, switchMap, BehaviorSubject, map, distinctUntilChanged, share, of, combineLatest, catchError, tap, take, fromEvent, startWith, shareReplay, merge, EMPTY } from 'rxjs';
-import { HttpErrorResponse } from '@angular/common/http';
+import { buildUrl, isString, CacheStorageClient, matchUrl, injectElement, isNumber, isNonEmptyString, createConfigTokens, untilDestroyed, Position } from '@odx/angular/utils';
+import { OAuthErrorEvent, OAuthService, provideOAuthClient, OAuthStorage } from 'angular-oauth2-oidc';
+import { filter, switchMap, firstValueFrom, mergeMap, map, of, tap, BehaviorSubject, distinctUntilChanged, share, combineLatest, take, timeout, catchError, fromEvent, startWith, shareReplay, merge, EMPTY } from 'rxjs';
+import { HttpRequest, provideHttpClient, withInterceptors, HttpErrorResponse } from '@angular/common/http';
 import { Router } from '@angular/router';
 import { deepmerge } from 'deepmerge-ts';
+import { DynamicViewDirective, DynamicViewService } from '@odx/angular/cdk/dynamic-view';
+import { Logger, CSSComponent } from '@odx/angular/internal';
 import { __decorate } from 'tslib';
 import * as i2 from '@odx/angular/components/list';
 import { ListModule } from '@odx/angular/components/list';
-import { CSSComponent } from '@odx/angular/internal';
 import * as i1 from '@angular/common';
 import { CommonModule, NgIf } from '@angular/common';
 import * as i3 from '@odx/angular/components/icon';
 import { IconComponent } from '@odx/angular/components/icon';
 import { trigger, transition, useAnimation } from '@angular/animations';
 import { fadeOut } from '@odx/angular/animations';
-import { DynamicViewDirective, DynamicViewService } from '@odx/angular/cdk/dynamic-view';
 import * as i6 from '@odx/angular/components/button';
 import { ButtonComponent } from '@odx/angular/components/button';
 import { CircularProgressComponent } from '@odx/angular/components/circular-progress';
+import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
 import * as i2$1 from '@ngrx/component';
 import * as i4 from '@odx/angular/components/avatar';
 import * as i5 from '@odx/angular/components/action-group';
 
+function createAuthHostUrl(environment, ...segments) {
+    return buildUrl(ODX_AUTH_HOSTS[environment], ...segments);
+}
+
 function createInitials(value) {
     if (!value)
         return '';
@@ -101,103 +106,47 @@ function resolveUsername(claims) {
     return '';
 }
 
-const DEFAULT_AUTH_SCOPES = ['openid', 'profile', 'email', 'offline_access'];
-const DEFAULT_OKTA_URLS = {
-    dev: 'https://dev.login.draeger.com',
-    stage: 'https://test.login.draeger.com',
-    prod: 'https://login.draeger.com',
-};
-const DEFAULT_USER_PROFILE_URLS = {
-    dev: 'https://lemon-ocean-04a922703.3.azurestaticapps.net',
-    stage: 'https://purple-cliff-0e61c5703.3.azurestaticapps.net',
-    prod: 'https://id.draeger.com',
-};
-const ODX_AUTH_CORE_PLUGINS = new InjectionToken('@odx/auth::CorePlugins', {
-    providedIn: 'root',
-    factory: () => [],
-});
-const ODX_AUTH_ERROR_HANDLERS = new InjectionToken('@odx/auth::ErrorHandlers', {
-    providedIn: 'root',
-    factory: () => [],
-});
-const ODX_AUTH_PLUGINS = new InjectionToken('@odx/auth::Plugins', {
-    providedIn: 'root',
-    factory: () => {
-        const { plugins } = injectAuthConfig();
-        const corePlugins = inject(ODX_AUTH_CORE_PLUGINS);
-        return [...corePlugins, ...plugins].map((pluginFactory) => pluginFactory());
-    },
-});
-const { AuthDefaultConfig, AuthConfig, injectAuthConfig, provideAuthConfig } = createConfigTokens('Auth', '@odx/auth', {
-    environment: 'prod',
-    redirectPath: 'login/callback',
-    allowedUrls: [],
-    timeoutFactor: 0.75,
-    maxOfflineTime: 24 * 60 * 60,
-    loadUserProfile: false,
-    errorHandler: (error) => {
-        throw error;
-    },
-    createInitials,
-    resolveEmail,
-    resolveUsername,
-    plugins: [],
-    defaultAuthorizedHandler: null,
-    enableLoadingScreen: true,
-    loadingScreenMessage: null,
-    refreshTokenOnInit: true,
-    requireSignIn: false,
-});
+function setHttpAuthHeader(req, token) {
+    if (!token)
+        return req;
+    const header = `Bearer ${token}`;
+    if (req instanceof HttpRequest) {
+        return req.clone({ headers: req.headers.set(AUTH_HTTP_HEADER, header) });
+    }
+    req.headers.set(AUTH_HTTP_HEADER, header);
+    return req;
+}
 
-var translations = {
-    en: {
-        userProfileLink: 'My profile',
-        signInButtonText: 'Sign in',
-        signOutButtonText: 'Sign out',
-    },
-    de: {
-        userProfileLink: 'Mein Profil',
-        signInButtonText: 'Einloggen',
-        signOutButtonText: 'Ausloggen',
-    },
-};
+const AuthEnvironment = Environment;
 
 const ODX_AUTH_HTTP_CACHE_STORAGE = new InjectionToken('@odx/auth::AuthHttpCacheStorage', {
     providedIn: 'root',
     factory: () => inject(WindowRef).nativeWindow.caches,
 });
+const ODX_AUTH_HTTP_CACHE_STORAGE_CLIENT = new InjectionToken('@odx/auth::AuthHttpCacheStorageClient', {
+    providedIn: 'root',
+    factory: () => new CacheStorageClient('@odx/auth/http-cache', inject(ODX_AUTH_HTTP_CACHE_STORAGE)),
+});
 class AuthHttpCache {
-    static { this.CACHE_KEY = '@odx/auth/http-cache'; }
     constructor() {
-        this.cacheStorage = inject(ODX_AUTH_HTTP_CACHE_STORAGE);
+        this.cacheStorage = inject(ODX_AUTH_HTTP_CACHE_STORAGE_CLIENT);
         this.oauthService = inject(OAuthService);
+        this.injector = inject(Injector);
         this.oauthService.events.pipe(handleOAuthEvent('logout', () => this.deleteAll())).subscribe();
     }
     async deleteAll() {
-        const cache = await this.cacheStorage.open(AuthHttpCache.CACHE_KEY);
-        for (const key of await cache.keys()) {
-            await cache.delete(key);
-        }
+        await this.cacheStorage.deleteAll();
     }
     async delete(request) {
-        const cache = await this.cacheStorage.open(AuthHttpCache.CACHE_KEY);
-        return cache.delete(request);
+        return this.cacheStorage.delete(request);
     }
     async request(requestInfo, authentication = false) {
-        const request = new Request(requestInfo);
-        const authorizationHeader = authentication ? this.oauthService.authorizationHeader() : null;
-        if (authorizationHeader) {
-            request.headers.set('Authorization', authorizationHeader);
-        }
-        const cache = await this.cacheStorage.open(AuthHttpCache.CACHE_KEY);
-        const response = await fetch(request).catch(() => null);
-        if (response?.ok) {
-            await cache.put(request, response).catch(() => null);
-        }
-        if (authorizationHeader && response?.status === 401) {
-            await cache.delete(request);
+        if (authentication) {
+            const authService = this.injector.get(AuthService);
+            const request = await firstValueFrom(authService.prepareAuthRequest$(new Request(requestInfo)));
+            return this.cacheStorage.request(request, ({ status }) => request.headers.has(AUTH_HTTP_HEADER) && status === 401);
         }
-        return cache.match(request).then((res) => res?.json() ?? null);
+        return this.cacheStorage.request(requestInfo, () => false);
     }
     static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthHttpCache, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
     static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthHttpCache, providedIn: 'root' }); }
@@ -207,8 +156,183 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.2.12", ngImpo
             args: [{ providedIn: 'root' }]
         }], ctorParameters: function () { return []; } });
 
+const authInterceptor = (req, next) => {
+    const { allowedUrls, requireSignInForRequests } = injectAuthConfig();
+    const isUrlAllowed = allowedUrls.some((allowedUrl) => matchUrl(req.url, allowedUrl));
+    if (!isUrlAllowed) {
+        return next(req);
+    }
+    const authService = inject(AuthService);
+    return authService.prepareAuthRequest$(req, requireSignInForRequests).pipe(mergeMap(next));
+};
+
+var logger = new Logger('@odx/auth');
+
+let AuthActionsComponent = class AuthActionsComponent {
+    constructor() {
+        this.element = injectElement();
+        this.claims = null;
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthActionsComponent, deps: [], target: i0.ɵɵFactoryTarget.Component }); }
+    static { this.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "14.0.0", version: "16.2.12", type: AuthActionsComponent, isStandalone: true, selector: "odx-auth-actions", inputs: { claims: "claims" }, ngImport: i0, template: "<odx-list>\n  <a data-testid=\"odx-auth-user-profile-link\" odxListItem [href]=\"url\" rel=\"noopener\" target=\"_blank\" *ngIf=\"claims?.userProfileUrl as url\">\n    <odx-icon name=\"user-administration\" iconSet=\"core\" odxListPrefix></odx-icon>\n    {{ 'userProfileLink' | odxTranslate | async }}\n  </a>\n</odx-list>\n", dependencies: [{ kind: "ngmodule", type: CoreModule }, { kind: "directive", type: i1.NgIf, selector: "[ngIf]", inputs: ["ngIf", "ngIfThen", "ngIfElse"] }, { kind: "pipe", type: i1.AsyncPipe, name: "async" }, { kind: "ngmodule", type: ListModule }, { kind: "component", type: i2.ListComponent, selector: "odx-list" }, { kind: "component", type: i2.ListItemComponent, selector: "odx-list-item, [odxListItem]", inputs: ["danger", "muted", "selected"] }, { kind: "component", type: i3.IconComponent, selector: "odx-icon", inputs: ["inline", "size", "name", "iconSet", "identifier"] }, { kind: "pipe", type: TranslatePipe, name: "odxTranslate" }], changeDetection: i0.ChangeDetectionStrategy.OnPush, encapsulation: i0.ViewEncapsulation.None }); }
+};
+AuthActionsComponent = __decorate([
+    CSSComponent('auth-actions')
+], AuthActionsComponent);
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthActionsComponent, decorators: [{
+            type: Component,
+            args: [{ standalone: true, selector: 'odx-auth-actions', imports: [CoreModule, ListModule, TranslatePipe], changeDetection: ChangeDetectionStrategy.OnPush, encapsulation: ViewEncapsulation.None, template: "<odx-list>\n  <a data-testid=\"odx-auth-user-profile-link\" odxListItem [href]=\"url\" rel=\"noopener\" target=\"_blank\" *ngIf=\"claims?.userProfileUrl as url\">\n    <odx-icon name=\"user-administration\" iconSet=\"core\" odxListPrefix></odx-icon>\n    {{ 'userProfileLink' | odxTranslate | async }}\n  </a>\n</odx-list>\n" }]
+        }], propDecorators: { claims: [{
+                type: Input
+            }] } });
+
+class AuthLoadingScreenComponent {
+    constructor() {
+        this.authConfig = injectAuthConfig();
+        this.icon$ = inject(AuthService).isRedirecting$.pipe(map((isRedirecting) => (isRedirecting ? 'link-external' : 'user')));
+    }
+    static { this.instance = null; }
+    static initialize(authService, dynamicViewService) {
+        authService.isLoading$.subscribe((isLoading) => {
+            if (isLoading) {
+                AuthLoadingScreenComponent.instance ??= dynamicViewService.createView(AuthLoadingScreenComponent);
+            }
+            else {
+                AuthLoadingScreenComponent.instance?.destroy();
+                AuthLoadingScreenComponent.instance = null;
+            }
+        });
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthLoadingScreenComponent, deps: [], target: i0.ɵɵFactoryTarget.Component }); }
+    static { this.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "14.0.0", version: "16.2.12", type: AuthLoadingScreenComponent, isStandalone: true, selector: "div.odx-auth-loading-screen", host: { properties: { "@hostAnimation": "true" } }, ngImport: i0, template: "<div class=\"odx-auth-loading-screen__content\" odxLayout=\"grid 12 horizontal-center vertical-center gap-small\">\n  <odx-logo size=\"large\" />\n  <odx-circular-progress class=\"odx-auth-loading-screen__spinner\" value=\"-1\" size=\"medium\" stroke=\"3\">\n    <odx-icon [name]=\"icon$ | async\" iconSet=\"core\" />\n  </odx-circular-progress>\n  <p class=\"odx-auth-loading-screen__message\" *ngIf=\"authConfig.loadingScreenMessage as content\">\n    <ng-template [odxDynamicView]=\"content\" />\n  </p>\n</div>\n", styles: ["@keyframes odx-auth-loading-screen-animation{0%{opacity:0;transform:translate(-50%,-50%) scale(.9)}to{opacity:1;transform:translate(-50%,-50%)}}.odx-auth-loading-screen{--odx-c-highlight: var(--odx-c-primary);background-color:var(--odx-c-background-content);inset:0;position:fixed;z-index:var(--odx-v-layer-6)}.odx-auth-loading-screen__content{animation:odx-auth-loading-screen-animation .75s ease;left:50%;position:absolute;top:50%;transform:translate(-50%,-50%)}.odx-auth-loading-screen__message{text-align:center}.odx-auth-loading-screen__spinner{position:relative}.odx-auth-loading-screen__spinner .odx-icon{left:50%;position:absolute;top:50%;transform:translate(-50%,-50%)}\n"], dependencies: [{ kind: "ngmodule", type: CommonModule }, { kind: "directive", type: i1.NgIf, selector: "[ngIf]", inputs: ["ngIf", "ngIfThen", "ngIfElse"] }, { kind: "pipe", type: i1.AsyncPipe, name: "async" }, { kind: "component", type: IconComponent, selector: "odx-icon", inputs: ["inline", "size", "name", "iconSet", "identifier"] }, { kind: "directive", type: LogoDirective, selector: "odx-logo", inputs: ["size", "variant"] }, { kind: "component", type: CircularProgressComponent, selector: "odx-circular-progress", inputs: ["stroke", "size", "value"] }, { kind: "directive", type: DynamicViewDirective, selector: "ng-template[odxDynamicView]", inputs: ["odxDynamicView", "odxDynamicViewInjector", "odxDynamicViewContext"] }], animations: [trigger('hostAnimation', [transition(':leave', useAnimation(fadeOut()))])], changeDetection: i0.ChangeDetectionStrategy.OnPush, encapsulation: i0.ViewEncapsulation.None }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthLoadingScreenComponent, decorators: [{
+            type: Component,
+            args: [{ standalone: true, selector: 'div.odx-auth-loading-screen', imports: [CommonModule, ButtonComponent, IconComponent, LogoDirective, CircularProgressComponent, DynamicViewDirective], changeDetection: ChangeDetectionStrategy.OnPush, encapsulation: ViewEncapsulation.None, host: {
+                        '[@hostAnimation]': 'true',
+                    }, animations: [trigger('hostAnimation', [transition(':leave', useAnimation(fadeOut()))])], template: "<div class=\"odx-auth-loading-screen__content\" odxLayout=\"grid 12 horizontal-center vertical-center gap-small\">\n  <odx-logo size=\"large\" />\n  <odx-circular-progress class=\"odx-auth-loading-screen__spinner\" value=\"-1\" size=\"medium\" stroke=\"3\">\n    <odx-icon [name]=\"icon$ | async\" iconSet=\"core\" />\n  </odx-circular-progress>\n  <p class=\"odx-auth-loading-screen__message\" *ngIf=\"authConfig.loadingScreenMessage as content\">\n    <ng-template [odxDynamicView]=\"content\" />\n  </p>\n</div>\n", styles: ["@keyframes odx-auth-loading-screen-animation{0%{opacity:0;transform:translate(-50%,-50%) scale(.9)}to{opacity:1;transform:translate(-50%,-50%)}}.odx-auth-loading-screen{--odx-c-highlight: var(--odx-c-primary);background-color:var(--odx-c-background-content);inset:0;position:fixed;z-index:var(--odx-v-layer-6)}.odx-auth-loading-screen__content{animation:odx-auth-loading-screen-animation .75s ease;left:50%;position:absolute;top:50%;transform:translate(-50%,-50%)}.odx-auth-loading-screen__message{text-align:center}.odx-auth-loading-screen__spinner{position:relative}.odx-auth-loading-screen__spinner .odx-icon{left:50%;position:absolute;top:50%;transform:translate(-50%,-50%)}\n"] }]
+        }] });
+
+const coreDebugPlugin = () => {
+    logger.warn('DEBUG MODE ENABLED - DO NOT USE IN PRODUCTION!');
+    const destroyRef = inject(DestroyRef);
+    let instance = null;
+    return (authService) => {
+        instance ??= authService.identityClaims$.pipe(takeUntilDestroyed(destroyRef)).subscribe((claims) => {
+            logger.info(`User: ${claims?.username} (${claims?.email})`);
+            logger.group('Identity claims', (log) => log(claims), false);
+            logger.group('Access token', (log) => log(authService.getAccessToken()));
+            logger.group('Refresh token', (log) => log(authService.getRefreshToken()));
+            logger.group('ID token', (log) => log(authService.getIdToken()));
+        });
+        return of({});
+    };
+};
+
+const coreIdentityPlugin = () => {
+    const { resolveEmail, resolveUsername, createInitials } = injectAuthConfig();
+    return (authService) => {
+        const claims = authService.getRawIdentityClaims();
+        if (!claims)
+            return of({});
+        const username = resolveUsername(claims);
+        return of({ email: resolveEmail(claims), username, initials: createInitials(username) });
+    };
+};
+
+const userProfileUrlPlugin = () => {
+    const { environment, userProfileUrl } = injectAuthConfig();
+    return () => {
+        return of({ userProfileUrl: userProfileUrl ?? ODX_AUTH_USER_PROFILE_HOSTS[environment] });
+    };
+};
+
+const ODX_AUTH_ERROR_HANDLERS = new InjectionToken('@odx/auth::ErrorHandlers', {
+    providedIn: 'root',
+    factory: () => {
+        const { errorHandler } = injectAuthConfig();
+        return [offlineAuthErrorHandler, errorHandler];
+    },
+});
+const ODX_AUTH_CORE_PLUGINS = new InjectionToken('@odx/auth::CorePlugins', {
+    providedIn: 'root',
+    factory: () => {
+        const { showDebugInformation } = injectAuthConfig();
+        const plugins = [coreIdentityPlugin, userProfileUrlPlugin];
+        if (showDebugInformation) {
+            plugins.push(coreDebugPlugin);
+        }
+        return plugins;
+    },
+});
+const ODX_AUTH_PLUGINS = new InjectionToken('@odx/auth::Plugins', {
+    providedIn: 'root',
+    factory: () => {
+        const { plugins } = injectAuthConfig();
+        const corePlugins = inject(ODX_AUTH_CORE_PLUGINS);
+        return [...corePlugins, ...plugins].map((pluginFactory) => pluginFactory());
+    },
+});
+function provideAuthLogger() {
+    return {
+        provide: ENVIRONMENT_INITIALIZER,
+        useFactory: () => {
+            const { showDebugInformation } = injectAuthConfig();
+            if (!showDebugInformation)
+                logger.disable();
+            return () => void 0;
+        },
+        multi: true,
+    };
+}
+function initializeAuthErrorHandlers() {
+    const authService = inject(AuthService);
+    const handler = handleAuthError(inject(ODX_AUTH_ERROR_HANDLERS));
+    authService.errors$.pipe(tap((error) => handler(error))).subscribe();
+}
+function initalizeAuthConfig() {
+    const { clientId, scopes, redirectPath, environment, postLogoutRedirectUrl, issuer, timeoutFactor, discoveryUrl, enableLoadingScreen } = injectAuthConfig();
+    const authService = inject(AuthService);
+    const redirectUri = buildUrl(inject(WindowRef).getOrigin(), redirectPath);
+    const scope = Array.from(new Set(ODX_AUTH_DEFAULT_SCOPES.concat(scopes ?? []))).join(' ');
+    if (enableLoadingScreen) {
+        AuthLoadingScreenComponent.initialize(authService, inject(DynamicViewService));
+    }
+    return () => authService.initialize({
+        clientId,
+        issuer: issuer ?? createAuthHostUrl(environment, 'oauth2/default'),
+        scope,
+        redirectUri,
+        postLogoutRedirectUri: postLogoutRedirectUrl,
+        preserveRequestedRoute: true,
+        strictDiscoveryDocumentValidation: !discoveryUrl,
+        responseType: 'code',
+        showDebugInformation: false,
+        timeoutFactor,
+        waitForTokenInMsec: 1000,
+    });
+}
+function provideAuth(config) {
+    return makeEnvironmentProviders([
+        provideAuthConfig(config),
+        provideAuthLogger(),
+        provideOAuthClient({ resourceServer: { sendAccessToken: false, allowedUrls: [] } }),
+        provideHttpClient(withInterceptors([authInterceptor])),
+        {
+            provide: APP_INITIALIZER,
+            useFactory: initalizeAuthConfig,
+            multi: true,
+        },
+        {
+            provide: OAuthStorage,
+            useFactory: () => injectAuthConfig().storage ?? inject(WindowRef).nativeWindow.localStorage,
+        },
+    ]);
+}
+
 class AuthPluginManager {
     constructor() {
+        this.authConfig = injectAuthConfig();
         this.errorHandler = inject(ErrorHandler, { optional: true });
         this.plugins = inject(ODX_AUTH_PLUGINS);
         this.result$$ = new BehaviorSubject(null);
@@ -219,12 +343,11 @@ class AuthPluginManager {
         if (this.plugins.length < 1) {
             return of({});
         }
-        return authService.isInitialized$.pipe(switchMap(() => {
-            if (!authService.getAccessToken()) {
-                return of({});
-            }
-            return combineLatest(this.plugins.map((plugin) => plugin(authService).pipe(catchError(this.handlePluginError.bind(this))))).pipe(map((results) => deepmerge(...results)));
-        }), tap((result) => this.result$$.next(result)), take(1));
+        return authService.waitForAccessToken$(false).pipe(switchMap((token) => {
+            if (!token)
+                return of([{}]);
+            return combineLatest(this.plugins.map((plugin) => this.runPlugin(authService, plugin)));
+        }), map((results) => deepmerge(...results)), tap((result) => this.result$$.next(result)), take(1));
     }
     getResult() {
         return this.result$$.getValue() ?? {};
@@ -233,6 +356,9 @@ class AuthPluginManager {
         this.errorHandler?.handleError(error);
         return of({});
     }
+    runPlugin(authService, plugin) {
+        return plugin(authService).pipe(isNumber(this.authConfig.pluginTimeout) ? timeout(this.authConfig.pluginTimeout) : tap(), catchError(this.handlePluginError.bind(this)));
+    }
     static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthPluginManager, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
     static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthPluginManager, providedIn: 'root' }); }
 }
@@ -261,12 +387,13 @@ class AuthService {
         this.silentRefreshHandler$ = this.isInitialized$$.pipe(filter(Boolean), switchMap(() => this.windowRef.isOnline$), tap((isOnline) => this.updateSilentRefresh(isOnline)));
         this.onAuthStateChange$ = combineLatest([this.oauthService.events.pipe(startWith(null)), this.windowRef.isOnline$, this.onAccessTokenUpdate$]);
         this.isInitialized$ = this.isInitialized$$.pipe(filter(Boolean), distinctUntilChanged());
-        this.isRedirecting$ = this.isRedirecting$$.pipe(distinctUntilChanged(), shareReplay({ refCount: true }));
+        this.isRedirecting$ = this.isRedirecting$$.pipe(distinctUntilChanged(), shareReplay({ bufferSize: 1, refCount: true }));
         this.isLoading$ = merge(this.isRedirecting$, this.authPluginManager.pluginsLoading$).pipe(distinctUntilChanged());
-        this.isAuthenticated$ = this.isInitialized$.pipe(switchMap(() => this.authPluginManager.pluginsReady$), switchMap(() => this.onAuthStateChange$), map(() => this.isAuthenticated()), shareReplay({ refCount: true }));
-        this.identityClaims$ = this.isAuthenticated$.pipe(map(() => this.getIdentityClaims()), shareReplay({ refCount: true }));
+        this.isAuthenticated$ = this.isInitialized$.pipe(switchMap(() => this.authPluginManager.pluginsReady$), switchMap(() => this.onAuthStateChange$), map(() => this.isAuthenticated()), distinctUntilChanged(), shareReplay({ bufferSize: 1, refCount: true }));
+        this.identityClaims$ = this.isAuthenticated$.pipe(map(() => this.getIdentityClaims()), shareReplay({ bufferSize: 1, refCount: true }));
         this.errors$ = this.oauthService.events.pipe(filter((event) => event instanceof OAuthErrorEvent), share());
-        this.authPluginManager.runPlugins(this).subscribe();
+        this.onTokenReceived$ = this.oauthService.events.pipe(filter((event) => event.type === 'token_received'), share());
+        this.runPlugins();
         this.silentRefreshHandler$.subscribe();
     }
     async initialize(config) {
@@ -275,7 +402,9 @@ class AuthService {
         try {
             await this.oauthService.loadDiscoveryDocument(this.authConfig.discoveryUrl);
             await this.oauthService.tryLogin();
-            await this.tryRefreshToken();
+            if (this.authConfig.refreshTokenOnInit) {
+                await this.tryRefreshToken();
+            }
         }
         catch (error) {
             if (!(error instanceof HttpErrorResponse || error instanceof OAuthErrorEvent)) {
@@ -293,6 +422,9 @@ class AuthService {
         await this.tryLoadUserProfile();
         await this.routeToRequestedUrl();
     }
+    runPlugins() {
+        this.authPluginManager.runPlugins(this).subscribe();
+    }
     getIssuer() {
         // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
         return new URL(this.oauthService.issuer);
@@ -303,9 +435,6 @@ class AuthService {
     signOut(noRedirect) {
         this.oauthService.logOut(noRedirect || !this.getAccessToken());
     }
-    async loadUserProfile() {
-        await this.oauthService.loadUserProfile();
-    }
     async refreshTokens() {
         return this.oauthService.refreshToken();
     }
@@ -341,6 +470,14 @@ class AuthService {
     isAuthorized$(authorizedHandler) {
         return this.isAuthenticated$.pipe(map(() => this.isAuthorized(authorizedHandler)));
     }
+    prepareAuthRequest$(req, requireSignIn = false) {
+        return this.waitForAccessToken$(requireSignIn).pipe(map((token) => setHttpAuthHeader(req, token)));
+    }
+    waitForAccessToken$(requireSignIn) {
+        const accessToken$ = of(this.getAccessToken()).pipe(filter((token) => !!token && this.isAuthenticated()));
+        const waitForAccessToken$ = this.onTokenReceived$.pipe(timeout(this.authConfig.waitForTokenInMs ?? 0), catchError(async () => this.tryRefreshToken().catch(() => null)));
+        return this.isInitialized$.pipe(switchMap(() => merge(accessToken$, waitForAccessToken$)), take(1), map(() => this.getAccessToken()), tap((token) => !token && requireSignIn && this.signIn(this.windowRef.location.pathname)));
+    }
     async routeToRequestedUrl() {
         if (!this.oauthService.state || !this.oauthService.hasValidAccessToken())
             return;
@@ -354,15 +491,15 @@ class AuthService {
         this.windowRef.location.assign(uri);
         this.isRedirecting$$.next(true);
     }
-    async tryRefreshToken() {
-        if (!this.authConfig.refreshTokenOnInit || !this.getRefreshToken())
+    async tryLoadUserProfile() {
+        if (!this.authConfig.loadUserProfile || !this.isAuthenticated())
             return;
-        await this.oauthService.refreshToken();
+        await this.oauthService.loadUserProfile().catch(() => null);
     }
-    async tryLoadUserProfile() {
-        if (!this.authConfig.loadUserProfile || !this.oauthService.hasValidAccessToken())
+    async tryRefreshToken() {
+        if (!this.getRefreshToken())
             return;
-        await this.loadUserProfile().catch(() => null);
+        await this.oauthService.refreshToken();
     }
     assertAudience(clientId) {
         const tokenClientId = this.getIdentityClaims()?.aud;
@@ -386,50 +523,56 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.2.12", ngImpo
             args: [{ providedIn: 'root' }]
         }], ctorParameters: function () { return []; } });
 
-let AuthActionsComponent = class AuthActionsComponent {
-    constructor() {
-        this.element = injectElement();
-        this.claims = null;
-    }
-    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthActionsComponent, deps: [], target: i0.ɵɵFactoryTarget.Component }); }
-    static { this.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "14.0.0", version: "16.2.12", type: AuthActionsComponent, isStandalone: true, selector: "odx-auth-actions", inputs: { claims: "claims" }, ngImport: i0, template: "<odx-list>\n  <a data-testid=\"odx-auth-user-profile-link\" odxListItem [href]=\"url\" rel=\"noopener\" target=\"_blank\" *ngIf=\"claims?.userProfileUrl as url\">\n    <odx-icon name=\"user-administration\" iconSet=\"core\" odxListPrefix></odx-icon>\n    {{ 'userProfileLink' | odxTranslate | async }}\n  </a>\n</odx-list>\n", dependencies: [{ kind: "ngmodule", type: CoreModule }, { kind: "directive", type: i1.NgIf, selector: "[ngIf]", inputs: ["ngIf", "ngIfThen", "ngIfElse"] }, { kind: "pipe", type: i1.AsyncPipe, name: "async" }, { kind: "ngmodule", type: ListModule }, { kind: "component", type: i2.ListComponent, selector: "odx-list" }, { kind: "component", type: i2.ListItemComponent, selector: "odx-list-item, [odxListItem]", inputs: ["danger", "selected"] }, { kind: "component", type: i3.IconComponent, selector: "odx-icon", inputs: ["inline", "size", "name", "iconSet"] }, { kind: "pipe", type: TranslatePipe, name: "odxTranslate" }], changeDetection: i0.ChangeDetectionStrategy.OnPush, encapsulation: i0.ViewEncapsulation.None }); }
+function userLanguageLoader(languageSelector = (claims) => claims?.preferredLanguage) {
+    return () => {
+        return inject(AuthService).identityClaims$.pipe(map(languageSelector), map((value) => (isNonEmptyString(value) ? value : undefined)));
+    };
+}
+
+const AUTH_HTTP_HEADER = 'Authorization';
+const ODX_AUTH_DEFAULT_SCOPES = ['openid', 'profile', 'email', 'offline_access'];
+const ODX_AUTH_HOSTS = {
+    dev: 'https://dev.login.draeger.com',
+    stage: 'https://test.login.draeger.com',
+    prod: 'https://login.draeger.com',
 };
-AuthActionsComponent = __decorate([
-    CSSComponent('auth-actions')
-], AuthActionsComponent);
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthActionsComponent, decorators: [{
-            type: Component,
-            args: [{ standalone: true, selector: 'odx-auth-actions', imports: [CoreModule, ListModule, TranslatePipe], changeDetection: ChangeDetectionStrategy.OnPush, encapsulation: ViewEncapsulation.None, template: "<odx-list>\n  <a data-testid=\"odx-auth-user-profile-link\" odxListItem [href]=\"url\" rel=\"noopener\" target=\"_blank\" *ngIf=\"claims?.userProfileUrl as url\">\n    <odx-icon name=\"user-administration\" iconSet=\"core\" odxListPrefix></odx-icon>\n    {{ 'userProfileLink' | odxTranslate | async }}\n  </a>\n</odx-list>\n" }]
-        }], propDecorators: { claims: [{
-                type: Input
-            }] } });
+const ODX_AUTH_USER_PROFILE_HOSTS = {
+    dev: 'https://lemon-ocean-04a922703.3.azurestaticapps.net',
+    stage: 'https://purple-cliff-0e61c5703.3.azurestaticapps.net',
+    prod: 'https://id.draeger.com',
+};
+const { AuthDefaultConfig, AuthConfig, injectAuthConfig, provideAuthConfig } = createConfigTokens('Auth', '@odx/auth', {
+    environment: 'prod',
+    redirectPath: 'login/callback',
+    allowedUrls: [],
+    timeoutFactor: 0.75,
+    maxOfflineTime: 24 * 60 * 60,
+    loadUserProfile: false,
+    errorHandler: (error) => {
+        throw error;
+    },
+    createInitials,
+    resolveEmail,
+    resolveUsername,
+    plugins: [],
+    defaultAuthorizedHandler: null,
+    enableLoadingScreen: true,
+    loadingScreenMessage: null,
+    waitForTokenInMs: 1000,
+});
 
-class AuthLoadingScreenComponent {
-    constructor() {
-        this.authConfig = injectAuthConfig();
-        this.icon$ = inject(AuthService).isRedirecting$.pipe(distinctUntilChanged(), map((isRedirecting) => (isRedirecting ? 'link-external' : 'user')));
-    }
-    static { this.instance = null; }
-    static initialize(authService, dynamicViewService) {
-        authService.isLoading$.subscribe((isLoading) => {
-            if (isLoading) {
-                AuthLoadingScreenComponent.instance ??= dynamicViewService.createView(AuthLoadingScreenComponent);
-            }
-            else {
-                AuthLoadingScreenComponent.instance?.destroy();
-                AuthLoadingScreenComponent.instance = null;
-            }
-        });
-    }
-    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthLoadingScreenComponent, deps: [], target: i0.ɵɵFactoryTarget.Component }); }
-    static { this.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "14.0.0", version: "16.2.12", type: AuthLoadingScreenComponent, isStandalone: true, selector: "div.odx-auth-loading-screen", host: { properties: { "@hostAnimation": "true" } }, ngImport: i0, template: "<div class=\"odx-auth-loading-screen__content\" odxLayout=\"grid 12 horizontal-center vertical-center gap-small\">\n  <odx-logo size=\"large\"></odx-logo>\n  <odx-circular-progress class=\"odx-auth-loading-screen__spinner\" value=\"-1\" size=\"medium\" stroke=\"3\">\n    <odx-icon [name]=\"icon$ | async\" iconSet=\"core\"></odx-icon>\n  </odx-circular-progress>\n  <p class=\"odx-auth-loading-screen__message\" *ngIf=\"authConfig.loadingScreenMessage as content\">\n    <ng-template [odxDynamicView]=\"content\"></ng-template>\n  </p>\n</div>\n", styles: ["@keyframes odx-auth-loading-screen-animation{0%{opacity:0;transform:translate(-50%,-50%) scale(.9)}to{opacity:1;transform:translate(-50%,-50%)}}.odx-auth-loading-screen{--odx-c-highlight: var(--odx-c-primary);background-color:var(--odx-c-background-content);position:fixed;z-index:var(--odx-v-layer-5);inset:0}.odx-auth-loading-screen__content{top:50%;left:50%;transform:translate(-50%,-50%);position:absolute;animation:odx-auth-loading-screen-animation .75s ease}.odx-auth-loading-screen__message{text-align:center}.odx-auth-loading-screen__spinner{position:relative}.odx-auth-loading-screen__spinner .odx-icon{position:absolute;top:50%;left:50%;transform:translate(-50%,-50%)}\n"], dependencies: [{ kind: "ngmodule", type: CommonModule }, { kind: "directive", type: i1.NgIf, selector: "[ngIf]", inputs: ["ngIf", "ngIfThen", "ngIfElse"] }, { kind: "pipe", type: i1.AsyncPipe, name: "async" }, { kind: "component", type: IconComponent, selector: "odx-icon", inputs: ["inline", "size", "name", "iconSet"] }, { kind: "directive", type: LogoDirective, selector: "odx-logo", inputs: ["size", "variant"] }, { kind: "component", type: CircularProgressComponent, selector: "odx-circular-progress", inputs: ["stroke", "size", "value"] }, { kind: "directive", type: DynamicViewDirective, selector: "ng-template[odxDynamicView]", inputs: ["odxDynamicView", "odxDynamicViewInjector", "odxDynamicViewContext"] }], animations: [trigger('hostAnimation', [transition(':leave', useAnimation(fadeOut()))])], changeDetection: i0.ChangeDetectionStrategy.OnPush, encapsulation: i0.ViewEncapsulation.None }); }
-}
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthLoadingScreenComponent, decorators: [{
-            type: Component,
-            args: [{ standalone: true, selector: 'div.odx-auth-loading-screen', imports: [CommonModule, ButtonComponent, IconComponent, LogoDirective, CircularProgressComponent, DynamicViewDirective], changeDetection: ChangeDetectionStrategy.OnPush, encapsulation: ViewEncapsulation.None, host: {
-                        '[@hostAnimation]': 'true',
-                    }, animations: [trigger('hostAnimation', [transition(':leave', useAnimation(fadeOut()))])], template: "<div class=\"odx-auth-loading-screen__content\" odxLayout=\"grid 12 horizontal-center vertical-center gap-small\">\n  <odx-logo size=\"large\"></odx-logo>\n  <odx-circular-progress class=\"odx-auth-loading-screen__spinner\" value=\"-1\" size=\"medium\" stroke=\"3\">\n    <odx-icon [name]=\"icon$ | async\" iconSet=\"core\"></odx-icon>\n  </odx-circular-progress>\n  <p class=\"odx-auth-loading-screen__message\" *ngIf=\"authConfig.loadingScreenMessage as content\">\n    <ng-template [odxDynamicView]=\"content\"></ng-template>\n  </p>\n</div>\n", styles: ["@keyframes odx-auth-loading-screen-animation{0%{opacity:0;transform:translate(-50%,-50%) scale(.9)}to{opacity:1;transform:translate(-50%,-50%)}}.odx-auth-loading-screen{--odx-c-highlight: var(--odx-c-primary);background-color:var(--odx-c-background-content);position:fixed;z-index:var(--odx-v-layer-5);inset:0}.odx-auth-loading-screen__content{top:50%;left:50%;transform:translate(-50%,-50%);position:absolute;animation:odx-auth-loading-screen-animation .75s ease}.odx-auth-loading-screen__message{text-align:center}.odx-auth-loading-screen__spinner{position:relative}.odx-auth-loading-screen__spinner .odx-icon{position:absolute;top:50%;left:50%;transform:translate(-50%,-50%)}\n"] }]
-        }] });
+var translations = {
+    en: {
+        userProfileLink: 'My profile',
+        signInButtonText: 'Sign in',
+        signOutButtonText: 'Sign out',
+    },
+    de: {
+        userProfileLink: 'Mein Profil',
+        signInButtonText: 'Einloggen',
+        signOutButtonText: 'Ausloggen',
+    },
+};
 
 class AuthActionDirective {
     constructor() {
@@ -517,7 +660,7 @@ class AuthComponent {
         };
     }
     static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthComponent, deps: [], target: i0.ɵɵFactoryTarget.Component }); }
-    static { this.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "14.0.0", version: "16.2.12", type: AuthComponent, isStandalone: true, selector: "odx-auth", providers: [provideTranslations(translations)], ngImport: i0, template: "<odx-action-group>\n  <ng-template [ngrxLet]=\"{ idClaims: authService.identityClaims$, isAuthenticated: authService.isAuthenticated$ }\" let-vm>\n    <ng-template [ngIf]=\"vm.isAuthenticated\" [ngIfElse]=\"notAuthenticated\">\n      <button odxButton [odxDropdown]=\"userProfileMenu\" [odxDropdownOptions]=\"dropdownOptions\" data-testid=\"odx-auth-user-profile-button\">\n        <ng-template [ngTemplateOutlet]=\"userAvatar\"></ng-template>\n      </button>\n      <ng-template #userProfileMenu>\n        <odx-area-header class=\"odx-padding-x-12\" size=\"small\">\n          <ng-template [ngTemplateOutlet]=\"userAvatar\" ngProjectAs=\"odx-avatar\"></ng-template>\n          {{ vm.idClaims?.username }}\n          <odx-area-header-subtitle>\n            {{ vm.idClaims?.email }}\n          </odx-area-header-subtitle>\n        </odx-area-header>\n        <ng-content></ng-content>\n        <odx-auth-actions [claims]=\"vm.idClaims\"></odx-auth-actions>\n        <div class=\"odx-margin-top-12\" odxLayout=\"flex vertical-center\">\n          <odx-logo odxLayout=\"auto\" class=\"odx-margin-left-12 odx-margin-right-auto\"></odx-logo>\n          <button odxButton odxAuthSignOut variant=\"ghost\" data-testid=\"odx-auth-sign-out-button\">\n            {{ 'signOutButtonText' | odxTranslate | async }}\n            <odx-icon name=\"logout\" alignRight></odx-icon>\n          </button>\n        </div>\n      </ng-template>\n    </ng-template>\n    <ng-template #notAuthenticated>\n      <button class=\"odx-auth-sign-in\" odxButton odxAuthSignIn variant=\"secondary\" data-testid=\"odx-auth-sign-in-button\">\n        <odx-icon name=\"user\" alignLeft></odx-icon>\n        {{ 'signInButtonText' | odxTranslate | async }}\n      </button>\n    </ng-template>\n    <ng-template #userAvatar>\n      <odx-avatar class=\"odx-auth-user-avatar\">\n        {{ vm.idClaims?.initials ?? '' }}\n      </odx-avatar>\n    </ng-template>\n  </ng-template>\n</odx-action-group>\n", styles: [".odx-auth-user-profile .odx-dropdown__inner>.odx-area-header{max-width:max(360px,25vw);min-width:296px}.odx-auth-actions{display:block;margin-top:calc(var(--odx-vertical-rythm-base-size) * .5);margin-bottom:calc(var(--odx-vertical-rythm-base-size) * .5);margin-right:calc(var(--odx-vertical-rythm-base-size) * .25);margin-left:calc(var(--odx-vertical-rythm-base-size) * .25)}\n"], dependencies: [{ kind: "ngmodule", type: CoreModule }, { kind: "directive", type: i1.NgIf, selector: "[ngIf]", inputs: ["ngIf", "ngIfThen", "ngIfElse"] }, { kind: "directive", type: i1.NgTemplateOutlet, selector: "[ngTemplateOutlet]", inputs: ["ngTemplateOutletContext", "ngTemplateOutlet", "ngTemplateOutletInjector"] }, { kind: "pipe", type: i1.AsyncPipe, name: "async" }, { kind: "directive", type: i2$1.LetDirective, selector: "[ngrxLet]", inputs: ["ngrxLet", "ngrxLetSuspenseTpl"] }, { kind: "ngmodule", type: AreaHeaderModule }, { kind: "component", type: i3$1.AreaHeaderComponent, selector: "odx-area-header", inputs: ["size"] }, { kind: "directive", type: i3$1.AreaHeaderSubtitleDirective, selector: "odx-area-header-subtitle" }, { kind: "component", type: i4.AvatarComponent, selector: "odx-avatar", inputs: ["size", "variant"] }, { kind: "component", type: i5.ActionGroupComponent, selector: "odx-action-group", inputs: ["reverse"] }, { kind: "component", type: i6.ButtonComponent, selector: "button[odxButton], a[odxButton]", inputs: ["variant", "size"] }, { kind: "component", type: i3.IconComponent, selector: "odx-icon", inputs: ["inline", "size", "name", "iconSet"] }, { kind: "ngmodule", type: DropdownModule }, { kind: "directive", type: i8.DropdownDirective, selector: "[odxDropdown]", inputs: ["odxDropdown", "odxDropdownDisabled", "odxDropdownShowLoader", "odxDropdownClickOutsideActive", "odxDropdownOptions", "odxDropdownReferenceElement", "odxDropdownTriggerElement", "odxDropdownHost", "odxDropdownOpenTrigger", "odxDropdownCloseTrigger"], outputs: ["odxDropdownBeforeOpen", "odxDropdownAfterOpen", "odxDropdownBeforeClose", "odxDropdownAfterClose"], exportAs: ["odxDropdown"] }, { kind: "ngmodule", type: HeaderModule }, { kind: "directive", type: LogoDirective, selector: "odx-logo", inputs: ["size", "variant"] }, { kind: "directive", type: SignInDirective, selector: "[odxButton][odxAuthSignIn]", outputs: ["odxAuthSignIn"] }, { kind: "directive", type: SignOutDirective, selector: "[odxButton][odxAuthSignOut]", outputs: ["odxAuthSignOut"] }, { kind: "ngmodule", type: LoadingSpinnerModule }, { kind: "component", type: AuthActionsComponent, selector: "odx-auth-actions", inputs: ["claims"] }, { kind: "pipe", type: TranslatePipe, name: "odxTranslate" }], changeDetection: i0.ChangeDetectionStrategy.OnPush, encapsulation: i0.ViewEncapsulation.None }); }
+    static { this.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "14.0.0", version: "16.2.12", type: AuthComponent, isStandalone: true, selector: "odx-auth", providers: [provideTranslations(translations)], ngImport: i0, template: "<odx-action-group>\n  <ng-template [ngrxLet]=\"{ idClaims: authService.identityClaims$, isAuthenticated: authService.isAuthenticated$ }\" let-vm>\n    <ng-template [ngIf]=\"vm.isAuthenticated\" [ngIfElse]=\"notAuthenticated\">\n      <button odxButton [odxDropdown]=\"userProfileMenu\" [odxDropdownOptions]=\"dropdownOptions\" data-testid=\"odx-auth-user-profile-button\">\n        <ng-template [ngTemplateOutlet]=\"userAvatar\"></ng-template>\n      </button>\n      <ng-template #userProfileMenu>\n        <odx-area-header class=\"odx-padding-x-12\" size=\"small\">\n          <ng-template [ngTemplateOutlet]=\"userAvatar\" ngProjectAs=\"odx-avatar\"></ng-template>\n          {{ vm.idClaims?.username }}\n          <odx-area-header-subtitle>\n            {{ vm.idClaims?.email }}\n          </odx-area-header-subtitle>\n        </odx-area-header>\n        <ng-content></ng-content>\n        <odx-auth-actions [claims]=\"vm.idClaims\"></odx-auth-actions>\n        <div class=\"odx-margin-top-12\" odxLayout=\"flex vertical-center\">\n          <odx-logo odxLayout=\"auto\" class=\"odx-margin-left-12 odx-margin-right-auto\"></odx-logo>\n          <button odxButton odxAuthSignOut variant=\"ghost\" data-testid=\"odx-auth-sign-out-button\">\n            {{ 'signOutButtonText' | odxTranslate | async }}\n            <odx-icon name=\"logout\" alignRight></odx-icon>\n          </button>\n        </div>\n      </ng-template>\n    </ng-template>\n    <ng-template #notAuthenticated>\n      <button class=\"odx-auth-sign-in\" odxButton odxAuthSignIn variant=\"secondary\" data-testid=\"odx-auth-sign-in-button\">\n        <odx-icon name=\"user\" alignLeft></odx-icon>\n        {{ 'signInButtonText' | odxTranslate | async }}\n      </button>\n    </ng-template>\n    <ng-template #userAvatar>\n      <odx-avatar class=\"odx-auth-user-avatar\">\n        {{ vm.idClaims?.initials ?? '' }}\n      </odx-avatar>\n    </ng-template>\n  </ng-template>\n</odx-action-group>\n", styles: [".odx-auth-user-profile .odx-dropdown__inner>.odx-area-header{max-width:max(360px,25vw);min-width:296px}.odx-auth-actions{display:block;margin-top:calc(var(--odx-vertical-rythm-base-size) * .5);margin-bottom:calc(var(--odx-vertical-rythm-base-size) * .5);margin-right:calc(var(--odx-vertical-rythm-base-size) * .25);margin-left:calc(var(--odx-vertical-rythm-base-size) * .25)}\n"], dependencies: [{ kind: "ngmodule", type: CoreModule }, { kind: "directive", type: i1.NgIf, selector: "[ngIf]", inputs: ["ngIf", "ngIfThen", "ngIfElse"] }, { kind: "directive", type: i1.NgTemplateOutlet, selector: "[ngTemplateOutlet]", inputs: ["ngTemplateOutletContext", "ngTemplateOutlet", "ngTemplateOutletInjector"] }, { kind: "pipe", type: i1.AsyncPipe, name: "async" }, { kind: "directive", type: i2$1.LetDirective, selector: "[ngrxLet]", inputs: ["ngrxLet", "ngrxLetSuspenseTpl"] }, { kind: "ngmodule", type: AreaHeaderModule }, { kind: "component", type: i3$1.AreaHeaderComponent, selector: "odx-area-header", inputs: ["size"] }, { kind: "directive", type: i3$1.AreaHeaderSubtitleDirective, selector: "odx-area-header-subtitle" }, { kind: "component", type: i4.AvatarComponent, selector: "odx-avatar", inputs: ["size", "variant"] }, { kind: "component", type: i5.ActionGroupComponent, selector: "odx-action-group", inputs: ["reverse"] }, { kind: "component", type: i6.ButtonComponent, selector: "button[odxButton], a[odxButton]", inputs: ["variant", "size"] }, { kind: "component", type: i3.IconComponent, selector: "odx-icon", inputs: ["inline", "size", "name", "iconSet", "identifier"] }, { kind: "ngmodule", type: DropdownModule }, { kind: "directive", type: i8.DropdownDirective, selector: "[odxDropdown]", inputs: ["odxDropdown", "odxDropdownDisabled", "odxDropdownShowLoader", "odxDropdownClickOutsideActive", "odxDropdownOptions", "odxDropdownReferenceElement", "odxDropdownTriggerElement", "odxDropdownHost", "odxDropdownOpenTrigger", "odxDropdownCloseTrigger"], outputs: ["odxDropdownBeforeOpen", "odxDropdownAfterOpen", "odxDropdownBeforeClose", "odxDropdownAfterClose"], exportAs: ["odxDropdown"] }, { kind: "ngmodule", type: HeaderModule }, { kind: "directive", type: LogoDirective, selector: "odx-logo", inputs: ["size", "variant"] }, { kind: "directive", type: SignInDirective, selector: "[odxButton][odxAuthSignIn]", outputs: ["odxAuthSignIn"] }, { kind: "directive", type: SignOutDirective, selector: "[odxButton][odxAuthSignOut]", outputs: ["odxAuthSignOut"] }, { kind: "ngmodule", type: LoadingSpinnerModule }, { kind: "component", type: AuthActionsComponent, selector: "odx-auth-actions", inputs: ["claims"] }, { kind: "pipe", type: TranslatePipe, name: "odxTranslate" }], changeDetection: i0.ChangeDetectionStrategy.OnPush, encapsulation: i0.ViewEncapsulation.None }); }
 }
 i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.2.12", ngImport: i0, type: AuthComponent, decorators: [{
             type: Component,
@@ -571,9 +714,10 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.2.12", ngImpo
             }] } });
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
-function authGuard(authorizedHandler, redirectTo) {
+function authGuard(authorizedHandler, redirectTo, isExternal = false) {
     return (_, state) => {
         const authService = inject(AuthService);
+        const windowRef = inject(WindowRef);
         const router = inject(Router, { optional: true });
         return authService.isAuthenticated$.pipe(switchMap((isAuthenticated) => {
             if (!isAuthenticated) {
@@ -585,7 +729,12 @@ function authGuard(authorizedHandler, redirectTo) {
             if (isAuthorized || !router)
                 return;
             if (isString(redirectTo)) {
-                router.navigateByUrl(redirectTo);
+                if (isExternal) {
+                    windowRef.location.assign(redirectTo);
+                }
+                else {
+                    router.navigateByUrl(redirectTo);
+                }
             }
             else if (Array.isArray(redirectTo)) {
                 router.navigate(redirectTo);
@@ -608,103 +757,22 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "16.2.12", ngImpo
                 }]
         }] });
 
-const coreIdentityPlugin = () => {
-    const { resolveEmail, resolveUsername, createInitials } = injectAuthConfig();
-    return (authService) => {
-        const claims = authService.getRawIdentityClaims();
-        if (!claims)
-            return of({});
-        const username = resolveUsername(claims);
-        return of({ email: resolveEmail(claims), username, initials: createInitials(username) });
-    };
-};
-
-const userProfileUrlPlugin = () => {
-    const { environment, userProfileUrl } = injectAuthConfig();
-    return () => {
-        return of({ userProfileUrl: userProfileUrl ?? DEFAULT_USER_PROFILE_URLS[environment] });
-    };
-};
-
-function configureInterceptor() {
-    const { allowedUrls } = injectAuthConfig();
-    const urls = allowedUrls.filter(Boolean);
-    return {
-        resourceServer: {
-            customUrlValidation: (url) => urls.some((allowedUrl) => (isString(allowedUrl) ? url.startsWith(allowedUrl) : !!url.match(allowedUrl))),
-            sendAccessToken: true,
-        },
-    };
-}
-function initializeAuthErrorHandlers() {
-    const authService = inject(AuthService);
-    const handler = handleAuthError(inject(ODX_AUTH_ERROR_HANDLERS));
-    authService.errors$.pipe(tap((error) => handler(error))).subscribe();
-}
-function initalizeAuthConfig() {
-    const { clientId, scopes, redirectPath, environment, postLogoutRedirectUrl, issuer, timeoutFactor, discoveryUrl, enableLoadingScreen } = injectAuthConfig();
-    const authService = inject(AuthService);
-    const origin = inject(WindowRef).getOrigin();
-    const scope = Array.from(new Set(DEFAULT_AUTH_SCOPES.concat(scopes ?? []))).join(' ');
-    if (enableLoadingScreen) {
-        AuthLoadingScreenComponent.initialize(authService, inject(DynamicViewService));
-    }
-    return () => authService.initialize({
-        clientId,
-        issuer: issuer ?? `${DEFAULT_OKTA_URLS[environment]}/oauth2/default`,
-        scope,
-        redirectUri: buildUrl(origin, redirectPath),
-        postLogoutRedirectUri: postLogoutRedirectUrl,
-        preserveRequestedRoute: true,
-        strictDiscoveryDocumentValidation: !discoveryUrl,
-        responseType: 'code',
-        showDebugInformation: environment === 'dev',
-        timeoutFactor,
-    });
-}
-function provideAuth(config) {
-    return makeEnvironmentProviders([
-        provideAuthConfig(config),
-        provideOAuthClient(),
-        {
-            provide: OAuthModuleConfig,
-            useFactory: configureInterceptor,
-        },
-        {
-            provide: ENVIRONMENT_INITIALIZER,
-            useValue: initializeAuthErrorHandlers,
-            multi: true,
-        },
-        {
-            provide: ODX_AUTH_ERROR_HANDLERS,
-            useFactory: () => [offlineAuthErrorHandler, injectAuthConfig().errorHandler],
-        },
-        {
-            provide: APP_INITIALIZER,
-            useFactory: initalizeAuthConfig,
-            multi: true,
-        },
-        {
-            provide: OAuthStorage,
-            useFactory: () => injectAuthConfig().storage ?? inject(WindowRef).nativeWindow.localStorage,
-        },
-        {
-            provide: ODX_AUTH_CORE_PLUGINS,
-            useValue: [coreIdentityPlugin, userProfileUrlPlugin],
-        },
-    ]);
-}
-
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
-function unauthGuard(authorizedHandler, redirectTo) {
+function unauthGuard(authorizedHandler, redirectTo, isExternal = false) {
     return (_) => {
         const authService = inject(AuthService);
         const router = inject(Router, { optional: true });
+        const windowRef = inject(WindowRef);
         return authService.isAuthenticated$.pipe(map(() => !authService.isAuthorized(authorizedHandler)), tap((isUnauthorized) => {
             if (isUnauthorized || !router)
                 return;
             if (isString(redirectTo)) {
-                router.navigateByUrl(redirectTo);
+                if (isExternal) {
+                    windowRef.location.assign(redirectTo);
+                }
+                else {
+                    router.navigateByUrl(redirectTo);
+                }
             }
             else if (Array.isArray(redirectTo)) {
                 router.navigate(redirectTo);
@@ -717,5 +785,5 @@ function unauthGuard(authorizedHandler, redirectTo) {
  * Generated bundle index. Do not edit.
  */
 
-export { AuthActionDirective, AuthActionsComponent, AuthComponent, AuthConfig, AuthDefaultConfig, AuthDirective, AuthHttpCache, AuthLoadingScreenComponent, AuthModule, AuthPluginManager, AuthService, DEFAULT_AUTH_SCOPES, DEFAULT_OKTA_URLS, DEFAULT_USER_PROFILE_URLS, ODX_AUTH_CORE_PLUGINS, ODX_AUTH_ERROR_HANDLERS, ODX_AUTH_HTTP_CACHE_STORAGE, ODX_AUTH_PLUGINS, SignInDirective, SignOutDirective, authGuard, configureInterceptor, coreIdentityPlugin, createInitials, handleAuthError, handleOAuthEvent, initalizeAuthConfig, initializeAuthErrorHandlers, injectAuthConfig, offlineAuthErrorHandler, provideAuth, provideAuthConfig, resolveEmail, resolveUsername, unauthGuard, userProfileUrlPlugin };
+export { AUTH_HTTP_HEADER, AuthActionDirective, AuthActionsComponent, AuthComponent, AuthConfig, AuthDefaultConfig, AuthDirective, AuthEnvironment, AuthHttpCache, AuthLoadingScreenComponent, AuthModule, AuthPluginManager, AuthService, ODX_AUTH_CORE_PLUGINS, ODX_AUTH_DEFAULT_SCOPES, ODX_AUTH_ERROR_HANDLERS, ODX_AUTH_HOSTS, ODX_AUTH_HTTP_CACHE_STORAGE, ODX_AUTH_HTTP_CACHE_STORAGE_CLIENT, ODX_AUTH_PLUGINS, ODX_AUTH_USER_PROFILE_HOSTS, SignInDirective, SignOutDirective, authGuard, authInterceptor, coreDebugPlugin, coreIdentityPlugin, createAuthHostUrl, createInitials, handleAuthError, handleOAuthEvent, initalizeAuthConfig, initializeAuthErrorHandlers, injectAuthConfig, offlineAuthErrorHandler, provideAuth, provideAuthConfig, provideAuthLogger, resolveEmail, resolveUsername, setHttpAuthHeader, unauthGuard, userLanguageLoader, userProfileUrlPlugin };
 //# sourceMappingURL=odx-auth.mjs.map