@onecx/shell-auth 8.0.0-rc.4 → 8.0.0-rc.5

package/fesm2022/onecx-shell-auth.mjs

@@ -0,0 +1,353 @@
+import { loadRemoteModule } from '@angular-architects/module-federation';
+import * as i0 from '@angular/core';
+import { inject, Injectable, Injector, provideAppInitializer } from '@angular/core';
+import { ConfigurationService, CONFIG_KEY, AppStateService } from '@onecx/angular-integration-interface';
+import { EventsTopic, EventType } from '@onecx/integration-interface';
+import { filter } from 'rxjs/internal/operators/filter';
+import { createLoggerFactory } from '@onecx/accelerator';
+
+var Injectables;
+(function (Injectables) {
+    Injectables["KEYCLOAK_AUTH_SERVICE"] = "KEYCLOAK_AUTH_SERVICE";
+    Injectables["CONFIG"] = "CONFIG";
+})(Injectables || (Injectables = {}));
+
+// This file is not planned to be in the index.ts so it is private to this lib
+const createLogger = createLoggerFactory('@onecx/shell-auth');
+
+const KC_REFRESH_TOKEN_LS = 'onecx_kc_refreshToken';
+const KC_ID_TOKEN_LS = 'onecx_kc_idToken';
+const KC_TOKEN_LS = 'onecx_kc_token';
+class KeycloakAuthService {
+    constructor() {
+        this.logger = createLogger('KeycloakAuthService');
+        this.configService = inject(ConfigurationService);
+    }
+    async init(config) {
+        this.config = config;
+        let token = localStorage.getItem(KC_TOKEN_LS);
+        let idToken = localStorage.getItem(KC_ID_TOKEN_LS);
+        let refreshToken = localStorage.getItem(KC_REFRESH_TOKEN_LS);
+        if (token && refreshToken) {
+            const parsedToken = JSON.parse(atob(refreshToken.split('.')[1]));
+            if (parsedToken.exp * 1000 < new Date().getTime()) {
+                token = null;
+                refreshToken = null;
+                idToken = null;
+                this.clearKCStateFromLocalstorage();
+            }
+        }
+        let kcConfig;
+        const validKCConfig = await this.getValidKCConfig();
+        kcConfig = { ...validKCConfig, ...(config ?? {}) };
+        if (!kcConfig.clientId || !kcConfig.realm || !kcConfig.url) {
+            kcConfig = './assets/keycloak.json';
+        }
+        const enableSilentSSOCheck = (await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_ENABLE_SILENT_SSO)) === 'true';
+        try {
+            await import('keycloak-js').then(({ default: Keycloak }) => {
+                this.keycloak = new Keycloak(kcConfig);
+            });
+        }
+        catch (err) {
+            const errorMessage = 'Keycloak initialization failed! Could not load keycloak-js library which is required in the current environment.';
+            this.logger.error(errorMessage, err);
+            throw new Error(errorMessage);
+        }
+        if (!this.keycloak) {
+            throw new Error('Keycloak initialization failed!');
+        }
+        this.setupEventListener();
+        return this.keycloak
+            .init({
+            onLoad: 'check-sso',
+            checkLoginIframe: false,
+            silentCheckSsoRedirectUri: enableSilentSSOCheck ? this.getSilentSSOUrl() : undefined,
+            idToken: idToken || undefined,
+            refreshToken: refreshToken || undefined,
+            token: token || undefined,
+        })
+            .catch((err) => {
+            this.logger.warn(`Keycloak err: ${err}, try force login`);
+            return this.keycloak?.login(this.config);
+        })
+            .then((loginOk) => {
+            if (loginOk) {
+                return this.keycloak?.token;
+            }
+            else {
+                return this.keycloak?.login(this.config).then(() => 'login');
+            }
+        })
+            .then(() => {
+            return true;
+        })
+            .catch((err) => {
+            this.logger.error(`KC ERROR ${err} as json ${JSON.stringify(err)}`);
+            throw err;
+        });
+    }
+    async getValidKCConfig() {
+        const clientId = await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_CLIENT_ID);
+        if (!clientId) {
+            throw new Error('Invalid KC config, missing clientId');
+        }
+        const realm = await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_REALM);
+        if (!realm) {
+            throw new Error('Invalid KC config, missing realm');
+        }
+        const url = (await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_URL)) ?? '';
+        return {
+            url,
+            clientId,
+            realm,
+        };
+    }
+    setupEventListener() {
+        if (this.keycloak) {
+            this.keycloak.onAuthError = () => {
+                this.updateLocalStorage();
+            };
+            this.keycloak.onAuthLogout = () => {
+                this.logger.info('SSO logout nav to root');
+                this.clearKCStateFromLocalstorage();
+                this.keycloak?.login(this.config);
+            };
+            this.keycloak.onAuthRefreshSuccess = () => {
+                this.updateLocalStorage();
+            };
+            this.keycloak.onAuthRefreshError = () => {
+                this.updateLocalStorage();
+            };
+            this.keycloak.onAuthSuccess = () => {
+                this.updateLocalStorage();
+            };
+            this.keycloak.onTokenExpired = () => {
+                this.updateLocalStorage();
+            };
+            this.keycloak.onActionUpdate = () => {
+                this.updateLocalStorage();
+            };
+            this.keycloak.onReady = () => {
+                this.updateLocalStorage();
+            };
+        }
+    }
+    updateLocalStorage() {
+        if (this.keycloak) {
+            if (this.keycloak.token) {
+                localStorage.setItem(KC_TOKEN_LS, this.keycloak.token);
+            }
+            else {
+                localStorage.removeItem(KC_TOKEN_LS);
+            }
+            if (this.keycloak.idToken) {
+                localStorage.setItem(KC_ID_TOKEN_LS, this.keycloak.idToken);
+            }
+            else {
+                localStorage.removeItem(KC_ID_TOKEN_LS);
+            }
+            if (this.keycloak.refreshToken) {
+                localStorage.setItem(KC_REFRESH_TOKEN_LS, this.keycloak.refreshToken);
+            }
+            else {
+                localStorage.removeItem(KC_REFRESH_TOKEN_LS);
+            }
+        }
+    }
+    clearKCStateFromLocalstorage() {
+        localStorage.removeItem(KC_ID_TOKEN_LS);
+        localStorage.removeItem(KC_TOKEN_LS);
+        localStorage.removeItem(KC_REFRESH_TOKEN_LS);
+    }
+    getSilentSSOUrl() {
+        let currentBase = document.getElementsByTagName('base')[0].href;
+        if (currentBase === '/') {
+            currentBase = '';
+        }
+        return `${currentBase}/assets/silent-check-sso.html`;
+    }
+    getIdToken() {
+        return this.keycloak?.idToken ?? null;
+    }
+    getAccessToken() {
+        return this.keycloak?.token ?? null;
+    }
+    logout() {
+        this.keycloak?.logout();
+    }
+    async updateTokenIfNeeded() {
+        if (!this.keycloak?.authenticated) {
+            return this.keycloak?.login(this.config).then(() => false) ?? Promise.reject('Keycloak not initialized!');
+        }
+        else {
+            return this.keycloak.updateToken();
+        }
+    }
+    getAuthProviderName() {
+        return 'keycloak-auth';
+    }
+    hasRole(_role) {
+        return false;
+    }
+    getUserRoles() {
+        return [];
+    }
+    getHeaderValues() {
+        return { 'apm-principal-token': this.getIdToken() ?? '', Authorization: `Bearer ${this.getAccessToken()}` };
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "21.2.1", ngImport: i0, type: KeycloakAuthService, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "21.2.1", ngImport: i0, type: KeycloakAuthService }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "21.2.1", ngImport: i0, type: KeycloakAuthService, decorators: [{
+            type: Injectable
+        }] });
+
+var globalThis$1 = globalThis;
+
+class DisabledAuthService {
+    async init(_config) {
+        return Promise.resolve(true);
+    }
+    getIdToken() {
+        return "";
+    }
+    getAccessToken() {
+        return "";
+    }
+    logout() {
+        window.location.href = "https://github.com/onecx/";
+    }
+    async updateTokenIfNeeded() {
+        return Promise.resolve(true);
+    }
+    getHeaderValues() {
+        return {};
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "21.2.1", ngImport: i0, type: DisabledAuthService, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "21.2.1", ngImport: i0, type: DisabledAuthService }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "21.2.1", ngImport: i0, type: DisabledAuthService, decorators: [{
+            type: Injectable
+        }] });
+
+class AuthServiceWrapper {
+    constructor() {
+        this.configService = inject(ConfigurationService);
+        this.appStateService = inject(AppStateService);
+        this.injector = inject(Injector);
+        this.eventsTopic$ = new EventsTopic();
+        this.eventsTopic$
+            .pipe(filter((e) => e.type === EventType.AUTH_LOGOUT_BUTTON_CLICKED))
+            .subscribe(() => this.authService?.logout());
+        // Shell defines these properties to support older library versions
+        window.onecxAngularAuth ??= {};
+        window.onecxAngularAuth.authServiceProxy ??= {};
+        window.onecxAngularAuth.authServiceProxy.v1 ??= {
+            updateTokenIfNeeded: () => {
+                return this.updateTokenIfNeeded();
+            },
+            getHeaderValues: () => {
+                return this.getHeaderValues();
+            },
+        };
+        window.onecxAuth ??= {};
+        window.onecxAuth.authServiceProxy ??= {};
+        window.onecxAuth.authServiceProxy.v1 ??= {
+            updateTokenIfNeeded: () => {
+                return this.updateTokenIfNeeded();
+            },
+            getHeaderValues: () => {
+                return this.getHeaderValues();
+            },
+        };
+    }
+    async init() {
+        await this.configService.isInitialized;
+        await this.initializeAuthService();
+        const initResult = this.getInitResult();
+        return initResult;
+    }
+    async getInitResult() {
+        const initResult = await this.authService?.init();
+        if (initResult) {
+            await this.appStateService.isAuthenticated$.publish();
+        }
+        return initResult;
+    }
+    getHeaderValues() {
+        return this.authService?.getHeaderValues() ?? {};
+    }
+    updateTokenIfNeeded() {
+        return this.authService?.updateTokenIfNeeded() ?? Promise.reject();
+    }
+    async initializeAuthService() {
+        const serviceTypeConfig = (await this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE)) ?? 'keycloak';
+        switch (serviceTypeConfig) {
+            case 'keycloak':
+                this.authService = this.injector.get(KeycloakAuthService);
+                break;
+            case 'custom': {
+                // remote module is exposing function as default export (this is a convention)
+                // this function is responsible for creating the custom auth service
+                // to have access to the dependency mechanism of the shell
+                // the function gets a callback which is returning the requested injectable
+                const factory = await this.getAuthServiceFactory();
+                this.authService = await Promise.resolve(factory((injectable) => this.retrieveInjectables(injectable)));
+                break;
+            }
+            case 'disabled':
+                this.authService = this.injector.get(DisabledAuthService);
+                break;
+            default:
+                throw new Error('Configured AuthService not found');
+        }
+    }
+    async retrieveInjectables(injectable) {
+        if (injectable === Injectables.KEYCLOAK_AUTH_SERVICE) {
+            return this.injector.get(KeycloakAuthService);
+        }
+        else if (injectable === Injectables.CONFIG) {
+            return this.configService.getConfig();
+        }
+        throw new Error('unknown injectable type');
+    }
+    async getAuthServiceFactory() {
+        if (await !this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE_CUSTOM_URL)) {
+            throw new Error('URL of the custom auth service is not defined');
+        }
+        const module = await loadRemoteModule({
+            type: 'module',
+            remoteEntry: (await this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE_CUSTOM_URL)) ?? '',
+            exposedModule: (await this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE_CUSTOM_MODULE_NAME)) ?? './CustomAuth',
+        });
+        return module.default;
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "21.2.1", ngImport: i0, type: AuthServiceWrapper, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "21.2.1", ngImport: i0, type: AuthServiceWrapper }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "21.2.1", ngImport: i0, type: AuthServiceWrapper, decorators: [{
+            type: Injectable
+        }], ctorParameters: () => [] });
+
+function provideAuthServices() {
+    return [AuthServiceWrapper, KeycloakAuthService, DisabledAuthService];
+}
+function provideAuthService() {
+    return [
+        provideAuthServices(),
+        provideAppInitializer(async () => {
+            const configService = inject(ConfigurationService);
+            const authServiceWrapper = inject(AuthServiceWrapper);
+            await configService.isInitialized;
+            await authServiceWrapper.init();
+        }),
+    ];
+}
+
+/**
+ * Generated bundle index. Do not edit.
+ */
+
+export { AuthServiceWrapper, provideAuthService };
+//# sourceMappingURL=onecx-shell-auth.mjs.map

package/fesm2022/onecx-shell-auth.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"onecx-shell-auth.mjs","sources":["../../../../libs/shell-auth/src/lib/auth.service.ts","../../../../libs/shell-auth/src/lib/utils/logger.utils.ts","../../../../libs/shell-auth/src/lib/auth_services/keycloak-auth.service.ts","../../../../libs/shell-auth/src/lib/declarations.ts","../../../../libs/shell-auth/src/lib/auth_services/disabled-auth.service.ts","../../../../libs/shell-auth/src/lib/auth-service-wrapper.ts","../../../../libs/shell-auth/src/lib/provide-auth-service.ts","../../../../libs/shell-auth/src/onecx-shell-auth.ts"],"sourcesContent":["export interface AuthService {\n  init(config?: Record<string, unknown>): Promise<boolean>\n\n  getHeaderValues(): Record<string, string>\n\n  logout(): void\n\n  updateTokenIfNeeded(): Promise<boolean>\n}\n\nexport enum Injectables {\n  KEYCLOAK_AUTH_SERVICE = 'KEYCLOAK_AUTH_SERVICE',\n  CONFIG = 'CONFIG',\n}\n\nexport type AuthServiceFactory = (\n  injectorFunction: (injectable: Injectables) => Promise<unknown> | unknown\n) => AuthService | Promise<AuthService>\n","// This file is not planned to be in the index.ts so it is private to this lib\nimport { createLoggerFactory } from '@onecx/accelerator'\n\nexport const createLogger = createLoggerFactory('@onecx/shell-auth')\n","import { Injectable, inject } from '@angular/core'\nimport { CONFIG_KEY, ConfigurationService } from '@onecx/angular-integration-interface'\nimport Keycloak, { KeycloakServerConfig } from 'keycloak-js'\nimport { AuthService } from '../auth.service'\nimport { createLogger } from '../utils/logger.utils'\n\nconst KC_REFRESH_TOKEN_LS = 'onecx_kc_refreshToken'\nconst KC_ID_TOKEN_LS = 'onecx_kc_idToken'\nconst KC_TOKEN_LS = 'onecx_kc_token'\n\n@Injectable()\nexport class KeycloakAuthService implements AuthService {\n  private readonly logger = createLogger('KeycloakAuthService')\n  private configService = inject(ConfigurationService)\n  private keycloak: Keycloak | undefined\n\n  config?: Record<string, unknown>\n\n  public async init(config?: Record<string, unknown>): Promise<boolean> {\n    this.config = config\n    let token = localStorage.getItem(KC_TOKEN_LS)\n    let idToken = localStorage.getItem(KC_ID_TOKEN_LS)\n    let refreshToken = localStorage.getItem(KC_REFRESH_TOKEN_LS)\n    if (token && refreshToken) {\n      const parsedToken = JSON.parse(atob(refreshToken.split('.')[1]))\n      if (parsedToken.exp * 1000 < new Date().getTime()) {\n        token = null\n        refreshToken = null\n        idToken = null\n        this.clearKCStateFromLocalstorage()\n      }\n    }\n\n    let kcConfig: KeycloakServerConfig | string\n    const validKCConfig = await this.getValidKCConfig()\n    kcConfig = { ...validKCConfig, ...(config ?? {}) }\n    \n    if (!kcConfig.clientId || !kcConfig.realm || !kcConfig.url) {\n      kcConfig = './assets/keycloak.json'\n    }\n\n    const enableSilentSSOCheck =\n      (await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_ENABLE_SILENT_SSO)) === 'true'\n\n    try {\n      await import('keycloak-js').then(({ default: Keycloak }) => {\n        this.keycloak = new Keycloak(kcConfig)\n      })\n    } catch (err) {\n      const errorMessage = 'Keycloak initialization failed! Could not load keycloak-js library which is required in the current environment.'\n      this.logger.error(\n        errorMessage,\n        err\n      )\n      throw new Error(\n        errorMessage\n      )\n    }\n\n    if (!this.keycloak) {\n      throw new Error('Keycloak initialization failed!')\n    }\n\n    this.setupEventListener()\n\n    return this.keycloak\n      .init({\n        onLoad: 'check-sso',\n        checkLoginIframe: false,\n        silentCheckSsoRedirectUri: enableSilentSSOCheck ? this.getSilentSSOUrl() : undefined,\n        idToken: idToken || undefined,\n        refreshToken: refreshToken || undefined,\n        token: token || undefined,\n      })\n      .catch((err) => {\n        this.logger.warn(`Keycloak err: ${err}, try force login`)\n        return this.keycloak?.login(this.config)\n      })\n      .then((loginOk) => {\n        if (loginOk) {\n          return this.keycloak?.token\n        } else {\n          return this.keycloak?.login(this.config).then(() => 'login')\n        }\n      })\n      .then(() => {\n        return true\n      })\n      .catch((err) => {\n        this.logger.error(`KC ERROR ${err} as json ${JSON.stringify(err)}`)\n        throw err\n      })\n  }\n\n  protected async getValidKCConfig(): Promise<KeycloakServerConfig> {\n    const clientId = await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_CLIENT_ID)\n    if (!clientId) {\n      throw new Error('Invalid KC config, missing clientId')\n    }\n    const realm = await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_REALM)\n    if (!realm) {\n      throw new Error('Invalid KC config, missing realm')\n    }\n    const url = (await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_URL)) ?? ''\n    return {\n      url,\n      clientId,\n      realm,\n    }\n  }\n\n  private setupEventListener() {\n    if (this.keycloak) {\n      this.keycloak.onAuthError = () => {\n        this.updateLocalStorage()\n      }\n      this.keycloak.onAuthLogout = () => {\n        this.logger.info('SSO logout nav to root')\n        this.clearKCStateFromLocalstorage()\n        this.keycloak?.login(this.config)\n      }\n      this.keycloak.onAuthRefreshSuccess = () => {\n        this.updateLocalStorage()\n      }\n      this.keycloak.onAuthRefreshError = () => {\n        this.updateLocalStorage()\n      }\n      this.keycloak.onAuthSuccess = () => {\n        this.updateLocalStorage()\n      }\n      this.keycloak.onTokenExpired = () => {\n        this.updateLocalStorage()\n      }\n      this.keycloak.onActionUpdate = () => {\n        this.updateLocalStorage()\n      }\n      this.keycloak.onReady = () => {\n        this.updateLocalStorage()\n      }\n    }\n  }\n\n  private updateLocalStorage() {\n    if (this.keycloak) {\n      if (this.keycloak.token) {\n        localStorage.setItem(KC_TOKEN_LS, this.keycloak.token)\n      } else {\n        localStorage.removeItem(KC_TOKEN_LS)\n      }\n      if (this.keycloak.idToken) {\n        localStorage.setItem(KC_ID_TOKEN_LS, this.keycloak.idToken)\n      } else {\n        localStorage.removeItem(KC_ID_TOKEN_LS)\n      }\n      if (this.keycloak.refreshToken) {\n        localStorage.setItem(KC_REFRESH_TOKEN_LS, this.keycloak.refreshToken)\n      } else {\n        localStorage.removeItem(KC_REFRESH_TOKEN_LS)\n      }\n    }\n  }\n\n  private clearKCStateFromLocalstorage() {\n    localStorage.removeItem(KC_ID_TOKEN_LS)\n    localStorage.removeItem(KC_TOKEN_LS)\n    localStorage.removeItem(KC_REFRESH_TOKEN_LS)\n  }\n\n  private getSilentSSOUrl() {\n    let currentBase = document.getElementsByTagName('base')[0].href\n    if (currentBase === '/') {\n      currentBase = ''\n    }\n    return `${currentBase}/assets/silent-check-sso.html`\n  }\n\n  getIdToken(): string | null {\n    return this.keycloak?.idToken ?? null\n  }\n  getAccessToken(): string | null {\n    return this.keycloak?.token ?? null\n  }\n\n  logout(): void {\n    this.keycloak?.logout()\n  }\n\n  async updateTokenIfNeeded(): Promise<boolean> {\n    if (!this.keycloak?.authenticated) {\n      return this.keycloak?.login(this.config).then(() => false) ?? Promise.reject('Keycloak not initialized!')\n    } else {\n      return this.keycloak.updateToken()\n    }\n  }\n\n  getAuthProviderName(): string {\n    return 'keycloak-auth'\n  }\n\n  hasRole(_role: string): boolean {\n    return false\n  }\n\n  getUserRoles(): string[] {\n    return []\n  }\n\n  getHeaderValues(): Record<string, string> {\n    return { 'apm-principal-token': this.getIdToken() ?? '', Authorization: `Bearer ${this.getAccessToken()}` }\n  }\n}\n","declare global {\n  interface Window {\n    onecxAuth?: {\n      authServiceProxy?: {\n        v1?: {\n          getHeaderValues: () => Record<string, string>\n          updateTokenIfNeeded: () => Promise<boolean>\n        }\n      }\n    }\n    // Shell defines these properties to support older library versions\n    onecxAngularAuth?: {\n      authServiceProxy?: {\n        v1?: {\n          getHeaderValues: () => Record<string, string>\n          updateTokenIfNeeded: () => Promise<boolean>\n        }\n      }\n    }\n  }\n}\n\nexport default globalThis\n","import { Injectable } from '@angular/core';\nimport { AuthService } from '../auth.service';\n\n@Injectable()\nexport class DisabledAuthService implements AuthService {\n\n  public async init(_config?: Record<string, unknown>): Promise<boolean> {\n    return Promise.resolve(true);\n  }\n\n  getIdToken(): string | null {\n    return \"\";\n  }\n  getAccessToken(): string | null {\n    return \"\";\n  }\n\n  logout(): void {\n    window.location.href = \"https://github.com/onecx/\";\n  }\n\n  async updateTokenIfNeeded(): Promise<boolean> {\n    return Promise.resolve(true);\n  }\n\n  getHeaderValues(): Record<string, string> {\n    return {};\n  }\n}\n","import { loadRemoteModule } from '@angular-architects/module-federation'\nimport { Injectable, Injector, inject } from '@angular/core'\nimport { AppStateService, CONFIG_KEY, ConfigurationService } from '@onecx/angular-integration-interface'\nimport { Config, EventsTopic, EventType } from '@onecx/integration-interface'\nimport { filter } from 'rxjs/internal/operators/filter'\nimport { AuthService, AuthServiceFactory, Injectables } from './auth.service'\nimport { KeycloakAuthService } from './auth_services/keycloak-auth.service'\nimport './declarations'\nimport { DisabledAuthService } from './auth_services/disabled-auth.service'\n\n@Injectable()\nexport class AuthServiceWrapper {\n  private configService = inject(ConfigurationService)\n  private appStateService = inject(AppStateService)\n  private injector = inject(Injector)\n\n  private eventsTopic$ = new EventsTopic()\n  private authService: AuthService | undefined\n\n  constructor() {\n    this.eventsTopic$\n      .pipe(filter((e) => e.type === EventType.AUTH_LOGOUT_BUTTON_CLICKED))\n      .subscribe(() => this.authService?.logout())\n    // Shell defines these properties to support older library versions\n    window.onecxAngularAuth ??= {}\n    window.onecxAngularAuth.authServiceProxy ??= {}\n    window.onecxAngularAuth.authServiceProxy.v1 ??= {\n      updateTokenIfNeeded: (): Promise<boolean> => {\n        return this.updateTokenIfNeeded()\n      },\n      getHeaderValues: (): Record<string, string> => {\n        return this.getHeaderValues()\n      },\n    }\n    window.onecxAuth ??= {}\n    window.onecxAuth.authServiceProxy ??= {}\n    window.onecxAuth.authServiceProxy.v1 ??= {\n      updateTokenIfNeeded: (): Promise<boolean> => {\n        return this.updateTokenIfNeeded()\n      },\n      getHeaderValues: (): Record<string, string> => {\n        return this.getHeaderValues()\n      },\n    }\n  }\n  async init(): Promise<boolean | undefined> {\n    await this.configService.isInitialized\n\n    await this.initializeAuthService()\n    const initResult = this.getInitResult()\n    return initResult\n  }\n  async getInitResult(): Promise<boolean | undefined> {\n    const initResult = await this.authService?.init()\n\n    if (initResult) {\n      await this.appStateService.isAuthenticated$.publish()\n    }\n    return initResult\n  }\n  getHeaderValues(): Record<string, string> {\n    return this.authService?.getHeaderValues() ?? {}\n  }\n  updateTokenIfNeeded(): Promise<boolean> {\n    return this.authService?.updateTokenIfNeeded() ?? Promise.reject()\n  }\n\n  async initializeAuthService(): Promise<void> {\n    const serviceTypeConfig = (await this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE)) ?? 'keycloak'\n\n    switch (serviceTypeConfig) {\n      case 'keycloak':\n        this.authService = this.injector.get(KeycloakAuthService)\n        break\n      case 'custom': {\n        // remote module is exposing function as default export (this is a convention)\n        // this function is responsible for creating the custom auth service\n        // to have access to the dependency mechanism of the shell\n        // the function gets a callback which is returning the requested injectable\n        const factory = await this.getAuthServiceFactory()\n        this.authService = await Promise.resolve(\n          factory((injectable: Injectables) => this.retrieveInjectables(injectable))\n        )\n        break\n      }\n      case 'disabled':\n        this.authService = this.injector.get(DisabledAuthService)\n        break\n      default:\n        throw new Error('Configured AuthService not found')\n    }\n  }\n\n  async retrieveInjectables(injectable: Injectables): Promise<KeycloakAuthService | Config | undefined> {\n    if (injectable === Injectables.KEYCLOAK_AUTH_SERVICE) {\n      return this.injector.get(KeycloakAuthService)\n    } else if (injectable === Injectables.CONFIG) {\n      return this.configService.getConfig()\n    }\n    throw new Error('unknown injectable type')\n  }\n\n  async getAuthServiceFactory(): Promise<AuthServiceFactory> {\n    if (await !this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE_CUSTOM_URL)) {\n      throw new Error('URL of the custom auth service is not defined')\n    }\n    const module = await loadRemoteModule({\n      type: 'module',\n      remoteEntry: (await this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE_CUSTOM_URL)) ?? '',\n      exposedModule:\n        (await this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE_CUSTOM_MODULE_NAME)) ?? './CustomAuth',\n    })\n    return module.default as AuthServiceFactory\n  }\n}\n","import { inject, provideAppInitializer } from '@angular/core'\nimport { ConfigurationService } from '@onecx/angular-integration-interface'\nimport { AuthServiceWrapper } from './auth-service-wrapper'\nimport { DisabledAuthService } from './auth_services/disabled-auth.service'\nimport { KeycloakAuthService } from './auth_services/keycloak-auth.service'\n\nfunction provideAuthServices() {\n  return [AuthServiceWrapper, KeycloakAuthService, DisabledAuthService]\n}\n\nexport function provideAuthService() {\n  return [\n    provideAuthServices(),\n    provideAppInitializer(async () => {\n      const configService = inject(ConfigurationService)\n      const authServiceWrapper = inject(AuthServiceWrapper)\n      await configService.isInitialized\n      await authServiceWrapper.init()\n    }),\n  ]\n}","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './index';\n"],"names":[],"mappings":";;;;;;;;AAUA,IAAY,WAGX;AAHD,CAAA,UAAY,WAAW,EAAA;AACrB,IAAA,WAAA,CAAA,uBAAA,CAAA,GAAA,uBAA+C;AAC/C,IAAA,WAAA,CAAA,QAAA,CAAA,GAAA,QAAiB;AACnB,CAAC,EAHW,WAAW,KAAX,WAAW,GAAA,EAAA,CAAA,CAAA;;ACVvB;AAGO,MAAM,YAAY,GAAG,mBAAmB,CAAC,mBAAmB,CAAC;;ACGpE,MAAM,mBAAmB,GAAG,uBAAuB;AACnD,MAAM,cAAc,GAAG,kBAAkB;AACzC,MAAM,WAAW,GAAG,gBAAgB;MAGvB,mBAAmB,CAAA;AADhC,IAAA,WAAA,GAAA;AAEmB,QAAA,IAAA,CAAA,MAAM,GAAG,YAAY,CAAC,qBAAqB,CAAC;AACrD,QAAA,IAAA,CAAA,aAAa,GAAG,MAAM,CAAC,oBAAoB,CAAC;AAqMrD,IAAA;IAhMQ,MAAM,IAAI,CAAC,MAAgC,EAAA;AAChD,QAAA,IAAI,CAAC,MAAM,GAAG,MAAM;QACpB,IAAI,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,IAAI,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,cAAc,CAAC;QAClD,IAAI,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,mBAAmB,CAAC;AAC5D,QAAA,IAAI,KAAK,IAAI,YAAY,EAAE;AACzB,YAAA,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAChE,YAAA,IAAI,WAAW,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE;gBACjD,KAAK,GAAG,IAAI;gBACZ,YAAY,GAAG,IAAI;gBACnB,OAAO,GAAG,IAAI;gBACd,IAAI,CAAC,4BAA4B,EAAE;YACrC;QACF;AAEA,QAAA,IAAI,QAAuC;AAC3C,QAAA,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE;AACnD,QAAA,QAAQ,GAAG,EAAE,GAAG,aAAa,EAAE,IAAI,MAAM,IAAI,EAAE,CAAC,EAAE;AAElD,QAAA,IAAI,CAAC,QAAQ,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE;YAC1D,QAAQ,GAAG,wBAAwB;QACrC;AAEA,QAAA,MAAM,oBAAoB,GACxB,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,UAAU,CAAC,0BAA0B,CAAC,MAAM,MAAM;AAE1F,QAAA,IAAI;AACF,YAAA,MAAM,OAAO,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAI;gBACzD,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC;AACxC,YAAA,CAAC,CAAC;QACJ;QAAE,OAAO,GAAG,EAAE;YACZ,MAAM,YAAY,GAAG,kHAAkH;YACvI,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,YAAY,EACZ,GAAG,CACJ;AACD,YAAA,MAAM,IAAI,KAAK,CACb,YAAY,CACb;QACH;AAEA,QAAA,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;AAClB,YAAA,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC;QACpD;QAEA,IAAI,CAAC,kBAAkB,EAAE;QAEzB,OAAO,IAAI,CAAC;AACT,aAAA,IAAI,CAAC;AACJ,YAAA,MAAM,EAAE,WAAW;AACnB,YAAA,gBAAgB,EAAE,KAAK;AACvB,YAAA,yBAAyB,EAAE,oBAAoB,GAAG,IAAI,CAAC,eAAe,EAAE,GAAG,SAAS;YACpF,OAAO,EAAE,OAAO,IAAI,SAAS;YAC7B,YAAY,EAAE,YAAY,IAAI,SAAS;YACvC,KAAK,EAAE,KAAK,IAAI,SAAS;SAC1B;AACA,aAAA,KAAK,CAAC,CAAC,GAAG,KAAI;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA,cAAA,EAAiB,GAAG,CAAA,iBAAA,CAAmB,CAAC;YACzD,OAAO,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;AAC1C,QAAA,CAAC;AACA,aAAA,IAAI,CAAC,CAAC,OAAO,KAAI;YAChB,IAAI,OAAO,EAAE;AACX,gBAAA,OAAO,IAAI,CAAC,QAAQ,EAAE,KAAK;YAC7B;iBAAO;AACL,gBAAA,OAAO,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,OAAO,CAAC;YAC9D;AACF,QAAA,CAAC;aACA,IAAI,CAAC,MAAK;AACT,YAAA,OAAO,IAAI;AACb,QAAA,CAAC;AACA,aAAA,KAAK,CAAC,CAAC,GAAG,KAAI;AACb,YAAA,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,GAAG,CAAA,SAAA,EAAY,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA,CAAE,CAAC;AACnE,YAAA,MAAM,GAAG;AACX,QAAA,CAAC,CAAC;IACN;AAEU,IAAA,MAAM,gBAAgB,GAAA;AAC9B,QAAA,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,UAAU,CAAC,kBAAkB,CAAC;QACpF,IAAI,CAAC,QAAQ,EAAE;AACb,YAAA,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC;QACxD;AACA,QAAA,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,UAAU,CAAC,cAAc,CAAC;QAC7E,IAAI,CAAC,KAAK,EAAE;AACV,YAAA,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC;QACrD;AACA,QAAA,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,UAAU,CAAC,YAAY,CAAC,KAAK,EAAE;QACjF,OAAO;YACL,GAAG;YACH,QAAQ;YACR,KAAK;SACN;IACH;IAEQ,kBAAkB,GAAA;AACxB,QAAA,IAAI,IAAI,CAAC,QAAQ,EAAE;AACjB,YAAA,IAAI,CAAC,QAAQ,CAAC,WAAW,GAAG,MAAK;gBAC/B,IAAI,CAAC,kBAAkB,EAAE;AAC3B,YAAA,CAAC;AACD,YAAA,IAAI,CAAC,QAAQ,CAAC,YAAY,GAAG,MAAK;AAChC,gBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC;gBAC1C,IAAI,CAAC,4BAA4B,EAAE;gBACnC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC;AACnC,YAAA,CAAC;AACD,YAAA,IAAI,CAAC,QAAQ,CAAC,oBAAoB,GAAG,MAAK;gBACxC,IAAI,CAAC,kBAAkB,EAAE;AAC3B,YAAA,CAAC;AACD,YAAA,IAAI,CAAC,QAAQ,CAAC,kBAAkB,GAAG,MAAK;gBACtC,IAAI,CAAC,kBAAkB,EAAE;AAC3B,YAAA,CAAC;AACD,YAAA,IAAI,CAAC,QAAQ,CAAC,aAAa,GAAG,MAAK;gBACjC,IAAI,CAAC,kBAAkB,EAAE;AAC3B,YAAA,CAAC;AACD,YAAA,IAAI,CAAC,QAAQ,CAAC,cAAc,GAAG,MAAK;gBAClC,IAAI,CAAC,kBAAkB,EAAE;AAC3B,YAAA,CAAC;AACD,YAAA,IAAI,CAAC,QAAQ,CAAC,cAAc,GAAG,MAAK;gBAClC,IAAI,CAAC,kBAAkB,EAAE;AAC3B,YAAA,CAAC;AACD,YAAA,IAAI,CAAC,QAAQ,CAAC,OAAO,GAAG,MAAK;gBAC3B,IAAI,CAAC,kBAAkB,EAAE;AAC3B,YAAA,CAAC;QACH;IACF;IAEQ,kBAAkB,GAAA;AACxB,QAAA,IAAI,IAAI,CAAC,QAAQ,EAAE;AACjB,YAAA,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE;gBACvB,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YACxD;iBAAO;AACL,gBAAA,YAAY,CAAC,UAAU,CAAC,WAAW,CAAC;YACtC;AACA,YAAA,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE;gBACzB,YAAY,CAAC,OAAO,CAAC,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;YAC7D;iBAAO;AACL,gBAAA,YAAY,CAAC,UAAU,CAAC,cAAc,CAAC;YACzC;AACA,YAAA,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE;gBAC9B,YAAY,CAAC,OAAO,CAAC,mBAAmB,EAAE,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;YACvE;iBAAO;AACL,gBAAA,YAAY,CAAC,UAAU,CAAC,mBAAmB,CAAC;YAC9C;QACF;IACF;IAEQ,4BAA4B,GAAA;AAClC,QAAA,YAAY,CAAC,UAAU,CAAC,cAAc,CAAC;AACvC,QAAA,YAAY,CAAC,UAAU,CAAC,WAAW,CAAC;AACpC,QAAA,YAAY,CAAC,UAAU,CAAC,mBAAmB,CAAC;IAC9C;IAEQ,eAAe,GAAA;AACrB,QAAA,IAAI,WAAW,GAAG,QAAQ,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;AAC/D,QAAA,IAAI,WAAW,KAAK,GAAG,EAAE;YACvB,WAAW,GAAG,EAAE;QAClB;QACA,OAAO,CAAA,EAAG,WAAW,CAAA,6BAAA,CAA+B;IACtD;IAEA,UAAU,GAAA;AACR,QAAA,OAAO,IAAI,CAAC,QAAQ,EAAE,OAAO,IAAI,IAAI;IACvC;IACA,cAAc,GAAA;AACZ,QAAA,OAAO,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,IAAI;IACrC;IAEA,MAAM,GAAA;AACJ,QAAA,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE;IACzB;AAEA,IAAA,MAAM,mBAAmB,GAAA;AACvB,QAAA,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,EAAE;YACjC,OAAO,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,2BAA2B,CAAC;QAC3G;aAAO;AACL,YAAA,OAAO,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE;QACpC;IACF;IAEA,mBAAmB,GAAA;AACjB,QAAA,OAAO,eAAe;IACxB;AAEA,IAAA,OAAO,CAAC,KAAa,EAAA;AACnB,QAAA,OAAO,KAAK;IACd;IAEA,YAAY,GAAA;AACV,QAAA,OAAO,EAAE;IACX;IAEA,eAAe,GAAA;AACb,QAAA,OAAO,EAAE,qBAAqB,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,cAAc,EAAE,CAAA,CAAE,EAAE;IAC7G;8GAtMW,mBAAmB,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;kHAAnB,mBAAmB,EAAA,CAAA,CAAA;;2FAAnB,mBAAmB,EAAA,UAAA,EAAA,CAAA;kBAD/B;;;ACYD,mBAAe,UAAU;;MClBZ,mBAAmB,CAAA;IAEvB,MAAM,IAAI,CAAC,OAAiC,EAAA;AACjD,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC;IAC9B;IAEA,UAAU,GAAA;AACR,QAAA,OAAO,EAAE;IACX;IACA,cAAc,GAAA;AACZ,QAAA,OAAO,EAAE;IACX;IAEA,MAAM,GAAA;AACJ,QAAA,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,2BAA2B;IACpD;AAEA,IAAA,MAAM,mBAAmB,GAAA;AACvB,QAAA,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC;IAC9B;IAEA,eAAe,GAAA;AACb,QAAA,OAAO,EAAE;IACX;8GAvBW,mBAAmB,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;kHAAnB,mBAAmB,EAAA,CAAA,CAAA;;2FAAnB,mBAAmB,EAAA,UAAA,EAAA,CAAA;kBAD/B;;;MCQY,kBAAkB,CAAA;AAQ7B,IAAA,WAAA,GAAA;AAPQ,QAAA,IAAA,CAAA,aAAa,GAAG,MAAM,CAAC,oBAAoB,CAAC;AAC5C,QAAA,IAAA,CAAA,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;AACzC,QAAA,IAAA,CAAA,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;AAE3B,QAAA,IAAA,CAAA,YAAY,GAAG,IAAI,WAAW,EAAE;AAItC,QAAA,IAAI,CAAC;AACF,aAAA,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,0BAA0B,CAAC;aACnE,SAAS,CAAC,MAAM,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;;AAE9C,QAAA,MAAM,CAAC,gBAAgB,KAAK,EAAE;AAC9B,QAAA,MAAM,CAAC,gBAAgB,CAAC,gBAAgB,KAAK,EAAE;AAC/C,QAAA,MAAM,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,EAAE,KAAK;YAC9C,mBAAmB,EAAE,MAAuB;AAC1C,gBAAA,OAAO,IAAI,CAAC,mBAAmB,EAAE;YACnC,CAAC;YACD,eAAe,EAAE,MAA6B;AAC5C,gBAAA,OAAO,IAAI,CAAC,eAAe,EAAE;YAC/B,CAAC;SACF;AACD,QAAA,MAAM,CAAC,SAAS,KAAK,EAAE;AACvB,QAAA,MAAM,CAAC,SAAS,CAAC,gBAAgB,KAAK,EAAE;AACxC,QAAA,MAAM,CAAC,SAAS,CAAC,gBAAgB,CAAC,EAAE,KAAK;YACvC,mBAAmB,EAAE,MAAuB;AAC1C,gBAAA,OAAO,IAAI,CAAC,mBAAmB,EAAE;YACnC,CAAC;YACD,eAAe,EAAE,MAA6B;AAC5C,gBAAA,OAAO,IAAI,CAAC,eAAe,EAAE;YAC/B,CAAC;SACF;IACH;AACA,IAAA,MAAM,IAAI,GAAA;AACR,QAAA,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa;AAEtC,QAAA,MAAM,IAAI,CAAC,qBAAqB,EAAE;AAClC,QAAA,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE;AACvC,QAAA,OAAO,UAAU;IACnB;AACA,IAAA,MAAM,aAAa,GAAA;QACjB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE;QAEjD,IAAI,UAAU,EAAE;YACd,MAAM,IAAI,CAAC,eAAe,CAAC,gBAAgB,CAAC,OAAO,EAAE;QACvD;AACA,QAAA,OAAO,UAAU;IACnB;IACA,eAAe,GAAA;QACb,OAAO,IAAI,CAAC,WAAW,EAAE,eAAe,EAAE,IAAI,EAAE;IAClD;IACA,mBAAmB,GAAA;QACjB,OAAO,IAAI,CAAC,WAAW,EAAE,mBAAmB,EAAE,IAAI,OAAO,CAAC,MAAM,EAAE;IACpE;AAEA,IAAA,MAAM,qBAAqB,GAAA;AACzB,QAAA,MAAM,iBAAiB,GAAG,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,UAAU,CAAC,YAAY,CAAC,KAAK,UAAU;QAEvG,QAAQ,iBAAiB;AACvB,YAAA,KAAK,UAAU;gBACb,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,mBAAmB,CAAC;gBACzD;YACF,KAAK,QAAQ,EAAE;;;;;AAKb,gBAAA,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,qBAAqB,EAAE;gBAClD,IAAI,CAAC,WAAW,GAAG,MAAM,OAAO,CAAC,OAAO,CACtC,OAAO,CAAC,CAAC,UAAuB,KAAK,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAC3E;gBACD;YACF;AACA,YAAA,KAAK,UAAU;gBACb,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,mBAAmB,CAAC;gBACzD;AACF,YAAA;AACE,gBAAA,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC;;IAEzD;IAEA,MAAM,mBAAmB,CAAC,UAAuB,EAAA;AAC/C,QAAA,IAAI,UAAU,KAAK,WAAW,CAAC,qBAAqB,EAAE;YACpD,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,mBAAmB,CAAC;QAC/C;AAAO,aAAA,IAAI,UAAU,KAAK,WAAW,CAAC,MAAM,EAAE;AAC5C,YAAA,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE;QACvC;AACA,QAAA,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC;IAC5C;AAEA,IAAA,MAAM,qBAAqB,GAAA;AACzB,QAAA,IAAI,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,UAAU,CAAC,uBAAuB,CAAC,EAAE;AAC7E,YAAA,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC;QAClE;AACA,QAAA,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC;AACpC,YAAA,IAAI,EAAE,QAAQ;AACd,YAAA,WAAW,EAAE,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,UAAU,CAAC,uBAAuB,CAAC,KAAK,EAAE;AAC7F,YAAA,aAAa,EACX,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,UAAU,CAAC,+BAA+B,CAAC,KAAK,cAAc;AACvG,SAAA,CAAC;QACF,OAAO,MAAM,CAAC,OAA6B;IAC7C;8GAtGW,kBAAkB,EAAA,IAAA,EAAA,EAAA,EAAA,MAAA,EAAA,EAAA,CAAA,eAAA,CAAA,UAAA,EAAA,CAAA,CAAA;kHAAlB,kBAAkB,EAAA,CAAA,CAAA;;2FAAlB,kBAAkB,EAAA,UAAA,EAAA,CAAA;kBAD9B;;;ACJD,SAAS,mBAAmB,GAAA;AAC1B,IAAA,OAAO,CAAC,kBAAkB,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;AACvE;SAEgB,kBAAkB,GAAA;IAChC,OAAO;AACL,QAAA,mBAAmB,EAAE;QACrB,qBAAqB,CAAC,YAAW;AAC/B,YAAA,MAAM,aAAa,GAAG,MAAM,CAAC,oBAAoB,CAAC;AAClD,YAAA,MAAM,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,CAAC;YACrD,MAAM,aAAa,CAAC,aAAa;AACjC,YAAA,MAAM,kBAAkB,CAAC,IAAI,EAAE;AACjC,QAAA,CAAC,CAAC;KACH;AACH;;ACpBA;;AAEG;;;;"}

package/migrations/index.js

@@ -0,0 +1,2 @@
+"use strict";
+//# sourceMappingURL=index.js.map

package/migrations/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../libs/shell-auth/migrations/index.ts"],"names":[],"mappings":""}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@onecx/shell-auth",
-  "version": "8.0.0-rc.4",
+  "version": "8.0.0-rc.5",
   "license": "Apache-2.0",
   "repository": {
     "type": "git",
@@ -8,10 +8,10 @@
   },
   "peerDependencies": {
     "@angular-architects/module-federation": "^20.0.0",
-    "@angular/core": "^20.3.16",
-    "@onecx/accelerator": "^8.0.0-rc.4",
-    "@onecx/angular-integration-interface": "^8.0.0-rc.4",
-    "@onecx/integration-interface": "^8.0.0-rc.4",
+    "@angular/core": "^21.0.0",
+    "@onecx/accelerator": "^8.0.0-rc.5",
+    "@onecx/angular-integration-interface": "^8.0.0-rc.5",
+    "@onecx/integration-interface": "^8.0.0-rc.5",
     "keycloak-js": "^26.2.3",
     "rxjs": "~7.8.0"
   },
@@ -25,5 +25,20 @@
   },
   "nx-migrations": {
     "migrations": "./migrations.json"
+  },
+  "module": "fesm2022/onecx-shell-auth.mjs",
+  "typings": "types/onecx-shell-auth.d.ts",
+  "exports": {
+    "./package.json": {
+      "default": "./package.json"
+    },
+    ".": {
+      "types": "./types/onecx-shell-auth.d.ts",
+      "default": "./fesm2022/onecx-shell-auth.mjs"
+    }
+  },
+  "sideEffects": false,
+  "dependencies": {
+    "tslib": "^2.3.0"
   }
-}
+}

package/types/onecx-shell-auth.d.ts

@@ -0,0 +1,92 @@
+import { Config } from '@onecx/integration-interface';
+import { KeycloakServerConfig } from 'keycloak-js';
+import * as i0 from '@angular/core';
+
+interface AuthService {
+    init(config?: Record<string, unknown>): Promise<boolean>;
+    getHeaderValues(): Record<string, string>;
+    logout(): void;
+    updateTokenIfNeeded(): Promise<boolean>;
+}
+declare enum Injectables {
+    KEYCLOAK_AUTH_SERVICE = "KEYCLOAK_AUTH_SERVICE",
+    CONFIG = "CONFIG"
+}
+type AuthServiceFactory = (injectorFunction: (injectable: Injectables) => Promise<unknown> | unknown) => AuthService | Promise<AuthService>;
+
+declare class KeycloakAuthService implements AuthService {
+    private readonly logger;
+    private configService;
+    private keycloak;
+    config?: Record<string, unknown>;
+    init(config?: Record<string, unknown>): Promise<boolean>;
+    protected getValidKCConfig(): Promise<KeycloakServerConfig>;
+    private setupEventListener;
+    private updateLocalStorage;
+    private clearKCStateFromLocalstorage;
+    private getSilentSSOUrl;
+    getIdToken(): string | null;
+    getAccessToken(): string | null;
+    logout(): void;
+    updateTokenIfNeeded(): Promise<boolean>;
+    getAuthProviderName(): string;
+    hasRole(_role: string): boolean;
+    getUserRoles(): string[];
+    getHeaderValues(): Record<string, string>;
+    static ɵfac: i0.ɵɵFactoryDeclaration<KeycloakAuthService, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<KeycloakAuthService>;
+}
+
+declare global {
+    interface Window {
+        onecxAuth?: {
+            authServiceProxy?: {
+                v1?: {
+                    getHeaderValues: () => Record<string, string>;
+                    updateTokenIfNeeded: () => Promise<boolean>;
+                };
+            };
+        };
+        onecxAngularAuth?: {
+            authServiceProxy?: {
+                v1?: {
+                    getHeaderValues: () => Record<string, string>;
+                    updateTokenIfNeeded: () => Promise<boolean>;
+                };
+            };
+        };
+    }
+}
+
+declare class AuthServiceWrapper {
+    private configService;
+    private appStateService;
+    private injector;
+    private eventsTopic$;
+    private authService;
+    constructor();
+    init(): Promise<boolean | undefined>;
+    getInitResult(): Promise<boolean | undefined>;
+    getHeaderValues(): Record<string, string>;
+    updateTokenIfNeeded(): Promise<boolean>;
+    initializeAuthService(): Promise<void>;
+    retrieveInjectables(injectable: Injectables): Promise<KeycloakAuthService | Config | undefined>;
+    getAuthServiceFactory(): Promise<AuthServiceFactory>;
+    static ɵfac: i0.ɵɵFactoryDeclaration<AuthServiceWrapper, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<AuthServiceWrapper>;
+}
+
+declare class DisabledAuthService implements AuthService {
+    init(_config?: Record<string, unknown>): Promise<boolean>;
+    getIdToken(): string | null;
+    getAccessToken(): string | null;
+    logout(): void;
+    updateTokenIfNeeded(): Promise<boolean>;
+    getHeaderValues(): Record<string, string>;
+    static ɵfac: i0.ɵɵFactoryDeclaration<DisabledAuthService, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<DisabledAuthService>;
+}
+
+declare function provideAuthService(): ((typeof DisabledAuthService | typeof AuthServiceWrapper)[] | i0.EnvironmentProviders)[];
+
+export { AuthServiceWrapper, provideAuthService };

package/.eslintrc.json

@@ -1,46 +0,0 @@
-{
-  "extends": ["../../.eslintrc.json"],
-  "ignorePatterns": ["!**/*"],
-  "overrides": [
-    {
-      "files": ["*.ts"],
-      "extends": ["plugin:@nx/angular", "plugin:@angular-eslint/template/process-inline-templates"],
-      "rules": {
-        "@angular-eslint/directive-selector": [
-          "error",
-          {
-            "type": "attribute",
-            "prefix": "ocx",
-            "style": "camelCase"
-          }
-        ],
-        "@angular-eslint/component-selector": [
-          "error",
-          {
-            "type": "element",
-            "prefix": "ocx",
-            "style": "kebab-case"
-          }
-        ],
-        "no-restricted-syntax": [
-          "off",
-          {
-            "selector": "CallExpression[callee.object.name=\"console\"][callee.property.name=/^(debug|info|time|timeEnd|trace)$/]"
-          }
-        ]
-      }
-    },
-    {
-      "files": ["*.html"],
-      "extends": ["plugin:@nx/angular-template"],
-      "rules": {}
-    },
-    {
-      "files": ["*.json"],
-      "parser": "jsonc-eslint-parser",
-      "rules": {
-        "@nx/dependency-checks": "error"
-      }
-    }
-  ]
-}

package/jest.config.ts

@@ -1,27 +0,0 @@
-/** @jest-config-loader ts-node */
-// Without jest-config-loader, jest cannot load other ts files
-
-/* eslint-disable */
-import { createReportsConfig } from '../../jest-config-factory'
-
-export default {
-  displayName: 'shell-auth',
-  preset: '../../jest.preset.js',
-  setupFilesAfterEnv: ['<rootDir>/src/test-setup.ts'],
-  transform: {
-    '^.+\\.(ts|mjs|js|html)$': [
-      'jest-preset-angular',
-      {
-        tsconfig: '<rootDir>/tsconfig.spec.json',
-        stringifyContentPathRegex: '\\.(html|svg)$',
-      },
-    ],
-  },
-  transformIgnorePatterns: ['node_modules/(?!.*\\.mjs$)'],
-  snapshotSerializers: [
-    'jest-preset-angular/build/serializers/no-ng-attributes',
-    'jest-preset-angular/build/serializers/ng-snapshot',
-    'jest-preset-angular/build/serializers/html-comment',
-  ],
-  ...createReportsConfig('shell-auth'),
-}

package/migrations/tsconfig.json

@@ -1,19 +0,0 @@
-{
-    "extends": "../../../tsconfig.base.json",
-    "compilerOptions": {
-      "module": "commonjs",
-      "forceConsistentCasingInFileNames": true,
-      "strict": true,
-      "noImplicitOverride": true,
-      "noPropertyAccessFromIndexSignature": true,
-      "noImplicitReturns": true,
-      "noFallthroughCasesInSwitch": true
-    },
-    "files": [],
-    "include": [],
-    "references": [
-      {
-        "path": "./tsconfig.migrations.json"
-      }
-    ]
-  }

package/migrations/tsconfig.migrations.json

@@ -1,10 +0,0 @@
-{
-    "extends": "./tsconfig.json",
-    "compilerOptions": {
-      "outDir": "../../../dist",
-      "declaration": true,
-      "types": ["node"]
-    },
-    "include": ["**/*.ts"],
-    "exclude": ["jest.config.ts", "src/**/*.spec.ts", "src/**/*.test.ts"]
-  }

package/ng-package.json

@@ -1,12 +0,0 @@
-{
-  "$schema": "../../node_modules/ng-packagr/ng-package.schema.json",
-  "dest": "../../dist/libs/shell-auth",
-  "lib": {
-    "entryFile": "src/index.ts"
-  },
-  "assets": [
-    "CHANGELOG.md",
-    "./assets/**",
-    "./migrations.json"
-  ]
-}

package/project.json

@@ -1,64 +0,0 @@
-{
-  "name": "shell-auth",
-  "$schema": "../../node_modules/nx/schemas/project-schema.json",
-  "sourceRoot": "libs/shell-auth/src",
-  "prefix": "ocx",
-  "projectType": "library",
-  "tags": [],
-  "targets": {
-    "build-migrations": {
-      "dependsOn": ["build"],
-      "executor": "nx:run-commands",
-      "options": {
-        "commands": ["tsc -p libs/shell-auth/migrations/tsconfig.migrations.json"]
-      }
-    },
-    "build": {
-      "executor": "@nx/angular:package",
-      "outputs": ["{workspaceRoot}/dist/{projectRoot}"],
-      "options": {
-        "project": "libs/shell-auth/ng-package.json"
-      },
-      "configurations": {
-        "production": {
-          "tsConfig": "libs/shell-auth/tsconfig.lib.prod.json"
-        },
-        "development": {
-          "tsConfig": "libs/shell-auth/tsconfig.lib.json"
-        }
-      },
-      "defaultConfiguration": "production"
-    },
-    "test": {
-      "executor": "@nx/jest:jest",
-      "outputs": ["{workspaceRoot}/coverage/{projectRoot}"],
-      "options": {
-        "jestConfig": "libs/shell-auth/jest.config.ts",
-        "passWithNoTests": true
-      },
-      "configurations": {
-        "ci": {
-          "ci": true,
-          "codeCoverage": true
-        }
-      }
-    },
-    "lint": {
-      "executor": "@nx/eslint:lint",
-      "outputs": ["{options.outputFile}"],
-      "options": {
-        "lintFilePatterns": [
-          "libs/shell-auth/**/*.ts",
-          "libs/shell-auth/**/*.html",
-          "libs/shell-auth/package.json"
-        ]
-      }
-    },
-    "release": {
-      "executor": "@onecx/release:update-build-publish",
-      "options": {
-        "buildTarget": "build-migrations"
-      }
-    }
-  }
-}

package/sonar-project.properties

@@ -1,37 +0,0 @@
-# sonar.verbose=true
-# run locally:
-#   docker run -d --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest
-#      user/pwd: admin/admin
-#      generate project token and use it in sonar.token!
-# start:
-#   npm run sonar
-#
-sonar.host.url=http://localhost:9000
-sonar.token=<SONAR_TOKEN>
-sonar.verbose=false
-#
-sonar.organization=onecx
-sonar.projectKey=onecx-portal-ui-libs-shell-auth
-sonar.projectName=onecx-portal-ui-libs-shell-auth
-#
-sonar.scm.disabled=true
-sonar.sources=src
-sonar.tests=src
-sonar-language="js"
-sonar.sourceEncoding=UTF-8
-#
-# reporting
-sonar.javascript.coveragePlugin=lcov
-sonar.javascript.lcov.reportPaths=../../reports/shell-auth/coverage/lcov.info
-sonar.testExecutionReportPaths=../../reports/shell-auth/sonarqube_report.xml
-sonar.working.directory=../../reports/shell-auth/.scannerwork
-# files
-sonar.exclusions=src/assets/**/*,src/migrations/**/*,src/mocks/**/*
-sonar.cpd.exclusions=src/**/*.ts,src/**/*.html
-sonar.coverage.exclusions=*.ts,*.js,src/*.ts,**/*.spec.ts,**/*.test.ts,**/*.stories.ts,**/*.harness.ts,**/environments/**,**/assets/**,**/generated/**,**/*.module.ts,**/*.main.ts
-sonar.test.inclusions=src/**/*.spec.ts, src/**/*.test.ts
-# issue exceptions
-sonar.issue.ignore.multicriteria=e1
-# ignore rule to allow async actions inside constructors
-sonar.issue.ignore.multicriteria.e1.ruleKey=typescript:S7059
-sonar.issue.ignore.multicriteria.e1.resourceKey=**/*.ts

package/src/index.ts

@@ -1,2 +0,0 @@
-export * from './lib/auth-service-wrapper'
-export * from './lib/provide-auth-service'

package/src/lib/auth-service-wrapper.ts

@@ -1,115 +0,0 @@
-import { loadRemoteModule } from '@angular-architects/module-federation'
-import { Injectable, Injector, inject } from '@angular/core'
-import { AppStateService, CONFIG_KEY, ConfigurationService } from '@onecx/angular-integration-interface'
-import { Config, EventsTopic, EventType } from '@onecx/integration-interface'
-import { filter } from 'rxjs/internal/operators/filter'
-import { AuthService, AuthServiceFactory, Injectables } from './auth.service'
-import { KeycloakAuthService } from './auth_services/keycloak-auth.service'
-import './declarations'
-import { DisabledAuthService } from './auth_services/disabled-auth.service'
-
-@Injectable()
-export class AuthServiceWrapper {
-  private configService = inject(ConfigurationService)
-  private appStateService = inject(AppStateService)
-  private injector = inject(Injector)
-
-  private eventsTopic$ = new EventsTopic()
-  private authService: AuthService | undefined
-
-  constructor() {
-    this.eventsTopic$
-      .pipe(filter((e) => e.type === EventType.AUTH_LOGOUT_BUTTON_CLICKED))
-      .subscribe(() => this.authService?.logout())
-    // Shell defines these properties to support older library versions
-    window.onecxAngularAuth ??= {}
-    window.onecxAngularAuth.authServiceProxy ??= {}
-    window.onecxAngularAuth.authServiceProxy.v1 ??= {
-      updateTokenIfNeeded: (): Promise<boolean> => {
-        return this.updateTokenIfNeeded()
-      },
-      getHeaderValues: (): Record<string, string> => {
-        return this.getHeaderValues()
-      },
-    }
-    window.onecxAuth ??= {}
-    window.onecxAuth.authServiceProxy ??= {}
-    window.onecxAuth.authServiceProxy.v1 ??= {
-      updateTokenIfNeeded: (): Promise<boolean> => {
-        return this.updateTokenIfNeeded()
-      },
-      getHeaderValues: (): Record<string, string> => {
-        return this.getHeaderValues()
-      },
-    }
-  }
-  async init(): Promise<boolean | undefined> {
-    await this.configService.isInitialized
-
-    await this.initializeAuthService()
-    const initResult = this.getInitResult()
-    return initResult
-  }
-  async getInitResult(): Promise<boolean | undefined> {
-    const initResult = await this.authService?.init()
-
-    if (initResult) {
-      await this.appStateService.isAuthenticated$.publish()
-    }
-    return initResult
-  }
-  getHeaderValues(): Record<string, string> {
-    return this.authService?.getHeaderValues() ?? {}
-  }
-  updateTokenIfNeeded(): Promise<boolean> {
-    return this.authService?.updateTokenIfNeeded() ?? Promise.reject()
-  }
-
-  async initializeAuthService(): Promise<void> {
-    const serviceTypeConfig = (await this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE)) ?? 'keycloak'
-
-    switch (serviceTypeConfig) {
-      case 'keycloak':
-        this.authService = this.injector.get(KeycloakAuthService)
-        break
-      case 'custom': {
-        // remote module is exposing function as default export (this is a convention)
-        // this function is responsible for creating the custom auth service
-        // to have access to the dependency mechanism of the shell
-        // the function gets a callback which is returning the requested injectable
-        const factory = await this.getAuthServiceFactory()
-        this.authService = await Promise.resolve(
-          factory((injectable: Injectables) => this.retrieveInjectables(injectable))
-        )
-        break
-      }
-      case 'disabled':
-        this.authService = this.injector.get(DisabledAuthService)
-        break
-      default:
-        throw new Error('Configured AuthService not found')
-    }
-  }
-
-  async retrieveInjectables(injectable: Injectables): Promise<KeycloakAuthService | Config | undefined> {
-    if (injectable === Injectables.KEYCLOAK_AUTH_SERVICE) {
-      return this.injector.get(KeycloakAuthService)
-    } else if (injectable === Injectables.CONFIG) {
-      return this.configService.getConfig()
-    }
-    throw new Error('unknown injectable type')
-  }
-
-  async getAuthServiceFactory(): Promise<AuthServiceFactory> {
-    if (await !this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE_CUSTOM_URL)) {
-      throw new Error('URL of the custom auth service is not defined')
-    }
-    const module = await loadRemoteModule({
-      type: 'module',
-      remoteEntry: (await this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE_CUSTOM_URL)) ?? '',
-      exposedModule:
-        (await this.configService.getProperty(CONFIG_KEY.AUTH_SERVICE_CUSTOM_MODULE_NAME)) ?? './CustomAuth',
-    })
-    return module.default as AuthServiceFactory
-  }
-}

package/src/lib/auth.service.ts

@@ -1,18 +0,0 @@
-export interface AuthService {
-  init(config?: Record<string, unknown>): Promise<boolean>
-
-  getHeaderValues(): Record<string, string>
-
-  logout(): void
-
-  updateTokenIfNeeded(): Promise<boolean>
-}
-
-export enum Injectables {
-  KEYCLOAK_AUTH_SERVICE = 'KEYCLOAK_AUTH_SERVICE',
-  CONFIG = 'CONFIG',
-}
-
-export type AuthServiceFactory = (
-  injectorFunction: (injectable: Injectables) => Promise<unknown> | unknown
-) => AuthService | Promise<AuthService>

package/src/lib/auth_services/disabled-auth.service.ts

@@ -1,29 +0,0 @@
-import { Injectable } from '@angular/core';
-import { AuthService } from '../auth.service';
-
-@Injectable()
-export class DisabledAuthService implements AuthService {
-
-  public async init(_config?: Record<string, unknown>): Promise<boolean> {
-    return Promise.resolve(true);
-  }
-
-  getIdToken(): string | null {
-    return "";
-  }
-  getAccessToken(): string | null {
-    return "";
-  }
-
-  logout(): void {
-    window.location.href = "https://github.com/onecx/";
-  }
-
-  async updateTokenIfNeeded(): Promise<boolean> {
-    return Promise.resolve(true);
-  }
-
-  getHeaderValues(): Record<string, string> {
-    return {};
-  }
-}

package/src/lib/auth_services/keycloak-auth.service.ts

@@ -1,211 +0,0 @@
-import { Injectable, inject } from '@angular/core'
-import { CONFIG_KEY, ConfigurationService } from '@onecx/angular-integration-interface'
-import Keycloak, { KeycloakServerConfig } from 'keycloak-js'
-import { AuthService } from '../auth.service'
-import { createLogger } from '../utils/logger.utils'
-
-const KC_REFRESH_TOKEN_LS = 'onecx_kc_refreshToken'
-const KC_ID_TOKEN_LS = 'onecx_kc_idToken'
-const KC_TOKEN_LS = 'onecx_kc_token'
-
-@Injectable()
-export class KeycloakAuthService implements AuthService {
-  private readonly logger = createLogger('KeycloakAuthService')
-  private configService = inject(ConfigurationService)
-  private keycloak: Keycloak | undefined
-
-  config?: Record<string, unknown>
-
-  public async init(config?: Record<string, unknown>): Promise<boolean> {
-    this.config = config
-    let token = localStorage.getItem(KC_TOKEN_LS)
-    let idToken = localStorage.getItem(KC_ID_TOKEN_LS)
-    let refreshToken = localStorage.getItem(KC_REFRESH_TOKEN_LS)
-    if (token && refreshToken) {
-      const parsedToken = JSON.parse(atob(refreshToken.split('.')[1]))
-      if (parsedToken.exp * 1000 < new Date().getTime()) {
-        token = null
-        refreshToken = null
-        idToken = null
-        this.clearKCStateFromLocalstorage()
-      }
-    }
-
-    let kcConfig: KeycloakServerConfig | string
-    const validKCConfig = await this.getValidKCConfig()
-    kcConfig = { ...validKCConfig, ...(config ?? {}) }
-    
-    if (!kcConfig.clientId || !kcConfig.realm || !kcConfig.url) {
-      kcConfig = './assets/keycloak.json'
-    }
-
-    const enableSilentSSOCheck =
-      (await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_ENABLE_SILENT_SSO)) === 'true'
-
-    try {
-      await import('keycloak-js').then(({ default: Keycloak }) => {
-        this.keycloak = new Keycloak(kcConfig)
-      })
-    } catch (err) {
-      const errorMessage = 'Keycloak initialization failed! Could not load keycloak-js library which is required in the current environment.'
-      this.logger.error(
-        errorMessage,
-        err
-      )
-      throw new Error(
-        errorMessage
-      )
-    }
-
-    if (!this.keycloak) {
-      throw new Error('Keycloak initialization failed!')
-    }
-
-    this.setupEventListener()
-
-    return this.keycloak
-      .init({
-        onLoad: 'check-sso',
-        checkLoginIframe: false,
-        silentCheckSsoRedirectUri: enableSilentSSOCheck ? this.getSilentSSOUrl() : undefined,
-        idToken: idToken || undefined,
-        refreshToken: refreshToken || undefined,
-        token: token || undefined,
-      })
-      .catch((err) => {
-        this.logger.warn(`Keycloak err: ${err}, try force login`)
-        return this.keycloak?.login(this.config)
-      })
-      .then((loginOk) => {
-        if (loginOk) {
-          return this.keycloak?.token
-        } else {
-          return this.keycloak?.login(this.config).then(() => 'login')
-        }
-      })
-      .then(() => {
-        return true
-      })
-      .catch((err) => {
-        this.logger.error(`KC ERROR ${err} as json ${JSON.stringify(err)}`)
-        throw err
-      })
-  }
-
-  protected async getValidKCConfig(): Promise<KeycloakServerConfig> {
-    const clientId = await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_CLIENT_ID)
-    if (!clientId) {
-      throw new Error('Invalid KC config, missing clientId')
-    }
-    const realm = await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_REALM)
-    if (!realm) {
-      throw new Error('Invalid KC config, missing realm')
-    }
-    const url = (await this.configService.getProperty(CONFIG_KEY.KEYCLOAK_URL)) ?? ''
-    return {
-      url,
-      clientId,
-      realm,
-    }
-  }
-
-  private setupEventListener() {
-    if (this.keycloak) {
-      this.keycloak.onAuthError = () => {
-        this.updateLocalStorage()
-      }
-      this.keycloak.onAuthLogout = () => {
-        this.logger.info('SSO logout nav to root')
-        this.clearKCStateFromLocalstorage()
-        this.keycloak?.login(this.config)
-      }
-      this.keycloak.onAuthRefreshSuccess = () => {
-        this.updateLocalStorage()
-      }
-      this.keycloak.onAuthRefreshError = () => {
-        this.updateLocalStorage()
-      }
-      this.keycloak.onAuthSuccess = () => {
-        this.updateLocalStorage()
-      }
-      this.keycloak.onTokenExpired = () => {
-        this.updateLocalStorage()
-      }
-      this.keycloak.onActionUpdate = () => {
-        this.updateLocalStorage()
-      }
-      this.keycloak.onReady = () => {
-        this.updateLocalStorage()
-      }
-    }
-  }
-
-  private updateLocalStorage() {
-    if (this.keycloak) {
-      if (this.keycloak.token) {
-        localStorage.setItem(KC_TOKEN_LS, this.keycloak.token)
-      } else {
-        localStorage.removeItem(KC_TOKEN_LS)
-      }
-      if (this.keycloak.idToken) {
-        localStorage.setItem(KC_ID_TOKEN_LS, this.keycloak.idToken)
-      } else {
-        localStorage.removeItem(KC_ID_TOKEN_LS)
-      }
-      if (this.keycloak.refreshToken) {
-        localStorage.setItem(KC_REFRESH_TOKEN_LS, this.keycloak.refreshToken)
-      } else {
-        localStorage.removeItem(KC_REFRESH_TOKEN_LS)
-      }
-    }
-  }
-
-  private clearKCStateFromLocalstorage() {
-    localStorage.removeItem(KC_ID_TOKEN_LS)
-    localStorage.removeItem(KC_TOKEN_LS)
-    localStorage.removeItem(KC_REFRESH_TOKEN_LS)
-  }
-
-  private getSilentSSOUrl() {
-    let currentBase = document.getElementsByTagName('base')[0].href
-    if (currentBase === '/') {
-      currentBase = ''
-    }
-    return `${currentBase}/assets/silent-check-sso.html`
-  }
-
-  getIdToken(): string | null {
-    return this.keycloak?.idToken ?? null
-  }
-  getAccessToken(): string | null {
-    return this.keycloak?.token ?? null
-  }
-
-  logout(): void {
-    this.keycloak?.logout()
-  }
-
-  async updateTokenIfNeeded(): Promise<boolean> {
-    if (!this.keycloak?.authenticated) {
-      return this.keycloak?.login(this.config).then(() => false) ?? Promise.reject('Keycloak not initialized!')
-    } else {
-      return this.keycloak.updateToken()
-    }
-  }
-
-  getAuthProviderName(): string {
-    return 'keycloak-auth'
-  }
-
-  hasRole(_role: string): boolean {
-    return false
-  }
-
-  getUserRoles(): string[] {
-    return []
-  }
-
-  getHeaderValues(): Record<string, string> {
-    return { 'apm-principal-token': this.getIdToken() ?? '', Authorization: `Bearer ${this.getAccessToken()}` }
-  }
-}

package/src/lib/declarations.ts

@@ -1,23 +0,0 @@
-declare global {
-  interface Window {
-    onecxAuth?: {
-      authServiceProxy?: {
-        v1?: {
-          getHeaderValues: () => Record<string, string>
-          updateTokenIfNeeded: () => Promise<boolean>
-        }
-      }
-    }
-    // Shell defines these properties to support older library versions
-    onecxAngularAuth?: {
-      authServiceProxy?: {
-        v1?: {
-          getHeaderValues: () => Record<string, string>
-          updateTokenIfNeeded: () => Promise<boolean>
-        }
-      }
-    }
-  }
-}
-
-export default globalThis

package/src/lib/provide-auth-service.ts

@@ -1,21 +0,0 @@
-import { inject, provideAppInitializer } from '@angular/core'
-import { ConfigurationService } from '@onecx/angular-integration-interface'
-import { AuthServiceWrapper } from './auth-service-wrapper'
-import { DisabledAuthService } from './auth_services/disabled-auth.service'
-import { KeycloakAuthService } from './auth_services/keycloak-auth.service'
-
-function provideAuthServices() {
-  return [AuthServiceWrapper, KeycloakAuthService, DisabledAuthService]
-}
-
-export function provideAuthService() {
-  return [
-    provideAuthServices(),
-    provideAppInitializer(async () => {
-      const configService = inject(ConfigurationService)
-      const authServiceWrapper = inject(AuthServiceWrapper)
-      await configService.isInitialized
-      await authServiceWrapper.init()
-    }),
-  ]
-}

package/src/lib/utils/logger.utils.ts

@@ -1,4 +0,0 @@
-// This file is not planned to be in the index.ts so it is private to this lib
-import { createLoggerFactory } from '@onecx/accelerator'
-
-export const createLogger = createLoggerFactory('@onecx/shell-auth')

package/src/test-setup.ts

@@ -1,6 +0,0 @@
-import { setupZoneTestEnv } from 'jest-preset-angular/setup-env/zone'
-
-setupZoneTestEnv({
-  errorOnUnknownElements: true,
-  errorOnUnknownProperties: true,
-})

package/tsconfig.json

@@ -1,32 +0,0 @@
-{
-  "compilerOptions": {
-    "moduleResolution": "bundler",
-    "target": "es2022",
-    "forceConsistentCasingInFileNames": true,
-    "strict": true,
-    "noImplicitOverride": true,
-    "noPropertyAccessFromIndexSignature": true,
-    "noImplicitReturns": true,
-    "noFallthroughCasesInSwitch": true,
-    "esModuleInterop": true
-  },
-  "files": [],
-  "include": [],
-  "references": [
-    {
-      "path": "./tsconfig.lib.json"
-    },
-    {
-      "path": "./tsconfig.lib.prod.json"
-    },
-    {
-      "path": "./tsconfig.spec.json"
-    }
-  ],
-  "extends": "../../tsconfig.base.json",
-  "angularCompilerOptions": {
-    "strictInjectionParameters": true,
-    "strictInputAccessModifiers": true,
-    "strictTemplates": true
-  }
-}

package/tsconfig.lib.json

@@ -1,12 +0,0 @@
-{
-  "extends": "./tsconfig.json",
-  "compilerOptions": {
-    "outDir": "../../dist/out-tsc",
-    "declaration": true,
-    "declarationMap": true,
-    "inlineSources": true,
-    "types": []
-  },
-  "exclude": ["src/**/*.spec.ts", "src/test-setup.ts", "jest.config.ts", "src/**/*.test.ts"],
-  "include": ["src/**/*.ts"]
-}

package/tsconfig.lib.prod.json

@@ -1,11 +0,0 @@
-{
-  "extends": "./tsconfig.lib.json",
-  "compilerOptions": {
-    "declarationMap": false,
-    "target": "es2022",
-    "useDefineForClassFields": false
-  },
-  "angularCompilerOptions": {
-    "compilationMode": "partial"
-  }
-}

package/tsconfig.spec.json

@@ -1,12 +0,0 @@
-{
-  "extends": "./tsconfig.json",
-  "compilerOptions": {
-    "outDir": "../../dist/out-tsc",
-    "module": "commonjs",
-    "moduleResolution": "node",
-    "target": "es2016",
-    "types": ["jest", "node"]
-  },
-  "files": ["src/test-setup.ts"],
-  "include": ["jest.config.ts", "src/**/*.test.ts", "src/**/*.spec.ts", "src/**/*.d.ts"]
-}