imng-oidc-client 4.102.10

package/fesm2020/imng-oidc-client.mjs

@@ -0,0 +1,907 @@
+import * as i0 from '@angular/core';
+import { InjectionToken, PLATFORM_ID, Injectable, Inject, Component, NgModule } from '@angular/core';
+import * as i3 from '@angular/common';
+import { isPlatformBrowser, DOCUMENT, CommonModule } from '@angular/common';
+import * as i1$1 from '@ngrx/store';
+import { createFeatureSelector, createSelector, createAction, createReducer, on, Store, StoreModule } from '@ngrx/store';
+import { switchMap, filter, take, map, tap, catchError, concatMap, first, mergeMap } from 'rxjs/operators';
+import { Log, UserManager, OidcClient } from 'oidc-client';
+import { from, of, throwError } from 'rxjs';
+import * as i1 from '@angular/common/http';
+import { HttpErrorResponse, HttpClientModule, HTTP_INTERCEPTORS } from '@angular/common/http';
+import { createPayloadAction } from 'imng-ngrx-utils';
+import { isNullOrUndefined } from 'imng-nrsrx-client-utils';
+import * as i1$2 from '@ngrx/effects';
+import { createEffect, ofType, EffectsModule } from '@ngrx/effects';
+import * as i3$1 from '@angular/router';
+import { RouterModule } from '@angular/router';
+
+// State Selectors
+const selectOidcState = createFeatureSelector('oidc');
+const getOidcLoading = createSelector(selectOidcState, (state) => state.loading);
+const getOidcIdentity = createSelector(selectOidcState, (state) => state.identity);
+const getAccessToken = createSelector(getOidcIdentity, (user) => (user || { access_token: undefined }).access_token);
+const isIdentityExpiring = createSelector(selectOidcState, (state) => state.expiring);
+const isIdentityExpired = createSelector(selectOidcState, (state) => state.expired);
+const isLoggedIn = createSelector(selectOidcState, (state) => state.loggedIn);
+// errors
+// eslint-disable-next-line @typescript-eslint/ban-types
+const selectOidcErrorState = createSelector(selectOidcState, (state) => state.errors);
+// eslint-disable-next-line @typescript-eslint/ban-types
+const hasErrors = createSelector(selectOidcErrorState, (state) => !!state.httpError || !!state.signInError || !!state.silentRenewError);
+const getSignInError = createSelector(selectOidcErrorState, (errors) => errors.signInError);
+const getSilentRenewError = createSelector(selectOidcErrorState, (errors) => errors.silentRenewError);
+const getHttpError = createSelector(selectOidcErrorState, (errors) => errors.httpError);
+const getPermissions$1 = createSelector(selectOidcState, (state) => state.permissions);
+const getAudiences = createSelector(selectOidcState, (state) => state.audiences);
+const getExpiresAt = createSelector(getOidcIdentity, (state) => state?.expires_at ? new Date(state.expires_at * 1000) : null //NOSONAR
+);
+const getUserMetadata = createSelector(selectOidcState, (state) => state.userMetadata);
+const oidcQuery = {
+    getExpiresAt,
+    getPermissions: getPermissions$1,
+    selectOidcState,
+    getOidcLoading,
+    getOidcIdentity,
+    getAccessToken,
+    isIdentityExpiring,
+    getSilentRenewError,
+    isIdentityExpired,
+    isLoggedIn,
+    getSignInError,
+    getHttpError,
+    hasErrors,
+    getAudiences,
+    getUserMetadata,
+};
+
+var OidcEvent;
+(function (OidcEvent) {
+    OidcEvent["AccessTokenExpired"] = "addAccessTokenExpired";
+    OidcEvent["AccessTokenExpiring"] = "addAccessTokenExpiring";
+    OidcEvent["SilentRenewError"] = "AddSilentRenewError";
+    OidcEvent["UserLoaded"] = "addUserLoaded";
+    OidcEvent["UserUnloaded"] = "addUserUnloaded";
+    OidcEvent["UserSignedOut"] = "addUserSignedOut";
+    OidcEvent["UserSessionChanged"] = "addUserSessionChanged";
+})(OidcEvent || (OidcEvent = {}));
+var StorageKeys;
+(function (StorageKeys) {
+    StorageKeys["PopupCallback"] = "ngoidc:isPopupCallback";
+    StorageKeys["OidcSettings"] = "ngoidc:settings";
+})(StorageKeys || (StorageKeys = {}));
+const ACTION_NO_ACTION = 'NO_ACTION';
+
+const OIDC_LIBRARY_CONFIG = new InjectionToken('OIDC_LIBRARY_CONFIG');
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+class OidcService {
+    constructor(oidcLibraryConfig, 
+    // eslint-disable-next-line @typescript-eslint/ban-types
+    platformId, httpClient) {
+        this.oidcLibraryConfig = oidcLibraryConfig;
+        this.platformId = platformId;
+        this.httpClient = httpClient;
+        const logSettings = this.oidcLibraryConfig.log;
+        let clientSettings = this.oidcLibraryConfig.oidc_config;
+        if (logSettings) {
+            Log.level = logSettings.level;
+            Log.logger = logSettings.logger;
+        }
+        if (clientSettings?.userStore != null) {
+            clientSettings = {
+                ...clientSettings,
+                userStore: clientSettings.userStore,
+            };
+        }
+        this._userManagerSettings = { ...clientSettings };
+        this.OidcUserManager = new UserManager(clientSettings);
+        this._oidcClient = new OidcClient(clientSettings);
+    }
+    getUserMetadata() {
+        return this.httpClient
+            .get(this.oidcLibraryConfig.oidc_config?.metadataUrl || '')
+            .pipe(switchMap((openidConfig) => this.httpClient.get(openidConfig.userinfo_endpoint)));
+    }
+    getUserManager() {
+        return this.OidcUserManager;
+    }
+    getOidcClient() {
+        return this._oidcClient;
+    }
+    getOidcUser() {
+        return from(this.OidcUserManager.getUser());
+    }
+    removeOidcUser() {
+        return from(this.OidcUserManager.removeUser());
+    }
+    registerOidcEvent(event, callback) {
+        switch (event) {
+            case OidcEvent.AccessTokenExpired:
+                this.OidcUserManager.events.addAccessTokenExpired(callback);
+                break;
+            case OidcEvent.AccessTokenExpiring:
+                this.OidcUserManager.events.addAccessTokenExpiring(callback);
+                break;
+            case OidcEvent.SilentRenewError:
+                this.OidcUserManager.events.addSilentRenewError(callback);
+                break;
+            case OidcEvent.UserLoaded:
+                this.OidcUserManager.events.addUserLoaded(callback);
+                break;
+            case OidcEvent.UserSessionChanged:
+                this.OidcUserManager.events.addUserSessionChanged(callback);
+                break;
+            case OidcEvent.UserSignedOut:
+                this.OidcUserManager.events.addUserSignedOut(callback);
+                break;
+            case OidcEvent.UserUnloaded:
+                this.OidcUserManager.events.addUserUnloaded(callback);
+                break;
+            default:
+                break;
+        }
+    }
+    removeOidcEvent(event, callback) {
+        switch (event) {
+            case OidcEvent.AccessTokenExpired:
+                this.OidcUserManager.events.removeAccessTokenExpired(callback);
+                break;
+            case OidcEvent.AccessTokenExpiring:
+                this.OidcUserManager.events.removeAccessTokenExpiring(callback);
+                break;
+            case OidcEvent.SilentRenewError:
+                this.OidcUserManager.events.removeSilentRenewError(callback);
+                break;
+            case OidcEvent.UserLoaded:
+                this.OidcUserManager.events.removeUserLoaded(callback);
+                break;
+            case OidcEvent.UserSessionChanged:
+                this.OidcUserManager.events.removeUserSessionChanged(callback);
+                break;
+            case OidcEvent.UserSignedOut:
+                this.OidcUserManager.events.removeUserSignedOut(callback);
+                break;
+            case OidcEvent.UserUnloaded:
+                this.OidcUserManager.events.removeUserUnloaded(callback);
+                break;
+            default:
+                break;
+        }
+    }
+    signInPopup(args) {
+        this.setCallbackInformation(true);
+        return from(this.OidcUserManager.signinPopup({ ...args }));
+    }
+    signInRedirect(args) {
+        this.setCallbackInformation(false);
+        return from(this.OidcUserManager.signinRedirect({ ...args }));
+    }
+    signOutPopup(args) {
+        this.setCallbackInformation(true);
+        return from(this.OidcUserManager.signoutPopup({ ...args }));
+    }
+    signOutRedirect(args) {
+        this.setCallbackInformation(false);
+        return from(this.OidcUserManager.signoutRedirect({ ...args }));
+    }
+    signInSilent(args) {
+        return from(this.OidcUserManager.signinSilent({ ...args }));
+    }
+    signinPopupCallback() {
+        return from(this.OidcUserManager.signinPopupCallback());
+    }
+    signinRedirectCallback() {
+        return from(this.OidcUserManager.signinRedirectCallback());
+    }
+    signoutPopupCallback() {
+        return from(this.OidcUserManager.signoutPopupCallback());
+    }
+    signoutRedirectCallback() {
+        return from(this.OidcUserManager.signoutRedirectCallback());
+    }
+    getSigninUrl(args) {
+        return from(this.OidcUserManager.createSigninRequest(args));
+    }
+    getSignoutUrl(args) {
+        return from(this.OidcUserManager.createSignoutRequest(args));
+    }
+    setCallbackInformation(isPopupCallback) {
+        // is browser and useCallbackFlag set to true or defaults to true
+        if (isPlatformBrowser(this.platformId) &&
+            this.oidcLibraryConfig.useCallbackFlag) {
+            localStorage.setItem(StorageKeys.PopupCallback, `${isPopupCallback}`);
+            localStorage.setItem(StorageKeys.OidcSettings, JSON.stringify(this._userManagerSettings));
+        }
+    }
+}
+OidcService.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcService, deps: [{ token: OIDC_LIBRARY_CONFIG }, { token: PLATFORM_ID }, { token: i1.HttpClient }], target: i0.ɵɵFactoryTarget.Injectable });
+OidcService.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcService, providedIn: 'root' });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcService, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root',
+                }]
+        }], ctorParameters: function () { return [{ type: undefined, decorators: [{
+                    type: Inject,
+                    args: [OIDC_LIBRARY_CONFIG]
+                }] }, { type: Object, decorators: [{
+                    type: Inject,
+                    args: [PLATFORM_ID]
+                }] }, { type: i1.HttpClient }]; } });
+
+const clearCurrentEmployee = createAction('[Employees] Clear Current Employee');
+// OIDC COMMANDS
+const getOidcUser = createAction('[Oidc] get oidc user');
+const removeOidcUser = createAction('[Oidc] remove oidc user');
+const userExpired = createAction('[Oidc] user expired');
+const userFound = createPayloadAction('[Oidc] user found');
+const onSessionChanged = createAction('[Oidc] session changed');
+const onAccessTokenExpired = createAction('[Oidc] on access token expired');
+const onAccessTokenExpiring = createAction('[Oidc] user expiring');
+const onUserLoading = createAction('[Oidc] user loading');
+const userDoneLoading = createAction('[Oidc] user done loading');
+const userDoneLoadingError = createPayloadAction('[Oidc] user done loading error');
+const onUserMetadataLoaded = createPayloadAction('[Oidc] on User Metadata Loaded');
+// OIDC EVENTS
+const onSignInPopup = createPayloadAction('[Oidc] on SignInPopup');
+const onSignInRedirect = createPayloadAction('[Oidc] on onSignInRedirect');
+const onSignInSilent = createPayloadAction('[Oidc] on onSignInSilent');
+const onUserLoaded = createPayloadAction('[Oidc] on user loaded');
+const onUserloadError = createPayloadAction('[Oidc] user load error');
+const onUserUnloaded = createAction('[Oidc] on user unloaded');
+const onUserSignedOut = createAction('[Oidc] on user signed out');
+const onSilentRenewError = createPayloadAction('[Oidc] on silent renew error');
+const signInPopup = createPayloadAction('[Oidc] sign in popup');
+const signInRedirect = createPayloadAction('[Oidc] sign in redirect');
+const signInError = createPayloadAction('[Oidc] sign in popup error');
+const signOutPopup = createPayloadAction('[Oidc] sign out popup');
+const signOutPopupError = createPayloadAction('[Oidc] sign out popup error');
+const signOutRedirect = createPayloadAction('[Oidc] sign out redirect');
+const signOutRedirectError = createPayloadAction('[Oidc] sign out redirect error');
+const signInSilent = createPayloadAction('[Oidc] sign in silent');
+const oidcError = createPayloadAction('[Oidc] error');
+// HTTP
+const setHttpError = createPayloadAction('[HTTP] Set Http Error');
+const clearErrors = createAction('[HTTP] Clear Errors');
+
+/* eslint-disable @typescript-eslint/no-explicit-any */
+class OidcFacade {
+    constructor(store, oidcService) {
+        this.store = store;
+        this.oidcService = oidcService;
+        this.loading$ = this.store.select(oidcQuery.getOidcLoading);
+        this.expiring$ = this.store.select(oidcQuery.isIdentityExpiring);
+        this.expired$ = this.store.select(oidcQuery.isIdentityExpired);
+        this.loggedIn$ = this.store.select(oidcQuery.isLoggedIn);
+        this.identity$ = this.store.select(oidcQuery.getOidcIdentity);
+        this.accessToken$ = this.store.select(oidcQuery.getAccessToken);
+        this.httpError$ = this.store.select(oidcQuery.getHttpError);
+        this.signInError$ = this.store.select(oidcQuery.getSignInError);
+        this.silentRenewError$ = this.store.select(oidcQuery.getSilentRenewError);
+        this.hasErrors$ = this.store.select(oidcQuery.hasErrors);
+        this.permissions$ = this.store.select(oidcQuery.getPermissions);
+        this.audiences$ = this.store.select(oidcQuery.getAudiences);
+        this.expiresAt$ = this.store.select(oidcQuery.getExpiresAt);
+        this.userMetadata$ = this.store.select(oidcQuery.getUserMetadata);
+        this.registerDefaultEvents();
+    }
+    // default bindings to events
+    addUserUnLoaded() {
+        if (this.store) {
+            this.store.dispatch(onUserUnloaded());
+        }
+    }
+    accessTokenExpired() {
+        if (this.store) {
+            this.store.dispatch(onAccessTokenExpired());
+        }
+        else {
+            sessionStorage.clear();
+            localStorage.clear();
+            window.location.reload();
+        }
+    }
+    accessTokenExpiring() {
+        if (this.store) {
+            this.store.dispatch(onAccessTokenExpiring());
+        }
+        else {
+            this.accessTokenExpired();
+        }
+    }
+    addSilentRenewError(...ev) {
+        this.store.dispatch(onSilentRenewError(ev[0]));
+    }
+    addUserLoaded(...ev) {
+        this.store.dispatch(onUserLoaded(ev[0]));
+    }
+    addUserSignedOut() {
+        this.oidcService.removeOidcUser();
+        this.store.dispatch(onUserSignedOut());
+    }
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    addUserSessionChanged() {
+        this.store.dispatch(onSessionChanged());
+    }
+    clearErrors() {
+        this.store.dispatch(clearErrors());
+    }
+    // OIDC Methods
+    getOidcUser() {
+        this.store.dispatch(getOidcUser());
+    }
+    removeOidcUser() {
+        this.store.dispatch(removeOidcUser());
+    }
+    getUserManager() {
+        return this.oidcService.getUserManager();
+    }
+    getOidcClient() {
+        return this.oidcService.getOidcClient();
+    }
+    /**
+     * Convenient function to wait for loaded.
+     */
+    waitForAuthenticationLoaded() {
+        return this.loading$.pipe(filter((loading) => loading === false), take(1), map(() => true));
+    }
+    signinPopup(args) {
+        this.store.dispatch(signInPopup(args));
+    }
+    signinRedirect(args) {
+        this.store.dispatch(signInRedirect(args));
+    }
+    signinSilent(args) {
+        this.store.dispatch(signInSilent(args));
+    }
+    signoutPopup(args) {
+        this.store.dispatch(signOutPopup(args));
+    }
+    signoutRedirect(args) {
+        this.store.dispatch(signOutRedirect(args));
+    }
+    getSigninUrl(args) {
+        return this.oidcService.getSigninUrl(args);
+    }
+    getSignoutUrl(args) {
+        return this.oidcService.getSignoutUrl(args);
+    }
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    registerEvent(event, callback) {
+        this.oidcService.registerOidcEvent(event, callback);
+    }
+    registerDefaultEvents() {
+        // add simple loggers
+        this.registerEvent(OidcEvent.AccessTokenExpired, this.accessTokenExpired);
+        this.registerEvent(OidcEvent.AccessTokenExpiring, this.accessTokenExpiring);
+        this.registerEvent(OidcEvent.SilentRenewError, this.addSilentRenewError);
+        this.registerEvent(OidcEvent.UserLoaded, this.addUserLoaded);
+        this.registerEvent(OidcEvent.UserUnloaded, this.addUserUnLoaded);
+        this.registerEvent(OidcEvent.UserSignedOut, this.addUserSignedOut);
+        this.registerEvent(OidcEvent.UserSessionChanged, this.addUserSessionChanged);
+    }
+}
+OidcFacade.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcFacade, deps: [{ token: i1$1.Store }, { token: OidcService }], target: i0.ɵɵFactoryTarget.Injectable });
+OidcFacade.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcFacade, providedIn: 'root' });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcFacade, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root',
+                }]
+        }], ctorParameters: function () { return [{ type: i1$1.Store }, { type: OidcService }]; } });
+
+class AuthGuard {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    constructor(document, oidcFacade) {
+        this.document = document;
+        this.oidcFacade = oidcFacade;
+        this.isLoggedInPipe$ = this.oidcFacade.waitForAuthenticationLoaded().pipe(switchMap(() => this.oidcFacade.loggedIn$), tap(t => {
+            if (!t) {
+                this.oidcFacade.signinRedirect({
+                    data: { redirect_url: this.document.location.href }
+                });
+            }
+        }));
+    } //NOSONAR
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    canActivate(route, state) {
+        return this.isLoggedInPipe$;
+    }
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    canActivateChild(childRoute, state) {
+        return this.isLoggedInPipe$;
+    }
+}
+AuthGuard.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: AuthGuard, deps: [{ token: DOCUMENT }, { token: OidcFacade }], target: i0.ɵɵFactoryTarget.Injectable });
+AuthGuard.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: AuthGuard, providedIn: 'root' });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: AuthGuard, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root'
+                }]
+        }], ctorParameters: function () { return [{ type: undefined, decorators: [{
+                    type: Inject,
+                    args: [DOCUMENT]
+                }] }, { type: OidcFacade }]; } });
+
+function oidcConfigurator(oidcClientConfig, document) {
+    return {
+        oidc_config: {
+            authority: oidcClientConfig.authority,
+            client_id: oidcClientConfig.client_id,
+            extraQueryParams: { audience: oidcClientConfig.audience },
+            redirect_uri: `${document.location.origin}/callback.html`,
+            response_type: oidcClientConfig.response_type || 'id_token token',
+            scope: oidcClientConfig.scope || 'openid profile offline_access email',
+            post_logout_redirect_uri: `${document.location.origin}/signout-callback.html`,
+            silent_redirect_uri: `${document.location.origin}/renew-callback.html`,
+            automaticSilentRenew: isNullOrUndefined(oidcClientConfig.automaticSilentRenew)
+                ? true
+                : oidcClientConfig.automaticSilentRenew,
+            metadataUrl: `${oidcClientConfig.authority}/.well-known/openid-configuration`,
+        },
+        getUserMetadata: oidcClientConfig.getUserMetadata,
+        useCallbackFlag: isNullOrUndefined(oidcClientConfig.useCallbackFlag)
+            ? true
+            : oidcClientConfig.useCallbackFlag,
+    };
+}
+
+const OIDC_CLIENT_CONFIG = new InjectionToken('oidc-client-config');
+
+const getProfile = createSelector(oidcQuery.getOidcIdentity, (identity) => identity?.profile);
+const getPermissions = createSelector(oidcQuery.selectOidcState, (state) => state?.permissions);
+const getEmail = createSelector(getProfile, (profile) => profile?.email);
+const getProfilePicture = createSelector(getProfile, (profile) => profile?.picture);
+const OidcUserSelectors = {
+    getProfile,
+    getEmail,
+    getProfilePicture,
+    getPermissions,
+};
+
+class OidcUserFacade {
+    constructor(store) {
+        this.store = store;
+        this.profile$ = this.store.select(OidcUserSelectors.getProfile);
+        this.email$ = this.store.select(OidcUserSelectors.getEmail);
+        this.profilePicture$ = this.store.select(OidcUserSelectors.getProfilePicture);
+        this.permissions$ = this.store.select(OidcUserSelectors.getPermissions);
+    }
+    hasPermissions(requiredPermissions) {
+        return this.permissions$.pipe(map((t) => -1 <
+            requiredPermissions.findIndex((f) => -1 < (t?.findIndex((i) => i === f) || -1))));
+    }
+}
+OidcUserFacade.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcUserFacade, deps: [{ token: i1$1.Store }], target: i0.ɵɵFactoryTarget.Injectable });
+OidcUserFacade.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcUserFacade, providedIn: 'root' });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcUserFacade, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root',
+                }]
+        }], ctorParameters: function () { return [{ type: i1$1.Store }]; } });
+
+class SupportComponent {
+    constructor(facade, oidcUserFacade) {
+        this.facade = facade;
+        this.oidcUserFacade = oidcUserFacade;
+        this.profileValue$ = this.oidcUserFacade.profile$.pipe(map((x) => Object.keys(x).map((propertyKey) => ({
+            key: propertyKey,
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            value: x[propertyKey], //NOSONAR
+        }))));
+    }
+}
+SupportComponent.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: SupportComponent, deps: [{ token: OidcFacade }, { token: OidcUserFacade }], target: i0.ɵɵFactoryTarget.Component });
+SupportComponent.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "12.0.0", version: "13.3.2", type: SupportComponent, selector: "imng-support", ngImport: i0, template: `<div class="container pt-5 mt-5">
+    <div class="row h3 text-center">
+      <div class="col-md-12 text-center">OIDC Support</div>
+    </div>
+    <div class="row">
+      <div class="col-md-3">Audiences</div>
+      <div class="col-md-8">
+        <span *ngFor="let item of facade.audiences$ | async; last as isLast">
+          {{ item }} <br *ngIf="!isLast" />
+        </span>
+      </div>
+    </div>
+    <div class="row">
+      <div class="col-md-3">Permissions</div>
+      <div class="col-md-8">
+        <span *ngFor="let item of facade.permissions$ | async; last as isLast">
+          {{ item }} <br *ngIf="!isLast" />
+        </span>
+      </div>
+    </div>
+    <div class="row">
+      <div class="col-md-3">Expires</div>
+      <div class="col-md-8">{{ facade.expiresAt$ | async }}</div>
+    </div>
+    <div class="row" *ngFor="let item of profileValue$ | async">
+      <div class="col-md-3">{{ item.key }}</div>
+      <div class="col-md-8">{{ item.value }}</div>
+    </div>
+  </div> `, isInline: true, directives: [{ type: i3.NgForOf, selector: "[ngFor][ngForOf]", inputs: ["ngForOf", "ngForTrackBy", "ngForTemplate"] }, { type: i3.NgIf, selector: "[ngIf]", inputs: ["ngIf", "ngIfThen", "ngIfElse"] }], pipes: { "async": i3.AsyncPipe } });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: SupportComponent, decorators: [{
+            type: Component,
+            args: [{
+                    selector: 'imng-support',
+                    template: `<div class="container pt-5 mt-5">
+    <div class="row h3 text-center">
+      <div class="col-md-12 text-center">OIDC Support</div>
+    </div>
+    <div class="row">
+      <div class="col-md-3">Audiences</div>
+      <div class="col-md-8">
+        <span *ngFor="let item of facade.audiences$ | async; last as isLast">
+          {{ item }} <br *ngIf="!isLast" />
+        </span>
+      </div>
+    </div>
+    <div class="row">
+      <div class="col-md-3">Permissions</div>
+      <div class="col-md-8">
+        <span *ngFor="let item of facade.permissions$ | async; last as isLast">
+          {{ item }} <br *ngIf="!isLast" />
+        </span>
+      </div>
+    </div>
+    <div class="row">
+      <div class="col-md-3">Expires</div>
+      <div class="col-md-8">{{ facade.expiresAt$ | async }}</div>
+    </div>
+    <div class="row" *ngFor="let item of profileValue$ | async">
+      <div class="col-md-3">{{ item.key }}</div>
+      <div class="col-md-8">{{ item.value }}</div>
+    </div>
+  </div> `,
+                }]
+        }], ctorParameters: function () { return [{ type: OidcFacade }, { type: OidcUserFacade }]; } });
+
+class AccessDeniedComponent {
+}
+AccessDeniedComponent.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: AccessDeniedComponent, deps: [], target: i0.ɵɵFactoryTarget.Component });
+AccessDeniedComponent.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "12.0.0", version: "13.3.2", type: AccessDeniedComponent, selector: "imng-access-denied", ngImport: i0, template: '<div class="p-5 m-5 text-danger">Access denied.</div>', isInline: true });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: AccessDeniedComponent, decorators: [{
+            type: Component,
+            args: [{
+                    selector: 'imng-access-denied',
+                    template: '<div class="p-5 m-5 text-danger">Access denied.</div>'
+                }]
+        }] });
+
+class LogoutSuccessComponent {
+}
+LogoutSuccessComponent.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: LogoutSuccessComponent, deps: [], target: i0.ɵɵFactoryTarget.Component });
+LogoutSuccessComponent.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "12.0.0", version: "13.3.2", type: LogoutSuccessComponent, selector: "imng-logout-success", ngImport: i0, template: 
+    // eslint-disable-next-line max-len
+    '<div class="p-5 m-5 text-center">You have successfully logged out.<br/>Please close this browser window to ensure you are completely logged out of the session.</div>', isInline: true });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: LogoutSuccessComponent, decorators: [{
+            type: Component,
+            args: [{
+                    selector: 'imng-logout-success',
+                    template: 
+                    // eslint-disable-next-line max-len
+                    '<div class="p-5 m-5 text-center">You have successfully logged out.<br/>Please close this browser window to ensure you are completely logged out of the session.</div>'
+                }]
+        }] });
+
+const routes = [
+    { path: 'support', component: SupportComponent },
+    { path: 'access-denied', component: AccessDeniedComponent },
+    { path: 'logout', component: LogoutSuccessComponent },
+];
+class ImngOidcClientRoutingModule {
+}
+ImngOidcClientRoutingModule.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: ImngOidcClientRoutingModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule });
+ImngOidcClientRoutingModule.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: ImngOidcClientRoutingModule, imports: [i3$1.RouterModule], exports: [RouterModule] });
+ImngOidcClientRoutingModule.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: ImngOidcClientRoutingModule, imports: [[RouterModule.forChild(routes)], RouterModule] });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: ImngOidcClientRoutingModule, decorators: [{
+            type: NgModule,
+            args: [{
+                    imports: [RouterModule.forChild(routes)],
+                    exports: [RouterModule],
+                }]
+        }] });
+const oidcSupportRoute = {
+    path: 'oidc/support',
+    component: SupportComponent,
+    canActivate: [AuthGuard],
+};
+const oidcAccessDeniedRoute = {
+    path: 'oidc/access-denied',
+    component: AccessDeniedComponent,
+};
+const oidcLogoutRoute = {
+    path: 'oidc/logout',
+    component: LogoutSuccessComponent,
+};
+const oidcRoutes = [
+    oidcSupportRoute,
+    oidcAccessDeniedRoute,
+    oidcLogoutRoute,
+];
+
+class OidcEffects {
+    constructor(actions$, oidcService, oidcLibraryOptions, router) {
+        this.actions$ = actions$;
+        this.oidcService = oidcService;
+        this.oidcLibraryOptions = oidcLibraryOptions;
+        this.router = router;
+        this.getOidcUser$ = createEffect(() => this.actions$.pipe(ofType(getOidcUser), switchMap(() => this.oidcService.getOidcUser().pipe(map((userData) => this.makeOidcUserSerializable(userData)), filter((userData) => !!userData), map((userData) => userFound(userData)), catchError((err) => of(userDoneLoadingError(err)))))));
+        this.silentRenew$ = createEffect(() => this.actions$.pipe(ofType(userFound), filter((userFound) => 
+        // user expired, initiate silent sign-in if configured to automatic
+        (userFound.payload != null &&
+            userFound.payload.expired &&
+            this.oidcLibraryOptions.oidc_config?.automaticSilentRenew) ||
+            false), map((userFound) => signInSilent(userFound.payload))));
+        this.removeOidcUser$ = createEffect(() => this.actions$.pipe(ofType(removeOidcUser), concatMap(() => this.oidcService.removeOidcUser().pipe(map(() => userDoneLoading()), catchError((err) => of(oidcError(err)))))));
+        this.userDoneLoadingNoMetadata$ = createEffect(() => this.actions$.pipe(ofType(userFound), filter(() => !this.oidcLibraryOptions.getUserMetadata), map(() => userDoneLoading())));
+        this.userDoneLoadingWithMetadata$ = createEffect(() => this.actions$.pipe(ofType(userFound), filter(() => this.oidcLibraryOptions.getUserMetadata || false), switchMap(() => this.oidcService.getUserMetadata()), map((metadata) => onUserMetadataLoaded(metadata))));
+        this.onAccessTokenExpired$ = createEffect(() => this.actions$.pipe(ofType(onAccessTokenExpired), map(() => removeOidcUser())));
+        this.signInPopup$ = createEffect(() => this.actions$.pipe(ofType(signInPopup), concatMap((args) => this.oidcService.signInPopup(args.payload).pipe(map((user) => onSignInPopup(this.makeOidcUserSerializable(user))), catchError((err) => of(signInError(err)))))));
+        this.signInRedirect$ = createEffect(() => this.actions$.pipe(ofType(signInRedirect), concatMap((args) => this.oidcService.signInRedirect(args.payload).pipe(concatMap(() => this.oidcService.signinRedirectCallback()), map((user) => onSignInRedirect(this.makeOidcUserSerializable(user))), catchError((err) => of(signInError(err)))))));
+        this.signInSilent$ = createEffect(() => this.actions$.pipe(ofType(signInSilent), concatMap((args) => this.oidcService.signInSilent(args.payload).pipe(map((user) => onSignInSilent(this.makeOidcUserSerializable(user))), catchError((err) => of(onSilentRenewError(err)))))));
+        this.signOutPopup$ = createEffect(() => this.actions$.pipe(ofType(signOutPopup), concatMap((args) => this.oidcService.signOutPopup(args.payload).pipe(map(() => onUserSignedOut()), catchError((err) => of(signOutPopupError(err.message)))))));
+        this.signOutRedirect$ = createEffect(() => this.actions$.pipe(ofType(signOutRedirect), concatMap((args) => this.oidcService.signOutRedirect(args.payload).pipe(map(() => onUserSignedOut()), catchError((err) => of(signOutRedirectError(err.message)))))));
+        this.onUserSignedOut$ = createEffect(() => this.actions$.pipe(ofType(onUserSignedOut, signOutPopupError, signOutRedirectError), tap(() => {
+            localStorage.clear();
+            sessionStorage.clear();
+            this.router.navigateByUrl(oidcLogoutRoute.path || '');
+        })), { dispatch: false });
+    }
+    ngrxOnInitEffects() {
+        return getOidcUser();
+    }
+    makeOidcUserSerializable(user) {
+        if (user?.toStorageString) {
+            user = {
+                ...user,
+                toStorageString: undefined,
+            };
+        }
+        return user;
+    }
+}
+OidcEffects.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcEffects, deps: [{ token: i1$2.Actions }, { token: OidcService }, { token: OIDC_LIBRARY_CONFIG }, { token: i3$1.Router }], target: i0.ɵɵFactoryTarget.Injectable });
+OidcEffects.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcEffects, providedIn: 'root' });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: OidcEffects, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root',
+                }]
+        }], ctorParameters: function () { return [{ type: i1$2.Actions }, { type: OidcService }, { type: undefined, decorators: [{
+                    type: Inject,
+                    args: [OIDC_LIBRARY_CONFIG]
+                }] }, { type: i3$1.Router }]; } });
+
+function jwtDecoder(rawToken) {
+    const splits = rawToken?.split('.');
+    if (splits?.length > 1) {
+        const payload = splits[1];
+        return JSON.parse(window.atob(payload));
+    }
+    else {
+        return null;
+    }
+}
+
+const OIDC_FEATURE_KEY = 'oidc';
+const initialState = {
+    audiences: [],
+    permissions: [],
+    loading: true,
+    loggedIn: false,
+    expiring: false,
+    expired: false,
+    errors: {
+        silentRenewError: undefined,
+        signInError: undefined,
+        httpError: undefined,
+    },
+};
+const featureReducer = createReducer(initialState, on(getOidcUser, onUserLoading, (state) => ({
+    ...state,
+    loading: true,
+    loggedIn: false,
+})), on(removeOidcUser, (state) => ({
+    ...state,
+    loading: true,
+    loggedIn: false,
+    identity: undefined,
+})), on(setHttpError, (state, err) => ({
+    ...state,
+    loading: false,
+    errors: {
+        ...state.errors,
+        httpError: err.payload,
+    },
+})), on(onUserMetadataLoaded, (state, userMetadata) => ({
+    ...state,
+    userMetadata: userMetadata.payload,
+    loading: false,
+})), on(clearErrors, (state) => ({ ...state, errors: {} })), on(userDoneLoading, (state) => ({ ...state, loading: false })), on(onAccessTokenExpiring, (state) => ({
+    ...state,
+    expiring: true,
+})), on(onAccessTokenExpired, (state) => ({
+    ...state,
+    loggedIn: false,
+    expiring: false,
+    expired: true,
+})), on(onUserLoaded, (state) => ({
+    ...state,
+    loading: false,
+    expiring: false,
+})), on(onUserUnloaded, onUserSignedOut, signOutPopupError, signOutRedirectError, (state) => ({
+    ...state,
+    loggedIn: false,
+    identity: undefined,
+    expired: true,
+    expiring: false,
+    userMetadata: undefined,
+})), on(signOutRedirect, signOutPopup, (state) => ({
+    ...state,
+    identity: undefined,
+    userMetadata: null,
+    loggedIn: false,
+})), on(userFound, onSignInPopup, onSignInRedirect, onSignInSilent, (state, { payload }) => ({
+    ...state,
+    identity: payload,
+    loggedIn: true,
+    audiences: payload.access_token
+        ? jwtDecoder(payload.access_token)?.aud
+        : undefined,
+    permissions: jwtDecoder(payload.access_token)
+        ?.permissions,
+})), on(userExpired, (state) => ({
+    ...state,
+    loggedIn: false,
+    expiring: false,
+})), on(onSilentRenewError, (state, err) => ({
+    ...state,
+    loading: false,
+    errors: {
+        ...state.errors,
+        silentRenewError: err.payload,
+    },
+})), on(userDoneLoadingError, signInError, (state, err) => ({
+    ...state,
+    loading: false,
+    errors: {
+        ...state.errors,
+        signInError: err.payload,
+    },
+})));
+function oidcReducer(state, action) {
+    return featureReducer(state, action);
+}
+
+class TokenInterceptorService {
+    constructor(store) {
+        this.store = store;
+    }
+    intercept(req, next) {
+        return this.store.select(oidcQuery.getAccessToken).pipe(first(), mergeMap(accessToken => {
+            if (accessToken) {
+                req = req.clone({
+                    setHeaders: { Authorization: `Bearer ${accessToken}` },
+                });
+            }
+            return next.handle(req).pipe(catchError((err) => {
+                if (err instanceof HttpErrorResponse) {
+                    this.store.dispatch(setHttpError(err));
+                }
+                return throwError(() => err);
+            }));
+        }));
+    }
+}
+TokenInterceptorService.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: TokenInterceptorService, deps: [{ token: i1$1.Store }], target: i0.ɵɵFactoryTarget.Injectable });
+TokenInterceptorService.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: TokenInterceptorService });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: TokenInterceptorService, decorators: [{
+            type: Injectable
+        }], ctorParameters: function () { return [{ type: i1$1.Store }]; } });
+
+class ImngOidcClientModule {
+    static forRoot(oidc0ptions) {
+        return {
+            ngModule: ImngOidcClientModule,
+            providers: [{ provide: OIDC_CLIENT_CONFIG, useValue: oidc0ptions }],
+        };
+    }
+}
+ImngOidcClientModule.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: ImngOidcClientModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule });
+ImngOidcClientModule.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: ImngOidcClientModule, declarations: [AccessDeniedComponent,
+        SupportComponent,
+        LogoutSuccessComponent], imports: [CommonModule,
+        HttpClientModule, i1$1.StoreFeatureModule, i1$2.EffectsFeatureModule, ImngOidcClientRoutingModule], exports: [AccessDeniedComponent, SupportComponent, LogoutSuccessComponent] });
+ImngOidcClientModule.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: ImngOidcClientModule, providers: [
+        {
+            provide: OIDC_LIBRARY_CONFIG,
+            useFactory: oidcConfigurator,
+            deps: [OIDC_CLIENT_CONFIG, DOCUMENT],
+        },
+        OidcService,
+        OidcFacade,
+        OidcEffects,
+        OidcUserFacade,
+        AuthGuard,
+        {
+            provide: HTTP_INTERCEPTORS,
+            useClass: TokenInterceptorService,
+            multi: true,
+            deps: [Store],
+        },
+    ], imports: [[
+            CommonModule,
+            HttpClientModule,
+            StoreModule.forFeature(OIDC_FEATURE_KEY, oidcReducer),
+            EffectsModule.forFeature([OidcEffects]),
+            ImngOidcClientRoutingModule,
+        ]] });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "13.3.2", ngImport: i0, type: ImngOidcClientModule, decorators: [{
+            type: NgModule,
+            args: [{
+                    declarations: [
+                        AccessDeniedComponent,
+                        SupportComponent,
+                        LogoutSuccessComponent,
+                    ],
+                    imports: [
+                        CommonModule,
+                        HttpClientModule,
+                        StoreModule.forFeature(OIDC_FEATURE_KEY, oidcReducer),
+                        EffectsModule.forFeature([OidcEffects]),
+                        ImngOidcClientRoutingModule,
+                    ],
+                    exports: [AccessDeniedComponent, SupportComponent, LogoutSuccessComponent],
+                    providers: [
+                        {
+                            provide: OIDC_LIBRARY_CONFIG,
+                            useFactory: oidcConfigurator,
+                            deps: [OIDC_CLIENT_CONFIG, DOCUMENT],
+                        },
+                        OidcService,
+                        OidcFacade,
+                        OidcEffects,
+                        OidcUserFacade,
+                        AuthGuard,
+                        {
+                            provide: HTTP_INTERCEPTORS,
+                            useClass: TokenInterceptorService,
+                            multi: true,
+                            deps: [Store],
+                        },
+                    ],
+                }]
+        }] });
+
+class PermissionsGuard {
+    constructor(oidcFacade, oidcUserFacade, router) {
+        this.oidcFacade = oidcFacade;
+        this.oidcUserFacade = oidcUserFacade;
+        this.router = router;
+    }
+    canActivate(
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    route, 
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    state) {
+        return this.oidcFacade.waitForAuthenticationLoaded().pipe(switchMap(() => this.oidcUserFacade.hasPermissions(this.permissions)), tap((t) => {
+            if (!t) {
+                this.router.navigate(['oidc/access-denied'], {
+                    relativeTo: this.router.routerState.root,
+                });
+            }
+        }));
+    }
+}
+
+/**
+ * Generated bundle index. Do not edit.
+ */
+
+export { ACTION_NO_ACTION, AccessDeniedComponent, AuthGuard, ImngOidcClientModule, ImngOidcClientRoutingModule, LogoutSuccessComponent, OIDC_CLIENT_CONFIG, OidcEffects, OidcEvent, OidcFacade, OidcService, OidcUserFacade, OidcUserSelectors, PermissionsGuard, StorageKeys, SupportComponent, TokenInterceptorService, clearCurrentEmployee, clearErrors, getOidcUser, jwtDecoder, oidcAccessDeniedRoute, oidcConfigurator, oidcError, oidcLogoutRoute, oidcQuery, oidcReducer, oidcRoutes, oidcSupportRoute, onAccessTokenExpired, onAccessTokenExpiring, onSessionChanged, onSignInPopup, onSignInRedirect, onSignInSilent, onSilentRenewError, onUserLoaded, onUserLoading, onUserMetadataLoaded, onUserSignedOut, onUserUnloaded, onUserloadError, removeOidcUser, setHttpError, signInError, signInPopup, signInRedirect, signInSilent, signOutPopup, signOutPopupError, signOutRedirect, signOutRedirectError, userDoneLoading, userDoneLoadingError, userExpired, userFound };
+//# sourceMappingURL=imng-oidc-client.mjs.map