keycloak-angular 16.1.0 → 19.0.0

package/lib/guards/auth.guard.d.ts

@@ -0,0 +1,75 @@
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+import Keycloak from 'keycloak-js';
+import { ActivatedRouteSnapshot, CanActivateChildFn, CanActivateFn, RouterStateSnapshot, UrlTree } from '@angular/router';
+/**
+ * Type representing the roles granted to a user, including both realm and resource-level roles.
+ */
+type Roles = {
+    /**
+     * Roles assigned at the realm level.
+     */
+    realmRoles: string[];
+    /**
+     * Roles assigned at the resource level, organized by resource name.
+     */
+    resourceRoles: {
+        [resource: string]: string[];
+    };
+};
+/**
+ * Data structure passed to the custom authorization guard to determine access.
+ */
+export type AuthGuardData = {
+    /**
+     * Indicates whether the user is currently authenticated.
+     */
+    authenticated: boolean;
+    /**
+     * A collection of roles granted to the user, including both realm and resource roles.
+     */
+    grantedRoles: Roles;
+    /**
+     * The Keycloak instance managing the user's session and access.
+     */
+    keycloak: Keycloak;
+};
+/**
+ * Creates a custom authorization guard for Angular routes, enabling fine-grained access control.
+ *
+ * This guard invokes the provided `isAccessAllowed` function to determine if access is permitted
+ * based on the current route, router state, and user's authentication and roles data.
+ *
+ * @template T - The type of the guard function (`CanActivateFn` or `CanActivateChildFn`).
+ * @param isAccessAllowed - A callback function that evaluates access conditions. The function receives:
+ *   - `route`: The current `ActivatedRouteSnapshot` for the route being accessed.
+ *   - `state`: The current `RouterStateSnapshot` representing the router's state.
+ *   - `authData`: An `AuthGuardData` object containing the user's authentication status, roles, and Keycloak instance.
+ * @returns A guard function of type `T` that can be used as a route `canActivate` or `canActivateChild` guard.
+ *
+ * @example
+ * ```ts
+ * import { createAuthGuard } from './auth-guard';
+ * import { Routes } from '@angular/router';
+ *
+ * const isUserAllowed = async (route, state, authData) => {
+ *   const { authenticated, grantedRoles } = authData;
+ *   return authenticated && grantedRoles.realmRoles.includes('admin');
+ * };
+ *
+ * const routes: Routes = [
+ *   {
+ *     path: 'admin',
+ *     canActivate: [createAuthGuard(isUserAllowed)],
+ *     component: AdminComponent,
+ *   },
+ * ];
+ * ```
+ */
+export declare const createAuthGuard: <T extends CanActivateFn | CanActivateChildFn>(isAccessAllowed: (route: ActivatedRouteSnapshot, state: RouterStateSnapshot, authData: AuthGuardData) => Promise<boolean | UrlTree>) => T;
+export {};

package/lib/interceptors/custom-bearer-token.interceptor.d.ts

@@ -0,0 +1,97 @@
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+import Keycloak from 'keycloak-js';
+import { Observable } from 'rxjs';
+import { InjectionToken } from '@angular/core';
+import { HttpEvent, HttpHandlerFn, HttpRequest } from '@angular/common/http';
+import { BearerTokenCondition } from './keycloak.interceptor';
+/**
+ * Defines a custom condition for determining whether a Bearer token should be included
+ * in the `Authorization` header of an outgoing HTTP request.
+ *
+ * This type extends the `BearerTokenCondition` type and adds a dynamic function
+ * (`shouldAddToken`) that evaluates whether the token should be added based on the
+ * request, handler, and Keycloak state.
+ */
+export type CustomBearerTokenCondition = Partial<BearerTokenCondition> & {
+    /**
+     * A function that dynamically determines whether the Bearer token should be included
+     * in the `Authorization` header for a given request.
+     *
+     * This function is asynchronous and receives the following arguments:
+     * - `req`: The `HttpRequest` object representing the current outgoing HTTP request.
+     * - `next`: The `HttpHandlerFn` for forwarding the request to the next handler in the chain.
+     * - `keycloak`: The `Keycloak` instance representing the authentication context.
+     */
+    shouldAddToken: (req: HttpRequest<unknown>, next: HttpHandlerFn, keycloak: Keycloak) => Promise<boolean>;
+};
+/**
+ * Injection token for configuring the `customBearerTokenInterceptor`.
+ *
+ * This injection token holds an array of `CustomBearerTokenCondition` objects, which define
+ * the conditions under which a Bearer token should be included in the `Authorization` header
+ * of outgoing HTTP requests. Each condition provides a `shouldAddToken` function that dynamically
+ * determines whether the token should be added based on the request, handler, and Keycloak state.
+ */
+export declare const CUSTOM_BEARER_TOKEN_INTERCEPTOR_CONFIG: InjectionToken<CustomBearerTokenCondition[]>;
+/**
+ * Custom HTTP Interceptor for dynamically adding a Bearer token to requests based on conditions.
+ *
+ * This interceptor uses a flexible approach where the decision to include a Bearer token in the
+ * `Authorization` HTTP header is determined by a user-provided function (`shouldAddToken`).
+ * This enables a dynamic and granular control over when tokens are added to HTTP requests.
+ *
+ * ### Key Features:
+ * 1. **Dynamic Token Inclusion**: Uses a condition function (`shouldAddToken`) to decide dynamically
+ *    whether to add the token based on the request, Keycloak state, and other factors.
+ * 2. **Token Management**: Optionally refreshes the Keycloak token before adding it to the request.
+ * 3. **Controlled Authorization**: Adds the Bearer token only when the condition function allows
+ *    and the user is authenticated in Keycloak.
+ *
+ * ### Configuration:
+ * The interceptor relies on `CUSTOM_BEARER_TOKEN_INTERCEPTOR_CONFIG`, an injection token that contains
+ * an array of `CustomBearerTokenCondition` objects. Each condition specifies a `shouldAddToken` function
+ * that determines whether to add the Bearer token for a given request.
+ *
+ * ### Workflow:
+ * 1. Reads the conditions from the `CUSTOM_BEARER_TOKEN_INTERCEPTOR_CONFIG` injection token.
+ * 2. Iterates through the conditions and evaluates the `shouldAddToken` function for the request.
+ * 3. If a condition matches:
+ *    - Optionally refreshes the Keycloak token if needed.
+ *    - Adds the Bearer token to the request's `Authorization` header if the user is authenticated.
+ * 4. If no conditions match, the request proceeds unchanged.
+ *
+ * ### Parameters:
+ * @param req - The `HttpRequest` object representing the outgoing HTTP request.
+ * @param next - The `HttpHandlerFn` for passing the request to the next handler in the chain.
+ *
+ * @returns An `Observable<HttpEvent<unknown>>` representing the HTTP response.
+ *
+ * ### Usage Example:
+ * ```typescript
+ * // Define a custom condition to include the token
+ * const customCondition: CustomBearerTokenCondition = {
+ *   shouldAddToken: async (req, next, keycloak) => {
+ *     // Add token only for requests to the /api endpoint
+ *     return req.url.startsWith('/api') && keycloak.authenticated;
+ *   },
+ * };
+ *
+ * // Configure the interceptor with the custom condition
+ * export const appConfig: ApplicationConfig = {
+ *   providers: [
+ *     provideHttpClient(withInterceptors([customBearerTokenInterceptor])),
+ *     {
+ *       provide: CUSTOM_BEARER_TOKEN_INTERCEPTOR_CONFIG,
+ *       useValue: [customCondition],
+ *     },
+ *   ],
+ * };
+ * ```
+ */
+export declare const customBearerTokenInterceptor: (req: HttpRequest<unknown>, next: HttpHandlerFn) => Observable<HttpEvent<unknown>>;

package/lib/interceptors/include-bearer-token.interceptor.d.ts

@@ -0,0 +1,111 @@
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+import { Observable } from 'rxjs';
+import { InjectionToken } from '@angular/core';
+import { HttpEvent, HttpHandlerFn, HttpRequest } from '@angular/common/http';
+import { HttpMethod, BearerTokenCondition } from './keycloak.interceptor';
+/**
+ * Defines the conditions for including the Bearer token in the Authorization HTTP header.
+ */
+export type IncludeBearerTokenCondition = Partial<BearerTokenCondition> & {
+    /**
+     * A URL pattern (as a `RegExp`) used to determine whether the Bearer token should be added
+     * to the Authorization HTTP header for a given request. The Bearer token is only added if
+     * this pattern matches the request's URL.
+     *
+     * This EXPLICIT configuration is for security purposes, ensuring that internal tokens are not
+     * shared with unintended services.
+     */
+    urlPattern: RegExp;
+    /**
+     * An optional array of HTTP methods (`HttpMethod[]`) to further refine the conditions under
+     * which the Bearer token is added. If not provided, the default behavior is to add the token
+     * for all HTTP methods matching the `urlPattern`.
+     */
+    httpMethods?: HttpMethod[];
+};
+/**
+ * Injection token for configuring the `includeBearerTokenInterceptor`, allowing the specification
+ * of conditions under which the Bearer token should be included in HTTP request headers.
+ *
+ * This configuration supports multiple conditions, enabling customization for different URLs.
+ * It also provides options to tailor the Bearer prefix and the Authorization header name as needed.
+ */
+export declare const INCLUDE_BEARER_TOKEN_INTERCEPTOR_CONFIG: InjectionToken<IncludeBearerTokenCondition[]>;
+/**
+ * HTTP Interceptor to include a Bearer token in the Authorization header for specific HTTP requests.
+ *
+ * This interceptor ensures that a Bearer token is added to outgoing HTTP requests based on explicitly
+ * defined conditions. By default, the interceptor does not include the Bearer token unless the request
+ * matches the provided configuration (`IncludeBearerTokenCondition`). This approach enhances security
+ * by preventing sensitive tokens from being unintentionally sent to unauthorized services.
+ *
+ * ### Features:
+ * 1. **Explicit URL Matching**: The interceptor uses regular expressions to match URLs where the Bearer token should be included.
+ * 2. **HTTP Method Filtering**: Optional filtering by HTTP methods (e.g., `GET`, `POST`, `PUT`) to refine the conditions for adding the token.
+ * 3. **Token Management**: Ensures the Keycloak token is valid by optionally refreshing it before attaching it to the request.
+ * 4. **Controlled Authorization**: Sends the token only for requests where the user is authenticated, and the conditions match.
+ *
+ * ### Workflow:
+ * - Reads conditions from `INCLUDE_BEARER_TOKEN_INTERCEPTOR_CONFIG`, which specifies when the Bearer token should be included.
+ * - If a request matches the conditions:
+ *   1. The Keycloak token is refreshed if needed.
+ *   2. The Bearer token is added to the Authorization header.
+ *   3. The modified request is passed to the next handler.
+ * - If no conditions match, the request proceeds unchanged.
+ *
+ * ### Security:
+ * By explicitly defining URL patterns and optional HTTP methods, this interceptor prevents the leakage of tokens
+ * to unintended endpoints, such as third-party APIs or external services. This is especially critical for applications
+ * that interact with both internal and external services.
+ *
+ * @param req - The `HttpRequest` object representing the outgoing HTTP request.
+ * @param next - The `HttpHandlerFn` for passing the request to the next handler in the chain.
+ * @returns An `Observable<HttpEvent<unknown>>` representing the asynchronous HTTP response.
+ *
+ * ### Configuration:
+ * The interceptor relies on `INCLUDE_BEARER_TOKEN_INTERCEPTOR_CONFIG`, an injection token that holds
+ * an array of `IncludeBearerTokenCondition` objects. Each object defines the conditions for including
+ * the Bearer token in the request.
+ *
+ * #### Example Configuration:
+ * ```typescript
+ * provideHttpClient(
+ *   withInterceptors([includeBearerTokenInterceptor]),
+ *   {
+ *     provide: INCLUDE_BEARER_TOKEN_INTERCEPTOR_CONFIG,
+ *     useValue: [
+ *       {
+ *         urlPattern: /^https:\/\/api\.internal\.myapp\.com\/.*\/,
+ *         httpMethods: ['GET', 'POST'], // Add the token only for GET and POST methods
+ *       },
+ *     ],
+ *   }
+ * );
+ * ```
+ *
+ * ### Example Usage:
+ * ```typescript
+ * export const appConfig: ApplicationConfig = {
+ *   providers: [
+ *     provideHttpClient(withInterceptors([includeBearerTokenInterceptor])),
+ *     provideZoneChangeDetection({ eventCoalescing: true }),
+ *     provideRouter(routes),
+ *   ],
+ * };
+ * ```
+ *
+ * ### Example Matching Condition:
+ * ```typescript
+ * {
+ *   urlPattern: /^(https:\/\/internal\.mycompany\.com)(\/.*)?$/i,
+ *   httpMethods: ['GET', 'PUT'], // Optional: Match only specific HTTP methods
+ * }
+ * ```
+ */
+export declare const includeBearerTokenInterceptor: (req: HttpRequest<unknown>, next: HttpHandlerFn) => Observable<HttpEvent<unknown>>;

package/lib/interceptors/keycloak.interceptor.d.ts

@@ -0,0 +1,71 @@
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+import { Observable } from 'rxjs';
+import Keycloak from 'keycloak-js';
+import { HttpEvent, HttpHandlerFn, HttpRequest } from '@angular/common/http';
+/**
+ * Represents the HTTP methods supported by the interceptor for authorization purposes.
+ */
+export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'OPTIONS' | 'HEAD' | 'PATCH';
+/**
+ * Common attributes for the Auth Bearer interceptor that can be reused in other interceptor implementations.
+ */
+export type BearerTokenCondition = {
+    /**
+     * Prefix to be used in the Authorization header. Default is "Bearer".
+     * This will result in a header formatted as: `Authorization: Bearer <token>`.
+     *
+     * Adjust this value if your backend expects a different prefix in the Authorization header.
+     */
+    bearerPrefix?: string;
+    /**
+     * Name of the HTTP header used for authorization. Default is "Authorization".
+     * Customize this value if your backend expects a different header, e.g., "JWT-Authorization".
+     */
+    authorizationHeaderName?: string;
+    /**
+     * Function to determine whether the token should be updated before a request. Default is a function returning true.
+     * If the function returns `true`, the token's validity will be checked and updated if needed.
+     * If it returns `false`, the token update process will be skipped for that request.
+     *
+     * @param request - The current `HttpRequest` object being intercepted.
+     * @returns A boolean indicating whether to update the token.
+     */
+    shouldUpdateToken?: (request: HttpRequest<unknown>) => boolean;
+};
+/**
+ * Generic factory function to create an interceptor condition with default values.
+ *
+ * This utility allows you to define custom interceptor conditions while ensuring that
+ * default values are applied to any missing fields. By using generics, you can enforce
+ * strong typing when creating the fields for the interceptor condition, enhancing type safety.
+ *
+ * @template T - A type that extends `AuthBearerCondition`.
+ * @param value - An object of type `T` (extending `AuthBearerCondition`) to be enhanced with default values.
+ * @returns A new object of type `T` with default values assigned to any undefined properties.
+ */
+export declare const createInterceptorCondition: <T extends BearerTokenCondition>(value: T) => T;
+/**
+ * Conditionally updates the Keycloak token based on the provided request and conditions.
+ *
+ * @param req - The `HttpRequest` object being processed.
+ * @param keycloak - The Keycloak instance managing authentication.
+ * @param condition - An `AuthBearerCondition` object with the `shouldUpdateToken` function.
+ * @returns A `Promise<boolean>` indicating whether the token was successfully updated.
+ */
+export declare const conditionallyUpdateToken: (req: HttpRequest<unknown>, keycloak: Keycloak, { shouldUpdateToken }: BearerTokenCondition) => Promise<boolean>;
+/**
+ * Adds the Authorization header to an HTTP request and forwards it to the next handler.
+ *
+ * @param req - The original `HttpRequest` object.
+ * @param next - The `HttpHandlerFn` function for forwarding the HTTP request.
+ * @param keycloak - The Keycloak instance providing the authentication token.
+ * @param condition - An `AuthBearerCondition` object specifying header configuration.
+ * @returns An `Observable<HttpEvent<unknown>>` representing the HTTP response.
+ */
+export declare const addAuthorizationHeader: (req: HttpRequest<unknown>, next: HttpHandlerFn, keycloak: Keycloak, condition: BearerTokenCondition) => Observable<HttpEvent<unknown>>;

package/lib/{core → legacy/core}/core.module.d.ts

@@ -1,5 +1,10 @@
 import * as i0 from "@angular/core";
 import * as i1 from "@angular/common";
+/**
+ * @deprecated NgModules are deprecated in Keycloak Angular and will be removed in future versions.
+ * Use the new `provideKeycloak` function to load Keycloak in an Angular application.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
+ */
 export declare class CoreModule {
     static ɵfac: i0.ɵɵFactoryDeclaration<CoreModule, never>;
     static ɵmod: i0.ɵɵNgModuleDeclaration<CoreModule, never, [typeof i1.CommonModule], never>;

package/lib/legacy/core/interceptors/keycloak-bearer.interceptor.d.ts

@@ -0,0 +1,53 @@
+import { HttpInterceptor, HttpRequest, HttpHandler, HttpEvent } from '@angular/common/http';
+import { Observable } from 'rxjs';
+import { KeycloakService } from '../services/keycloak.service';
+import * as i0 from "@angular/core";
+/**
+ * This interceptor includes the bearer by default in all HttpClient requests.
+ *
+ * If you need to exclude some URLs from adding the bearer, please, take a look
+ * at the {@link KeycloakOptions} bearerExcludedUrls property.
+ *
+ * @deprecated KeycloakBearerInterceptor is deprecated and will be removed in future versions.
+ * Use the new functional interceptor such as `includeBearerTokenInterceptor`.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
+ */
+export declare class KeycloakBearerInterceptor implements HttpInterceptor {
+    private keycloak;
+    constructor(keycloak: KeycloakService);
+    /**
+     * Calls to update the keycloak token if the request should update the token.
+     *
+     * @param req http request from @angular http module.
+     * @returns
+     * A promise boolean for the token update or noop result.
+     */
+    private conditionallyUpdateToken;
+    /**
+     * @deprecated
+     * Checks if the url is excluded from having the Bearer Authorization
+     * header added.
+     *
+     * @param req http request from @angular http module.
+     * @param excludedUrlRegex contains the url pattern and the http methods,
+     * excluded from adding the bearer at the Http Request.
+     */
+    private isUrlExcluded;
+    /**
+     * Intercept implementation that checks if the request url matches the excludedUrls.
+     * If not, adds the Authorization header to the request if the user is logged in.
+     *
+     * @param req
+     * @param next
+     */
+    intercept(req: HttpRequest<unknown>, next: HttpHandler): Observable<HttpEvent<unknown>>;
+    /**
+     * Adds the token of the current user to the Authorization header
+     *
+     * @param req
+     * @param next
+     */
+    private handleRequestWithTokenHeader;
+    static ɵfac: i0.ɵɵFactoryDeclaration<KeycloakBearerInterceptor, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<KeycloakBearerInterceptor>;
+}

package/lib/legacy/core/interfaces/keycloak-event.d.ts

@@ -0,0 +1,74 @@
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo and contributors.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+/**
+ * Keycloak event types, as described at the keycloak-js documentation:
+ * https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-events
+ *
+ * @deprecated Keycloak Event based on the KeycloakService is deprecated and
+ * will be removed in future versions.
+ * Use the new `KEYCLOAK_EVENT_SIGNAL` injection token to listen for the keycloak
+ * events.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
+ */
+export declare enum KeycloakEventTypeLegacy {
+    /**
+     * Called if there was an error during authentication.
+     */
+    OnAuthError = 0,
+    /**
+     * Called if the user is logged out
+     * (will only be called if the session status iframe is enabled, or in Cordova mode).
+     */
+    OnAuthLogout = 1,
+    /**
+     * Called if there was an error while trying to refresh the token.
+     */
+    OnAuthRefreshError = 2,
+    /**
+     * Called when the token is refreshed.
+     */
+    OnAuthRefreshSuccess = 3,
+    /**
+     * Called when a user is successfully authenticated.
+     */
+    OnAuthSuccess = 4,
+    /**
+     * Called when the adapter is initialized.
+     */
+    OnReady = 5,
+    /**
+     * Called when the access token is expired. If a refresh token is available the token
+     * can be refreshed with updateToken, or in cases where it is not (that is, with implicit flow)
+     * you can redirect to login screen to obtain a new access token.
+     */
+    OnTokenExpired = 6,
+    /**
+     * Called when a AIA has been requested by the application.
+     */
+    OnActionUpdate = 7
+}
+/**
+ * Structure of an event triggered by Keycloak, contains it's type
+ * and arguments (if any).
+ *
+ * @deprecated Keycloak Event based on the KeycloakService is deprecated and
+ * will be removed in future versions.
+ * Use the new `KEYCLOAK_EVENT_SIGNAL` injection token to listen for the keycloak
+ * events.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
+ */
+export interface KeycloakEventLegacy {
+    /**
+     * Event type as described at {@link KeycloakEventTypeLegacy}.
+     */
+    type: KeycloakEventTypeLegacy;
+    /**
+     * Arguments from the keycloak-js event function.
+     */
+    args?: unknown;
+}

package/lib/legacy/core/interfaces/keycloak-options.d.ts

@@ -0,0 +1,146 @@
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo and contributors.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+import { HttpRequest } from '@angular/common/http';
+/**
+ * HTTP Methods
+ *
+ * @deprecated KeycloakBearerInterceptor is deprecated and will be removed in future versions.
+ * Use the new functional interceptor `includeBearerTokenInterceptor`.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
+ */
+export type HttpMethodsLegacy = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'OPTIONS' | 'HEAD' | 'PATCH';
+/**
+ * ExcludedUrl type may be used to specify the url and the HTTP method that
+ * should not be intercepted by the KeycloakBearerInterceptor.
+ *
+ * Example:
+ * const excludedUrl: ExcludedUrl[] = [
+ *  {
+ *    url: 'reports/public'
+ *    httpMethods: ['GET']
+ *  }
+ * ]
+ *
+ * In the example above for URL reports/public and HTTP Method GET the
+ * bearer will not be automatically added.
+ *
+ * If the url is informed but httpMethod is undefined, then the bearer
+ * will not be added for all HTTP Methods.
+ *
+ * @deprecated KeycloakBearerInterceptor is deprecated and will be removed in future versions.
+ * Use the new functional interceptor `includeBearerTokenInterceptor`.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
+ */
+export interface ExcludedUrl {
+    url: string;
+    httpMethods?: HttpMethodsLegacy[];
+}
+/**
+ * Similar to ExcludedUrl, contains the HTTP methods and a regex to
+ * include the url patterns.
+ * This interface is used internally by the KeycloakService.
+ *
+ * @deprecated KeycloakBearerInterceptor is deprecated and will be removed in future versions.
+ * Use the new functional interceptor `includeBearerTokenInterceptor`.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
+ */
+export interface ExcludedUrlRegex {
+    urlPattern: RegExp;
+    httpMethods?: HttpMethodsLegacy[];
+}
+/**
+ * keycloak-angular initialization options.
+ *
+ * @deprecated KeycloakService is deprecated and will be removed in future versions.
+ * Use the new `provideKeycloak` method to load Keycloak in an Angular application.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
+ */
+export interface KeycloakOptions {
+    /**
+     * Configs to init the keycloak-js library. If undefined, will look for a keycloak.json file
+     * at root of the project.
+     * If not undefined, can be a string meaning the url to the keycloak.json file or an object
+     * of {@link Keycloak.KeycloakConfig}. Use this configuration if you want to specify the keycloak server,
+     * realm, clientId. This is usefull if you have different configurations for production, stage
+     * and development environments. Hint: Make use of Angular environment configuration.
+     */
+    config?: string | Keycloak.KeycloakConfig;
+    /**
+     * Options to initialize the Keycloak adapter, matches the options as provided by Keycloak itself.
+     */
+    initOptions?: Keycloak.KeycloakInitOptions;
+    /**
+     * By default all requests made by Angular HttpClient will be intercepted in order to
+     * add the bearer in the Authorization Http Header. However, if this is a not desired
+     * feature, the enableBearerInterceptor must be false.
+     *
+     * Briefly, if enableBearerInterceptor === false, the bearer will not be added
+     * to the authorization header.
+     *
+     * The default value is true.
+     */
+    enableBearerInterceptor?: boolean;
+    /**
+     * Forces the execution of loadUserProfile after the keycloak initialization considering that the
+     * user logged in.
+     * This option is recommended if is desirable to have the user details at the beginning,
+     * so after the login, the loadUserProfile function will be called and its value cached.
+     *
+     * The default value is true.
+     */
+    loadUserProfileAtStartUp?: boolean;
+    /**
+     * @deprecated
+     * String Array to exclude the urls that should not have the Authorization Header automatically
+     * added. This library makes use of Angular Http Interceptor, to automatically add the Bearer
+     * token to the request.
+     */
+    bearerExcludedUrls?: (string | ExcludedUrl)[];
+    /**
+     * This value will be used as the Authorization Http Header name. The default value is
+     * **Authorization**. If the backend expects requests to have a token in a different header, you
+     * should change this value, i.e: **JWT-Authorization**. This will result in a Http Header
+     * Authorization as "JWT-Authorization: bearer <token>".
+     */
+    authorizationHeaderName?: string;
+    /**
+     * This value will be included in the Authorization Http Header param. The default value is
+     * **Bearer**, which will result in a Http Header Authorization as "Authorization: Bearer <token>".
+     *
+     * If any other value is needed by the backend in the authorization header, you should change this
+     * value.
+     *
+     * Warning: this value must be in compliance with the keycloak server instance and the adapter.
+     */
+    bearerPrefix?: string;
+    /**
+     * This value will be used to determine whether or not the token needs to be updated. If the token
+     * will expire is fewer seconds than the updateMinValidity value, then it will be updated.
+     *
+     * The default value is 20.
+     */
+    updateMinValidity?: number;
+    /**
+     * A function that will tell the KeycloakBearerInterceptor whether to add the token to the request
+     * or to leave the request as it is. If the returned value is `true`, the request will have the token
+     * present on it. If it is `false`, the token will be left off the request.
+     *
+     * The default is a function that always returns `true`.
+     */
+    shouldAddToken?: (request: HttpRequest<unknown>) => boolean;
+    /**
+     * A function that will tell the KeycloakBearerInterceptor if the token should be considered for
+     * updating as a part of the request being made. If the returned value is `true`, the request will
+     * check the token's expiry time and if it is less than the number of seconds configured by
+     * updateMinValidity then it will be updated before the request is made. If the returned value is
+     * false, the token will not be updated.
+     *
+     * The default is a function that always returns `true`.
+     */
+    shouldUpdateToken?: (request: HttpRequest<unknown>) => boolean;
+}