keycloak-angular 19.0.2 → 20.0.0

package/lib/legacy/core/interfaces/keycloak-event.d.ts

@@ -1,74 +0,0 @@
-/**
- * @license
- * Copyright Mauricio Gemelli Vigolo and contributors.
- *
- * Use of this source code is governed by a MIT-style license that can be
- * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
- */
-/**
- * Keycloak event types, as described at the keycloak-js documentation:
- * https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-events
- *
- * @deprecated Keycloak Event based on the KeycloakService is deprecated and
- * will be removed in future versions.
- * Use the new `KEYCLOAK_EVENT_SIGNAL` injection token to listen for the keycloak
- * events.
- * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
- */
-export declare enum KeycloakEventTypeLegacy {
-    /**
-     * Called if there was an error during authentication.
-     */
-    OnAuthError = 0,
-    /**
-     * Called if the user is logged out
-     * (will only be called if the session status iframe is enabled, or in Cordova mode).
-     */
-    OnAuthLogout = 1,
-    /**
-     * Called if there was an error while trying to refresh the token.
-     */
-    OnAuthRefreshError = 2,
-    /**
-     * Called when the token is refreshed.
-     */
-    OnAuthRefreshSuccess = 3,
-    /**
-     * Called when a user is successfully authenticated.
-     */
-    OnAuthSuccess = 4,
-    /**
-     * Called when the adapter is initialized.
-     */
-    OnReady = 5,
-    /**
-     * Called when the access token is expired. If a refresh token is available the token
-     * can be refreshed with updateToken, or in cases where it is not (that is, with implicit flow)
-     * you can redirect to login screen to obtain a new access token.
-     */
-    OnTokenExpired = 6,
-    /**
-     * Called when a AIA has been requested by the application.
-     */
-    OnActionUpdate = 7
-}
-/**
- * Structure of an event triggered by Keycloak, contains it's type
- * and arguments (if any).
- *
- * @deprecated Keycloak Event based on the KeycloakService is deprecated and
- * will be removed in future versions.
- * Use the new `KEYCLOAK_EVENT_SIGNAL` injection token to listen for the keycloak
- * events.
- * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
- */
-export interface KeycloakEventLegacy {
-    /**
-     * Event type as described at {@link KeycloakEventTypeLegacy}.
-     */
-    type: KeycloakEventTypeLegacy;
-    /**
-     * Arguments from the keycloak-js event function.
-     */
-    args?: unknown;
-}

package/lib/legacy/core/interfaces/keycloak-options.d.ts

@@ -1,146 +0,0 @@
-/**
- * @license
- * Copyright Mauricio Gemelli Vigolo and contributors.
- *
- * Use of this source code is governed by a MIT-style license that can be
- * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
- */
-import { HttpRequest } from '@angular/common/http';
-/**
- * HTTP Methods
- *
- * @deprecated KeycloakBearerInterceptor is deprecated and will be removed in future versions.
- * Use the new functional interceptor `includeBearerTokenInterceptor`.
- * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
- */
-export type HttpMethodsLegacy = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'OPTIONS' | 'HEAD' | 'PATCH';
-/**
- * ExcludedUrl type may be used to specify the url and the HTTP method that
- * should not be intercepted by the KeycloakBearerInterceptor.
- *
- * Example:
- * const excludedUrl: ExcludedUrl[] = [
- *  {
- *    url: 'reports/public'
- *    httpMethods: ['GET']
- *  }
- * ]
- *
- * In the example above for URL reports/public and HTTP Method GET the
- * bearer will not be automatically added.
- *
- * If the url is informed but httpMethod is undefined, then the bearer
- * will not be added for all HTTP Methods.
- *
- * @deprecated KeycloakBearerInterceptor is deprecated and will be removed in future versions.
- * Use the new functional interceptor `includeBearerTokenInterceptor`.
- * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
- */
-export interface ExcludedUrl {
-    url: string;
-    httpMethods?: HttpMethodsLegacy[];
-}
-/**
- * Similar to ExcludedUrl, contains the HTTP methods and a regex to
- * include the url patterns.
- * This interface is used internally by the KeycloakService.
- *
- * @deprecated KeycloakBearerInterceptor is deprecated and will be removed in future versions.
- * Use the new functional interceptor `includeBearerTokenInterceptor`.
- * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
- */
-export interface ExcludedUrlRegex {
-    urlPattern: RegExp;
-    httpMethods?: HttpMethodsLegacy[];
-}
-/**
- * keycloak-angular initialization options.
- *
- * @deprecated KeycloakService is deprecated and will be removed in future versions.
- * Use the new `provideKeycloak` method to load Keycloak in an Angular application.
- * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
- */
-export interface KeycloakOptions {
-    /**
-     * Configs to init the keycloak-js library. If undefined, will look for a keycloak.json file
-     * at root of the project.
-     * If not undefined, can be a string meaning the url to the keycloak.json file or an object
-     * of {@link Keycloak.KeycloakConfig}. Use this configuration if you want to specify the keycloak server,
-     * realm, clientId. This is usefull if you have different configurations for production, stage
-     * and development environments. Hint: Make use of Angular environment configuration.
-     */
-    config?: string | Keycloak.KeycloakConfig;
-    /**
-     * Options to initialize the Keycloak adapter, matches the options as provided by Keycloak itself.
-     */
-    initOptions?: Keycloak.KeycloakInitOptions;
-    /**
-     * By default all requests made by Angular HttpClient will be intercepted in order to
-     * add the bearer in the Authorization Http Header. However, if this is a not desired
-     * feature, the enableBearerInterceptor must be false.
-     *
-     * Briefly, if enableBearerInterceptor === false, the bearer will not be added
-     * to the authorization header.
-     *
-     * The default value is true.
-     */
-    enableBearerInterceptor?: boolean;
-    /**
-     * Forces the execution of loadUserProfile after the keycloak initialization considering that the
-     * user logged in.
-     * This option is recommended if is desirable to have the user details at the beginning,
-     * so after the login, the loadUserProfile function will be called and its value cached.
-     *
-     * The default value is true.
-     */
-    loadUserProfileAtStartUp?: boolean;
-    /**
-     * @deprecated
-     * String Array to exclude the urls that should not have the Authorization Header automatically
-     * added. This library makes use of Angular Http Interceptor, to automatically add the Bearer
-     * token to the request.
-     */
-    bearerExcludedUrls?: (string | ExcludedUrl)[];
-    /**
-     * This value will be used as the Authorization Http Header name. The default value is
-     * **Authorization**. If the backend expects requests to have a token in a different header, you
-     * should change this value, i.e: **JWT-Authorization**. This will result in a Http Header
-     * Authorization as "JWT-Authorization: bearer <token>".
-     */
-    authorizationHeaderName?: string;
-    /**
-     * This value will be included in the Authorization Http Header param. The default value is
-     * **Bearer**, which will result in a Http Header Authorization as "Authorization: Bearer <token>".
-     *
-     * If any other value is needed by the backend in the authorization header, you should change this
-     * value.
-     *
-     * Warning: this value must be in compliance with the keycloak server instance and the adapter.
-     */
-    bearerPrefix?: string;
-    /**
-     * This value will be used to determine whether or not the token needs to be updated. If the token
-     * will expire is fewer seconds than the updateMinValidity value, then it will be updated.
-     *
-     * The default value is 20.
-     */
-    updateMinValidity?: number;
-    /**
-     * A function that will tell the KeycloakBearerInterceptor whether to add the token to the request
-     * or to leave the request as it is. If the returned value is `true`, the request will have the token
-     * present on it. If it is `false`, the token will be left off the request.
-     *
-     * The default is a function that always returns `true`.
-     */
-    shouldAddToken?: (request: HttpRequest<unknown>) => boolean;
-    /**
-     * A function that will tell the KeycloakBearerInterceptor if the token should be considered for
-     * updating as a part of the request being made. If the returned value is `true`, the request will
-     * check the token's expiry time and if it is less than the number of seconds configured by
-     * updateMinValidity then it will be updated before the request is made. If the returned value is
-     * false, the token will not be updated.
-     *
-     * The default is a function that always returns `true`.
-     */
-    shouldUpdateToken?: (request: HttpRequest<unknown>) => boolean;
-}

package/lib/legacy/core/services/keycloak-auth-guard.d.ts

@@ -1,50 +0,0 @@
-/**
- * @license
- * Copyright Mauricio Gemelli Vigolo and contributors.
- *
- * Use of this source code is governed by a MIT-style license that can be
- * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
- */
-import { CanActivate, Router, ActivatedRouteSnapshot, RouterStateSnapshot, UrlTree } from '@angular/router';
-import { KeycloakService } from './keycloak.service';
-/**
- * A simple guard implementation out of the box. This class should be inherited and
- * implemented by the application. The only method that should be implemented is #isAccessAllowed.
- * The reason for this is that the authorization flow is usually not unique, so in this way you will
- * have more freedom to customize your authorization flow.
- *
- * @deprecated Class based guards are deprecated in Keycloak Angular and will be removed in future versions.
- * Use the new `createAuthGuard` function to create a Guard for your application.
- * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
- */
-export declare abstract class KeycloakAuthGuard implements CanActivate {
-    protected router: Router;
-    protected keycloakAngular: KeycloakService;
-    /**
-     * Indicates if the user is authenticated or not.
-     */
-    protected authenticated: boolean;
-    /**
-     * Roles of the logged user. It contains the clientId and realm user roles.
-     */
-    protected roles: string[];
-    constructor(router: Router, keycloakAngular: KeycloakService);
-    /**
-     * CanActivate checks if the user is logged in and get the full list of roles (REALM + CLIENT)
-     * of the logged user. This values are set to authenticated and roles params.
-     *
-     * @param route
-     * @param state
-     */
-    canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean | UrlTree>;
-    /**
-     * Create your own customized authorization flow in this method. From here you already known
-     * if the user is authenticated (this.authenticated) and the user roles (this.roles).
-     *
-     * Return a UrlTree if the user should be redirected to another route.
-     *
-     * @param route
-     * @param state
-     */
-    abstract isAccessAllowed(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean | UrlTree>;
-}

package/lib/legacy/core/services/keycloak.service.d.ts

@@ -1,316 +0,0 @@
-import { HttpHeaders, HttpRequest } from '@angular/common/http';
-import { Subject } from 'rxjs';
-import { ExcludedUrlRegex, KeycloakOptions } from '../interfaces/keycloak-options';
-import { KeycloakEventLegacy } from '../interfaces/keycloak-event';
-import * as i0 from "@angular/core";
-/**
- * Service to expose existent methods from the Keycloak JS adapter, adding new
- * functionalities to improve the use of keycloak in Angular v > 4.3 applications.
- *
- * This class should be injected in the application bootstrap, so the same instance will be used
- * along the web application.
- *
- * @deprecated This service is deprecated and will be removed in future versions.
- * Use the new `provideKeycloak` function to load Keycloak in an Angular application.
- * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
- */
-export declare class KeycloakService {
-    /**
-     * Keycloak-js instance.
-     */
-    private _instance;
-    /**
-     * User profile as KeycloakProfile interface.
-     */
-    private _userProfile;
-    /**
-     * Flag to indicate if the bearer will not be added to the authorization header.
-     */
-    private _enableBearerInterceptor;
-    /**
-     * When the implicit flow is choosen there must exist a silentRefresh, as there is
-     * no refresh token.
-     */
-    private _silentRefresh;
-    /**
-     * Indicates that the user profile should be loaded at the keycloak initialization,
-     * just after the login.
-     */
-    private _loadUserProfileAtStartUp;
-    /**
-     * The bearer prefix that will be appended to the Authorization Header.
-     */
-    private _bearerPrefix;
-    /**
-     * Value that will be used as the Authorization Http Header name.
-     */
-    private _authorizationHeaderName;
-    /**
-     * @deprecated
-     * The excluded urls patterns that must skip the KeycloakBearerInterceptor.
-     */
-    private _excludedUrls;
-    /**
-     * Observer for the keycloak events
-     */
-    private _keycloakEvents$;
-    /**
-     * The amount of required time remaining before expiry of the token before the token will be refreshed.
-     */
-    private _updateMinValidity;
-    /**
-     * Returns true if the request should have the token added to the headers by the KeycloakBearerInterceptor.
-     */
-    shouldAddToken: (request: HttpRequest<unknown>) => boolean;
-    /**
-     * Returns true if the request being made should potentially update the token.
-     */
-    shouldUpdateToken: (request: HttpRequest<unknown>) => boolean;
-    /**
-     * Binds the keycloak-js events to the keycloakEvents Subject
-     * which is a good way to monitor for changes, if needed.
-     *
-     * The keycloakEvents returns the keycloak-js event type and any
-     * argument if the source function provides any.
-     */
-    private bindsKeycloakEvents;
-    /**
-     * Loads all bearerExcludedUrl content in a uniform type: ExcludedUrl,
-     * so it becomes easier to handle.
-     *
-     * @param bearerExcludedUrls array of strings or ExcludedUrl that includes
-     * the url and HttpMethod.
-     */
-    private loadExcludedUrls;
-    /**
-     * Handles the class values initialization.
-     *
-     * @param options
-     */
-    private initServiceValues;
-    /**
-     * Keycloak initialization. It should be called to initialize the adapter.
-     * Options is an object with 2 main parameters: config and initOptions. The first one
-     * will be used to create the Keycloak instance. The second one are options to initialize the
-     * keycloak instance.
-     *
-     * @param options
-     * Config: may be a string representing the keycloak URI or an object with the
-     * following content:
-     * - url: Keycloak json URL
-     * - realm: realm name
-     * - clientId: client id
-     *
-     * initOptions:
-     * Options to initialize the Keycloak adapter, matches the options as provided by Keycloak itself.
-     *
-     * enableBearerInterceptor:
-     * Flag to indicate if the bearer will added to the authorization header.
-     *
-     * loadUserProfileInStartUp:
-     * Indicates that the user profile should be loaded at the keycloak initialization,
-     * just after the login.
-     *
-     * bearerExcludedUrls:
-     * String Array to exclude the urls that should not have the Authorization Header automatically
-     * added.
-     *
-     * authorizationHeaderName:
-     * This value will be used as the Authorization Http Header name.
-     *
-     * bearerPrefix:
-     * This value will be included in the Authorization Http Header param.
-     *
-     * tokenUpdateExcludedHeaders:
-     * Array of Http Header key/value maps that should not trigger the token to be updated.
-     *
-     * updateMinValidity:
-     * This value determines if the token will be refreshed based on its expiration time.
-     *
-     * @returns
-     * A Promise with a boolean indicating if the initialization was successful.
-     */
-    init(options?: KeycloakOptions): Promise<boolean>;
-    /**
-     * Redirects to login form on (options is an optional object with redirectUri and/or
-     * prompt fields).
-     *
-     * @param options
-     * Object, where:
-     *  - redirectUri: Specifies the uri to redirect to after login.
-     *  - prompt:By default the login screen is displayed if the user is not logged-in to Keycloak.
-     * To only authenticate to the application if the user is already logged-in and not display the
-     * login page if the user is not logged-in, set this option to none. To always require
-     * re-authentication and ignore SSO, set this option to login .
-     *  - maxAge: Used just if user is already authenticated. Specifies maximum time since the
-     * authentication of user happened. If user is already authenticated for longer time than
-     * maxAge, the SSO is ignored and he will need to re-authenticate again.
-     *  - loginHint: Used to pre-fill the username/email field on the login form.
-     *  - action: If value is 'register' then user is redirected to registration page, otherwise to
-     * login page.
-     *  - locale: Specifies the desired locale for the UI.
-     * @returns
-     * A void Promise if the login is successful and after the user profile loading.
-     */
-    login(options?: Keycloak.KeycloakLoginOptions): Promise<void>;
-    /**
-     * Redirects to logout.
-     *
-     * @param redirectUri
-     * Specifies the uri to redirect to after logout.
-     * @returns
-     * A void Promise if the logout was successful, cleaning also the userProfile.
-     */
-    logout(redirectUri?: string): Promise<void>;
-    /**
-     * Redirects to registration form. Shortcut for login with option
-     * action = 'register'. Options are same as for the login method but 'action' is set to
-     * 'register'.
-     *
-     * @param options
-     * login options
-     * @returns
-     * A void Promise if the register flow was successful.
-     */
-    register(options?: Keycloak.KeycloakLoginOptions): Promise<void>;
-    /**
-     * Check if the user has access to the specified role. It will look for roles in
-     * realm and the given resource, but will not check if the user is logged in for better performance.
-     *
-     * @param role
-     * role name
-     * @param resource
-     * resource name. If not specified, `clientId` is used
-     * @returns
-     * A boolean meaning if the user has the specified Role.
-     */
-    isUserInRole(role: string, resource?: string): boolean;
-    /**
-     * Return the roles of the logged user. The realmRoles parameter, with default value
-     * true, will return the resource roles and realm roles associated with the logged user. If set to false
-     * it will only return the resource roles. The resource parameter, if specified, will return only resource roles
-     * associated with the given resource.
-     *
-     * @param realmRoles
-     * Set to false to exclude realm roles (only client roles)
-     * @param resource
-     * resource name If not specified, returns roles from all resources
-     * @returns
-     * Array of Roles associated with the logged user.
-     */
-    getUserRoles(realmRoles?: boolean, resource?: string): string[];
-    /**
-     * Check if user is logged in.
-     *
-     * @returns
-     * A boolean that indicates if the user is logged in.
-     */
-    isLoggedIn(): boolean;
-    /**
-     * Returns true if the token has less than minValidity seconds left before
-     * it expires.
-     *
-     * @param minValidity
-     * Seconds left. (minValidity) is optional. Default value is 0.
-     * @returns
-     * Boolean indicating if the token is expired.
-     */
-    isTokenExpired(minValidity?: number): boolean;
-    /**
-     * If the token expires within _updateMinValidity seconds the token is refreshed. If the
-     * session status iframe is enabled, the session status is also checked.
-     * Returns a promise telling if the token was refreshed or not. If the session is not active
-     * anymore, the promise is rejected.
-     *
-     * @param minValidity
-     * Seconds left. (minValidity is optional, if not specified updateMinValidity - default 20 is used)
-     * @returns
-     * Promise with a boolean indicating if the token was succesfully updated.
-     */
-    updateToken(minValidity?: number): Promise<boolean>;
-    /**
-     * Loads the user profile.
-     * Returns promise to set functions to be invoked if the profile was loaded
-     * successfully, or if the profile could not be loaded.
-     *
-     * @param forceReload
-     * If true will force the loadUserProfile even if its already loaded.
-     * @returns
-     * A promise with the KeycloakProfile data loaded.
-     */
-    loadUserProfile(forceReload?: boolean): Promise<import("keycloak-js").KeycloakProfile>;
-    /**
-     * Returns the authenticated token.
-     */
-    getToken(): Promise<string>;
-    /**
-     * Returns the logged username.
-     *
-     * @returns
-     * The logged username.
-     */
-    getUsername(): string;
-    /**
-     * Clear authentication state, including tokens. This can be useful if application
-     * has detected the session was expired, for example if updating token fails.
-     * Invoking this results in onAuthLogout callback listener being invoked.
-     */
-    clearToken(): void;
-    /**
-     * Adds a valid token in header. The key & value format is:
-     * Authorization Bearer <token>.
-     * If the headers param is undefined it will create the Angular headers object.
-     *
-     * @param headers
-     * Updated header with Authorization and Keycloak token.
-     * @returns
-     * An observable with with the HTTP Authorization header and the current token.
-     */
-    addTokenToHeader(headers?: HttpHeaders): import("rxjs").Observable<HttpHeaders>;
-    /**
-     * Returns the original Keycloak instance, if you need any customization that
-     * this Angular service does not support yet. Use with caution.
-     *
-     * @returns
-     * The KeycloakInstance from keycloak-js.
-     */
-    getKeycloakInstance(): Keycloak.KeycloakInstance;
-    /**
-     * @deprecated
-     * Returns the excluded URLs that should not be considered by
-     * the http interceptor which automatically adds the authorization header in the Http Request.
-     *
-     * @returns
-     * The excluded urls that must not be intercepted by the KeycloakBearerInterceptor.
-     */
-    get excludedUrls(): ExcludedUrlRegex[];
-    /**
-     * Flag to indicate if the bearer will be added to the authorization header.
-     *
-     * @returns
-     * Returns if the bearer interceptor was set to be disabled.
-     */
-    get enableBearerInterceptor(): boolean;
-    /**
-     * Keycloak subject to monitor the events triggered by keycloak-js.
-     * The following events as available (as described at keycloak docs -
-     * https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-events):
-     * - OnAuthError
-     * - OnAuthLogout
-     * - OnAuthRefreshError
-     * - OnAuthRefreshSuccess
-     * - OnAuthSuccess
-     * - OnReady
-     * - OnTokenExpire
-     * In each occurrence of any of these, this subject will return the event type,
-     * described at {@link KeycloakEventTypeLegacy} enum and the function args from the keycloak-js
-     * if provided any.
-     *
-     * @returns
-     * A subject with the {@link KeycloakEventLegacy} which describes the event type and attaches the
-     * function args.
-     */
-    get keycloakEvents$(): Subject<KeycloakEventLegacy>;
-    static ɵfac: i0.ɵɵFactoryDeclaration<KeycloakService, never>;
-    static ɵprov: i0.ɵɵInjectableDeclaration<KeycloakService>;
-}

package/lib/legacy/keycloak-angular.module.d.ts

@@ -1,12 +0,0 @@
-import * as i0 from "@angular/core";
-import * as i1 from "./core/core.module";
-/**
- * @deprecated NgModules are deprecated in Keycloak Angular and will be removed in future versions.
- * Use the new `provideKeycloak` function to load Keycloak in an Angular application.
- * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md
- */
-export declare class KeycloakAngularModule {
-    static ɵfac: i0.ɵɵFactoryDeclaration<KeycloakAngularModule, never>;
-    static ɵmod: i0.ɵɵNgModuleDeclaration<KeycloakAngularModule, never, [typeof i1.CoreModule], never>;
-    static ɵinj: i0.ɵɵInjectorDeclaration<KeycloakAngularModule>;
-}

package/lib/legacy/public_api.d.ts

@@ -1,14 +0,0 @@
-/**
- * @license
- * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
- *
- * Use of this source code is governed by a MIT-style license that can be
- * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
- */
-export { KeycloakEventLegacy, KeycloakEventTypeLegacy } from './core/interfaces/keycloak-event';
-export { KeycloakOptions } from './core/interfaces/keycloak-options';
-export { KeycloakAuthGuard } from './core/services/keycloak-auth-guard';
-export { KeycloakService } from './core/services/keycloak.service';
-export { KeycloakBearerInterceptor } from './core/interceptors/keycloak-bearer.interceptor';
-export { CoreModule } from './core/core.module';
-export { KeycloakAngularModule } from './keycloak-angular.module';