npm - keycloak-angular - Versions diffs - 19.0.2 → 20.1.0 - Mend

keycloak-angular 19.0.2 → 20.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/README.md +39 -2
package/fesm2022/keycloak-angular.mjs +101 -62
package/fesm2022/keycloak-angular.mjs.map +1 -1
package/index.d.ts +1534 -3
package/package.json +5 -4
package/lib/directives/has-roles.directive.d.ts +0 -95
package/lib/features/keycloak.feature.d.ts +0 -43
package/lib/features/with-refresh-token.feature.d.ts +0 -66
package/lib/guards/auth.guard.d.ts +0 -75
package/lib/interceptors/custom-bearer-token.interceptor.d.ts +0 -97
package/lib/interceptors/include-bearer-token.interceptor.d.ts +0 -111
package/lib/interceptors/keycloak.interceptor.d.ts +0 -71
package/lib/legacy/core/core.module.d.ts +0 -12
package/lib/legacy/core/interceptors/keycloak-bearer.interceptor.d.ts +0 -53
package/lib/legacy/core/interfaces/keycloak-event.d.ts +0 -74
package/lib/legacy/core/interfaces/keycloak-options.d.ts +0 -146
package/lib/legacy/core/services/keycloak-auth-guard.d.ts +0 -50
package/lib/legacy/core/services/keycloak.service.d.ts +0 -316
package/lib/legacy/keycloak-angular.module.d.ts +0 -12
package/lib/legacy/public_api.d.ts +0 -14
package/lib/provide-keycloak.d.ts +0 -74
package/lib/services/auto-refresh-token.service.d.ts +0 -47
package/lib/services/user-activity.service.d.ts +0 -66
package/lib/signals/keycloak-events-signal.d.ts +0 -118
package/public_api.d.ts +0 -19

package/index.d.ts CHANGED Viewed

@@ -1,5 +1,1536 @@
+import { HttpRequest, HttpHeaders, HttpInterceptor, HttpHandler, HttpEvent, HttpHandlerFn } from '@angular/common/http';
+import { CanActivate, Router, ActivatedRouteSnapshot, RouterStateSnapshot, UrlTree, CanActivateFn, CanActivateChildFn } from '@angular/router';
+import * as rxjs from 'rxjs';
+import { Subject, Observable } from 'rxjs';
+import * as Keycloak$1 from 'keycloak-js';
+import Keycloak__default, { KeycloakLogoutOptions, KeycloakLoginOptions, KeycloakError, KeycloakConfig, KeycloakInitOptions } from 'keycloak-js';
+import * as i0 from '@angular/core';
+import { OnChanges, InjectionToken, OnDestroy, Signal, Provider, EnvironmentProviders } from '@angular/core';
+import * as i1 from '@angular/common';
 /**
- * Generated bundle index. Do not edit.
+ * @license
+ * Copyright Mauricio Gemelli Vigolo and contributors.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
  */
-/// <amd-module name="keycloak-angular" />
-export * from './public_api';
+/**
+ * Keycloak event types, as described at the keycloak-js documentation:
+ * https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-events
+ *
+ * @deprecated Keycloak Event based on the KeycloakService is deprecated and
+ * will be removed in future versions.
+ * Use the new `KEYCLOAK_EVENT_SIGNAL` injection token to listen for the keycloak
+ * events.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/migration-guides/v19.md
+ */
+declare enum KeycloakEventTypeLegacy {
+    /**
+     * Called if there was an error during authentication.
+     */
+    OnAuthError = 0,
+    /**
+     * Called if the user is logged out
+     * (will only be called if the session status iframe is enabled, or in Cordova mode).
+     */
+    OnAuthLogout = 1,
+    /**
+     * Called if there was an error while trying to refresh the token.
+     */
+    OnAuthRefreshError = 2,
+    /**
+     * Called when the token is refreshed.
+     */
+    OnAuthRefreshSuccess = 3,
+    /**
+     * Called when a user is successfully authenticated.
+     */
+    OnAuthSuccess = 4,
+    /**
+     * Called when the adapter is initialized.
+     */
+    OnReady = 5,
+    /**
+     * Called when the access token is expired. If a refresh token is available the token
+     * can be refreshed with updateToken, or in cases where it is not (that is, with implicit flow)
+     * you can redirect to login screen to obtain a new access token.
+     */
+    OnTokenExpired = 6,
+    /**
+     * Called when a AIA has been requested by the application.
+     */
+    OnActionUpdate = 7
+}
+/**
+ * Structure of an event triggered by Keycloak, contains it's type
+ * and arguments (if any).
+ *
+ * @deprecated Keycloak Event based on the KeycloakService is deprecated and
+ * will be removed in future versions.
+ * Use the new `KEYCLOAK_EVENT_SIGNAL` injection token to listen for the keycloak
+ * events.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/migration-guides/v19.md
+ */
+interface KeycloakEventLegacy {
+    /**
+     * Event type as described at {@link KeycloakEventTypeLegacy}.
+     */
+    type: KeycloakEventTypeLegacy;
+    /**
+     * Arguments from the keycloak-js event function.
+     */
+    args?: unknown;
+}
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo and contributors.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+/**
+ * HTTP Methods
+ *
+ * @deprecated KeycloakBearerInterceptor is deprecated and will be removed in future versions.
+ * Use the new functional interceptor `includeBearerTokenInterceptor`.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/migration-guides/v19.md
+ */
+type HttpMethodsLegacy = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'OPTIONS' | 'HEAD' | 'PATCH';
+/**
+ * ExcludedUrl type may be used to specify the url and the HTTP method that
+ * should not be intercepted by the KeycloakBearerInterceptor.
+ *
+ * Example:
+ * const excludedUrl: ExcludedUrl[] = [
+ *  {
+ *    url: 'reports/public'
+ *    httpMethods: ['GET']
+ *  }
+ * ]
+ *
+ * In the example above for URL reports/public and HTTP Method GET the
+ * bearer will not be automatically added.
+ *
+ * If the url is informed but httpMethod is undefined, then the bearer
+ * will not be added for all HTTP Methods.
+ *
+ * @deprecated KeycloakBearerInterceptor is deprecated and will be removed in future versions.
+ * Use the new functional interceptor `includeBearerTokenInterceptor`.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/migration-guides/v19.md
+ */
+interface ExcludedUrl {
+    url: string;
+    httpMethods?: HttpMethodsLegacy[];
+}
+/**
+ * Similar to ExcludedUrl, contains the HTTP methods and a regex to
+ * include the url patterns.
+ * This interface is used internally by the KeycloakService.
+ *
+ * @deprecated KeycloakBearerInterceptor is deprecated and will be removed in future versions.
+ * Use the new functional interceptor `includeBearerTokenInterceptor`.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/migration-guides/v19.md
+ */
+interface ExcludedUrlRegex {
+    urlPattern: RegExp;
+    httpMethods?: HttpMethodsLegacy[];
+}
+/**
+ * keycloak-angular initialization options.
+ *
+ * @deprecated KeycloakService is deprecated and will be removed in future versions.
+ * Use the new `provideKeycloak` method to load Keycloak in an Angular application.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/migration-guides/v19.md
+ */
+interface KeycloakOptions {
+    /**
+     * Configs to init the keycloak-js library. If undefined, will look for a keycloak.json file
+     * at root of the project.
+     * If not undefined, can be a string meaning the url to the keycloak.json file or an object
+     * of {@link Keycloak.KeycloakConfig}. Use this configuration if you want to specify the keycloak server,
+     * realm, clientId. This is usefull if you have different configurations for production, stage
+     * and development environments. Hint: Make use of Angular environment configuration.
+     */
+    config?: string | Keycloak.KeycloakConfig;
+    /**
+     * Options to initialize the Keycloak adapter, matches the options as provided by Keycloak itself.
+     */
+    initOptions?: Keycloak.KeycloakInitOptions;
+    /**
+     * By default all requests made by Angular HttpClient will be intercepted in order to
+     * add the bearer in the Authorization Http Header. However, if this is a not desired
+     * feature, the enableBearerInterceptor must be false.
+     *
+     * Briefly, if enableBearerInterceptor === false, the bearer will not be added
+     * to the authorization header.
+     *
+     * The default value is true.
+     */
+    enableBearerInterceptor?: boolean;
+    /**
+     * Forces the execution of loadUserProfile after the keycloak initialization considering that the
+     * user logged in.
+     * This option is recommended if is desirable to have the user details at the beginning,
+     * so after the login, the loadUserProfile function will be called and its value cached.
+     *
+     * The default value is true.
+     */
+    loadUserProfileAtStartUp?: boolean;
+    /**
+     * @deprecated
+     * String Array to exclude the urls that should not have the Authorization Header automatically
+     * added. This library makes use of Angular Http Interceptor, to automatically add the Bearer
+     * token to the request.
+     */
+    bearerExcludedUrls?: (string | ExcludedUrl)[];
+    /**
+     * This value will be used as the Authorization Http Header name. The default value is
+     * **Authorization**. If the backend expects requests to have a token in a different header, you
+     * should change this value, i.e: **JWT-Authorization**. This will result in a Http Header
+     * Authorization as "JWT-Authorization: bearer <token>".
+     */
+    authorizationHeaderName?: string;
+    /**
+     * This value will be included in the Authorization Http Header param. The default value is
+     * **Bearer**, which will result in a Http Header Authorization as "Authorization: Bearer <token>".
+     *
+     * If any other value is needed by the backend in the authorization header, you should change this
+     * value.
+     *
+     * Warning: this value must be in compliance with the keycloak server instance and the adapter.
+     */
+    bearerPrefix?: string;
+    /**
+     * This value will be used to determine whether or not the token needs to be updated. If the token
+     * will expire is fewer seconds than the updateMinValidity value, then it will be updated.
+     *
+     * The default value is 20.
+     */
+    updateMinValidity?: number;
+    /**
+     * A function that will tell the KeycloakBearerInterceptor whether to add the token to the request
+     * or to leave the request as it is. If the returned value is `true`, the request will have the token
+     * present on it. If it is `false`, the token will be left off the request.
+     *
+     * The default is a function that always returns `true`.
+     */
+    shouldAddToken?: (request: HttpRequest<unknown>) => boolean;
+    /**
+     * A function that will tell the KeycloakBearerInterceptor if the token should be considered for
+     * updating as a part of the request being made. If the returned value is `true`, the request will
+     * check the token's expiry time and if it is less than the number of seconds configured by
+     * updateMinValidity then it will be updated before the request is made. If the returned value is
+     * false, the token will not be updated.
+     *
+     * The default is a function that always returns `true`.
+     */
+    shouldUpdateToken?: (request: HttpRequest<unknown>) => boolean;
+}
+/**
+ * Service to expose existent methods from the Keycloak JS adapter, adding new
+ * functionalities to improve the use of keycloak in Angular v > 4.3 applications.
+ *
+ * This class should be injected in the application bootstrap, so the same instance will be used
+ * along the web application.
+ *
+ * @deprecated This service is deprecated and will be removed in future versions.
+ * Use the new `provideKeycloak` function to load Keycloak in an Angular application.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/migration-guides/v19.md
+ */
+declare class KeycloakService {
+    /**
+     * Keycloak-js instance.
+     */
+    private _instance;
+    /**
+     * User profile as KeycloakProfile interface.
+     */
+    private _userProfile;
+    /**
+     * Flag to indicate if the bearer will not be added to the authorization header.
+     */
+    private _enableBearerInterceptor;
+    /**
+     * When the implicit flow is choosen there must exist a silentRefresh, as there is
+     * no refresh token.
+     */
+    private _silentRefresh;
+    /**
+     * Indicates that the user profile should be loaded at the keycloak initialization,
+     * just after the login.
+     */
+    private _loadUserProfileAtStartUp;
+    /**
+     * The bearer prefix that will be appended to the Authorization Header.
+     */
+    private _bearerPrefix;
+    /**
+     * Value that will be used as the Authorization Http Header name.
+     */
+    private _authorizationHeaderName;
+    /**
+     * @deprecated
+     * The excluded urls patterns that must skip the KeycloakBearerInterceptor.
+     */
+    private _excludedUrls;
+    /**
+     * Observer for the keycloak events
+     */
+    private _keycloakEvents$;
+    /**
+     * The amount of required time remaining before expiry of the token before the token will be refreshed.
+     */
+    private _updateMinValidity;
+    /**
+     * Returns true if the request should have the token added to the headers by the KeycloakBearerInterceptor.
+     */
+    shouldAddToken: (request: HttpRequest<unknown>) => boolean;
+    /**
+     * Returns true if the request being made should potentially update the token.
+     */
+    shouldUpdateToken: (request: HttpRequest<unknown>) => boolean;
+    /**
+     * Binds the keycloak-js events to the keycloakEvents Subject
+     * which is a good way to monitor for changes, if needed.
+     *
+     * The keycloakEvents returns the keycloak-js event type and any
+     * argument if the source function provides any.
+     */
+    private bindsKeycloakEvents;
+    /**
+     * Loads all bearerExcludedUrl content in a uniform type: ExcludedUrl,
+     * so it becomes easier to handle.
+     *
+     * @param bearerExcludedUrls array of strings or ExcludedUrl that includes
+     * the url and HttpMethod.
+     */
+    private loadExcludedUrls;
+    /**
+     * Handles the class values initialization.
+     *
+     * @param options
+     */
+    private initServiceValues;
+    /**
+     * Keycloak initialization. It should be called to initialize the adapter.
+     * Options is an object with 2 main parameters: config and initOptions. The first one
+     * will be used to create the Keycloak instance. The second one are options to initialize the
+     * keycloak instance.
+     *
+     * @param options
+     * Config: may be a string representing the keycloak URI or an object with the
+     * following content:
+     * - url: Keycloak json URL
+     * - realm: realm name
+     * - clientId: client id
+     *
+     * initOptions:
+     * Options to initialize the Keycloak adapter, matches the options as provided by Keycloak itself.
+     *
+     * enableBearerInterceptor:
+     * Flag to indicate if the bearer will added to the authorization header.
+     *
+     * loadUserProfileInStartUp:
+     * Indicates that the user profile should be loaded at the keycloak initialization,
+     * just after the login.
+     *
+     * bearerExcludedUrls:
+     * String Array to exclude the urls that should not have the Authorization Header automatically
+     * added.
+     *
+     * authorizationHeaderName:
+     * This value will be used as the Authorization Http Header name.
+     *
+     * bearerPrefix:
+     * This value will be included in the Authorization Http Header param.
+     *
+     * tokenUpdateExcludedHeaders:
+     * Array of Http Header key/value maps that should not trigger the token to be updated.
+     *
+     * updateMinValidity:
+     * This value determines if the token will be refreshed based on its expiration time.
+     *
+     * @returns
+     * A Promise with a boolean indicating if the initialization was successful.
+     */
+    init(options?: KeycloakOptions): Promise<boolean>;
+    /**
+     * Redirects to login form on (options is an optional object with redirectUri and/or
+     * prompt fields).
+     *
+     * @param options
+     * Object, where:
+     *  - redirectUri: Specifies the uri to redirect to after login.
+     *  - prompt:By default the login screen is displayed if the user is not logged-in to Keycloak.
+     * To only authenticate to the application if the user is already logged-in and not display the
+     * login page if the user is not logged-in, set this option to none. To always require
+     * re-authentication and ignore SSO, set this option to login .
+     *  - maxAge: Used just if user is already authenticated. Specifies maximum time since the
+     * authentication of user happened. If user is already authenticated for longer time than
+     * maxAge, the SSO is ignored and he will need to re-authenticate again.
+     *  - loginHint: Used to pre-fill the username/email field on the login form.
+     *  - action: If value is 'register' then user is redirected to registration page, otherwise to
+     * login page.
+     *  - locale: Specifies the desired locale for the UI.
+     * @returns
+     * A void Promise if the login is successful and after the user profile loading.
+     */
+    login(options?: Keycloak.KeycloakLoginOptions): Promise<void>;
+    /**
+     * Redirects to logout.
+     *
+     * @param redirectUri
+     * Specifies the uri to redirect to after logout.
+     * @returns
+     * A void Promise if the logout was successful, cleaning also the userProfile.
+     */
+    logout(redirectUri?: string): Promise<void>;
+    /**
+     * Redirects to registration form. Shortcut for login with option
+     * action = 'register'. Options are same as for the login method but 'action' is set to
+     * 'register'.
+     *
+     * @param options
+     * login options
+     * @returns
+     * A void Promise if the register flow was successful.
+     */
+    register(options?: Keycloak.KeycloakLoginOptions): Promise<void>;
+    /**
+     * Check if the user has access to the specified role. It will look for roles in
+     * realm and the given resource, but will not check if the user is logged in for better performance.
+     *
+     * @param role
+     * role name
+     * @param resource
+     * resource name. If not specified, `clientId` is used
+     * @returns
+     * A boolean meaning if the user has the specified Role.
+     */
+    isUserInRole(role: string, resource?: string): boolean;
+    /**
+     * Return the roles of the logged user. The realmRoles parameter, with default value
+     * true, will return the resource roles and realm roles associated with the logged user. If set to false
+     * it will only return the resource roles. The resource parameter, if specified, will return only resource roles
+     * associated with the given resource.
+     *
+     * @param realmRoles
+     * Set to false to exclude realm roles (only client roles)
+     * @param resource
+     * resource name If not specified, returns roles from all resources
+     * @returns
+     * Array of Roles associated with the logged user.
+     */
+    getUserRoles(realmRoles?: boolean, resource?: string): string[];
+    /**
+     * Check if user is logged in.
+     *
+     * @returns
+     * A boolean that indicates if the user is logged in.
+     */
+    isLoggedIn(): boolean;
+    /**
+     * Returns true if the token has less than minValidity seconds left before
+     * it expires.
+     *
+     * @param minValidity
+     * Seconds left. (minValidity) is optional. Default value is 0.
+     * @returns
+     * Boolean indicating if the token is expired.
+     */
+    isTokenExpired(minValidity?: number): boolean;
+    /**
+     * If the token expires within _updateMinValidity seconds the token is refreshed. If the
+     * session status iframe is enabled, the session status is also checked.
+     * Returns a promise telling if the token was refreshed or not. If the session is not active
+     * anymore, the promise is rejected.
+     *
+     * @param minValidity
+     * Seconds left. (minValidity is optional, if not specified updateMinValidity - default 20 is used)
+     * @returns
+     * Promise with a boolean indicating if the token was succesfully updated.
+     */
+    updateToken(minValidity?: number): Promise<boolean>;
+    /**
+     * Loads the user profile.
+     * Returns promise to set functions to be invoked if the profile was loaded
+     * successfully, or if the profile could not be loaded.
+     *
+     * @param forceReload
+     * If true will force the loadUserProfile even if its already loaded.
+     * @returns
+     * A promise with the KeycloakProfile data loaded.
+     */
+    loadUserProfile(forceReload?: boolean): Promise<Keycloak$1.KeycloakProfile>;
+    /**
+     * Returns the authenticated token.
+     */
+    getToken(): Promise<string>;
+    /**
+     * Returns the logged username.
+     *
+     * @returns
+     * The logged username.
+     */
+    getUsername(): string;
+    /**
+     * Clear authentication state, including tokens. This can be useful if application
+     * has detected the session was expired, for example if updating token fails.
+     * Invoking this results in onAuthLogout callback listener being invoked.
+     */
+    clearToken(): void;
+    /**
+     * Adds a valid token in header. The key & value format is:
+     * Authorization Bearer <token>.
+     * If the headers param is undefined it will create the Angular headers object.
+     *
+     * @param headers
+     * Updated header with Authorization and Keycloak token.
+     * @returns
+     * An observable with with the HTTP Authorization header and the current token.
+     */
+    addTokenToHeader(headers?: HttpHeaders): rxjs.Observable<HttpHeaders>;
+    /**
+     * Returns the original Keycloak instance, if you need any customization that
+     * this Angular service does not support yet. Use with caution.
+     *
+     * @returns
+     * The KeycloakInstance from keycloak-js.
+     */
+    getKeycloakInstance(): Keycloak.KeycloakInstance;
+    /**
+     * @deprecated
+     * Returns the excluded URLs that should not be considered by
+     * the http interceptor which automatically adds the authorization header in the Http Request.
+     *
+     * @returns
+     * The excluded urls that must not be intercepted by the KeycloakBearerInterceptor.
+     */
+    get excludedUrls(): ExcludedUrlRegex[];
+    /**
+     * Flag to indicate if the bearer will be added to the authorization header.
+     *
+     * @returns
+     * Returns if the bearer interceptor was set to be disabled.
+     */
+    get enableBearerInterceptor(): boolean;
+    /**
+     * Keycloak subject to monitor the events triggered by keycloak-js.
+     * The following events as available (as described at keycloak docs -
+     * https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-events):
+     * - OnAuthError
+     * - OnAuthLogout
+     * - OnAuthRefreshError
+     * - OnAuthRefreshSuccess
+     * - OnAuthSuccess
+     * - OnReady
+     * - OnTokenExpire
+     * In each occurrence of any of these, this subject will return the event type,
+     * described at {@link KeycloakEventTypeLegacy} enum and the function args from the keycloak-js
+     * if provided any.
+     *
+     * @returns
+     * A subject with the {@link KeycloakEventLegacy} which describes the event type and attaches the
+     * function args.
+     */
+    get keycloakEvents$(): Subject<KeycloakEventLegacy>;
+    static ɵfac: i0.ɵɵFactoryDeclaration<KeycloakService, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<KeycloakService>;
+}
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo and contributors.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+/**
+ * A simple guard implementation out of the box. This class should be inherited and
+ * implemented by the application. The only method that should be implemented is #isAccessAllowed.
+ * The reason for this is that the authorization flow is usually not unique, so in this way you will
+ * have more freedom to customize your authorization flow.
+ *
+ * @deprecated Class based guards are deprecated in Keycloak Angular and will be removed in future versions.
+ * Use the new `createAuthGuard` function to create a Guard for your application.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/migration-guides/v19.md
+ */
+declare abstract class KeycloakAuthGuard implements CanActivate {
+    protected router: Router;
+    protected keycloakAngular: KeycloakService;
+    /**
+     * Indicates if the user is authenticated or not.
+     */
+    protected authenticated: boolean;
+    /**
+     * Roles of the logged user. It contains the clientId and realm user roles.
+     */
+    protected roles: string[];
+    constructor(router: Router, keycloakAngular: KeycloakService);
+    /**
+     * CanActivate checks if the user is logged in and get the full list of roles (REALM + CLIENT)
+     * of the logged user. This values are set to authenticated and roles params.
+     *
+     * @param route
+     * @param state
+     */
+    canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean | UrlTree>;
+    /**
+     * Create your own customized authorization flow in this method. From here you already known
+     * if the user is authenticated (this.authenticated) and the user roles (this.roles).
+     *
+     * Return a UrlTree if the user should be redirected to another route.
+     *
+     * @param route
+     * @param state
+     */
+    abstract isAccessAllowed(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean | UrlTree>;
+}
+/**
+ * This interceptor includes the bearer by default in all HttpClient requests.
+ *
+ * If you need to exclude some URLs from adding the bearer, please, take a look
+ * at the {@link KeycloakOptions} bearerExcludedUrls property.
+ *
+ * @deprecated KeycloakBearerInterceptor is deprecated and will be removed in future versions.
+ * Use the new functional interceptor such as `includeBearerTokenInterceptor`.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/migration-guides/v19.md
+ */
+declare class KeycloakBearerInterceptor implements HttpInterceptor {
+    private keycloak;
+    /**
+     * Calls to update the keycloak token if the request should update the token.
+     *
+     * @param req http request from @angular http module.
+     * @returns
+     * A promise boolean for the token update or noop result.
+     */
+    private conditionallyUpdateToken;
+    /**
+     * @deprecated
+     * Checks if the url is excluded from having the Bearer Authorization
+     * header added.
+     *
+     * @param req http request from @angular http module.
+     * @param excludedUrlRegex contains the url pattern and the http methods,
+     * excluded from adding the bearer at the Http Request.
+     */
+    private isUrlExcluded;
+    /**
+     * Intercept implementation that checks if the request url matches the excludedUrls.
+     * If not, adds the Authorization header to the request if the user is logged in.
+     *
+     * @param req
+     * @param next
+     */
+    intercept(req: HttpRequest<unknown>, next: HttpHandler): Observable<HttpEvent<unknown>>;
+    /**
+     * Adds the token of the current user to the Authorization header
+     *
+     * @param req
+     * @param next
+     */
+    private handleRequestWithTokenHeader;
+    static ɵfac: i0.ɵɵFactoryDeclaration<KeycloakBearerInterceptor, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<KeycloakBearerInterceptor>;
+}
+/**
+ * @deprecated NgModules are deprecated in Keycloak Angular and will be removed in future versions.
+ * Use the new `provideKeycloak` function to load Keycloak in an Angular application.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/migration-guides/v19.md
+ */
+declare class CoreModule {
+    static ɵfac: i0.ɵɵFactoryDeclaration<CoreModule, never>;
+    static ɵmod: i0.ɵɵNgModuleDeclaration<CoreModule, never, [typeof i1.CommonModule], never>;
+    static ɵinj: i0.ɵɵInjectorDeclaration<CoreModule>;
+}
+/**
+ * @deprecated NgModules are deprecated in Keycloak Angular and will be removed in future versions.
+ * Use the new `provideKeycloak` function to load Keycloak in an Angular application.
+ * More info: https://github.com/mauriciovigolo/keycloak-angular/blob/main/docs/migration-guides/v19.md
+ */
+declare class KeycloakAngularModule {
+    static ɵfac: i0.ɵɵFactoryDeclaration<KeycloakAngularModule, never>;
+    static ɵmod: i0.ɵɵNgModuleDeclaration<KeycloakAngularModule, never, [typeof CoreModule], never>;
+    static ɵinj: i0.ɵɵInjectorDeclaration<KeycloakAngularModule>;
+}
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+/**
+ * Structural directive to conditionally display elements based on Keycloak user roles.
+ *
+ * This directive checks if the authenticated user has at least one of the specified roles.
+ * Roles can be validated against a specific **resource (client ID)** or the **realm**.
+ *
+ * ### Features:
+ * - Supports role checking in both **resources (client-level roles)** and the **realm**.
+ * - Accepts an array of roles to match.
+ * - Optional configuration to check realm-level roles.
+ *
+ * ### Inputs:
+ * - `kaHasRoles` (Required): Array of roles to validate.
+ * - `resource` (Optional): The client ID or resource name to validate resource-level roles.
+ * - `checkRealm` (Optional): A boolean flag to enable realm role validation (default is `false`).
+ *
+ * ### Requirements:
+ * - A Keycloak instance must be injected via Angular's dependency injection.
+ * - The user must be authenticated in Keycloak.
+ *
+ * @example
+ * #### Example 1: Check for Global Realm Roles
+ * Show the content only if the user has the `admin` or `editor` role in the realm.
+ * ```html
+ * <div *kaHasRoles="['admin', 'editor']; checkRealm:true">
+ *   <p>This content is visible only to users with 'admin' or 'editor' realm roles.</p>
+ * </div>
+ * ```
+ *
+ * @example
+ * #### Example 2: Check for Resource Roles
+ * Show the content only if the user has the `read` or `write` role for a specific resource (`my-client`).
+ * ```html
+ * <div *kaHasRoles="['read', 'write']; resource:'my-client'">
+ *   <p>This content is visible only to users with 'read' or 'write' roles for 'my-client'.</p>
+ * </div>
+ * ```
+ *
+ * @example
+ * #### Example 3: Check for Both Resource and Realm Roles
+ * Show the content if the user has the roles in either the realm or a resource.
+ * ```html
+ * <div *kaHasRoles="['admin', 'write']; resource:'my-client' checkRealm:true">
+ *   <p>This content is visible to users with 'admin' in the realm or 'write' in 'my-client'.</p>
+ * </div>
+ * ```
+ *
+ * @example
+ * #### Example 4: Fallback Content When Roles Do Not Match
+ * Use an `<ng-template>` to display fallback content if the user lacks the required roles.
+ * ```html
+ * <div *kaHasRoles="['admin']; resource:'my-client'">
+ *   <p>Welcome, Admin!</p>
+ * </div>
+ * <ng-template #noAccess>
+ *   <p>Access Denied</p>
+ * </ng-template>
+ * ```
+ */
+declare class HasRolesDirective implements OnChanges {
+    private templateRef;
+    private viewContainer;
+    private keycloak;
+    /**
+     * List of roles to validate against the resource or realm.
+     */
+    roles: string[];
+    /**
+     * The resource (client ID) to validate roles against.
+     */
+    resource?: string;
+    /**
+     * Flag to enable realm-level role validation.
+     */
+    checkRealm: boolean;
+    constructor();
+    /**
+     * Here to reevaluate access when inputs change.
+     */
+    ngOnChanges(): void;
+    /**
+     * Clear the view and render it if user has access.
+     */
+    private render;
+    /**
+     * Checks if the user has at least one of the specified roles in the resource or realm.
+     * @returns True if the user has access, false otherwise.
+     */
+    private checkUserRoles;
+    static ɵfac: i0.ɵɵFactoryDeclaration<HasRolesDirective, never>;
+    static ɵdir: i0.ɵɵDirectiveDeclaration<HasRolesDirective, "[kaHasRoles]", never, { "roles": { "alias": "kaHasRoles"; "required": false; }; "resource": { "alias": "kaHasRolesResource"; "required": false; }; "checkRealm": { "alias": "kaHasRolesCheckRealm"; "required": false; }; }, {}, never, never, true, never>;
+}
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+/**
+ * Represents a feature from keycloak-angular that can be configured during the library initialization.
+ *
+ * This type defines the structure of a feature that includes a `configure` method,
+ * which is responsible for setting up or initializing the feature's behavior or properties
+ * related to Keycloak.
+ *
+ * ### Usage:
+ * The `KeycloakFeature` type is typically used for defining modular, reusable Keycloak
+ * features that can be dynamically configured and integrated into an application.
+ *
+ * @property {() => void} configure - A method that initializes or configures the feature.
+ * This method is invoked to perform any setup or customization required for the feature.
+ *
+ * ### Example:
+ * ```typescript
+ * const withLoggingFeature: KeycloakFeature = {
+ *   configure: () => {
+ *     console.log('Configuring Keycloak logging feature');
+ *   },
+ * };
+ *
+ * const withAnalyticsFeature: KeycloakFeature = {
+ *   configure: () => {
+ *     console.log('Configuring Keycloak analytics feature');
+ *   },
+ * };
+ *
+ * // Configure and initialize features
+ * withLoggingFeature.configure();
+ * withAnalyticsFeature.configure();
+ * ```
+ */
+type KeycloakFeature = {
+    configure: () => void;
+};
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+/**
+ * Options for configuring the auto-refresh token feature.
+ *
+ * This type defines the configuration parameters for enabling auto-refresh
+ * of Keycloak tokens and handling session inactivity scenarios.
+ */
+type WithRefreshTokenOptions = {
+    /**
+     * The session timeout duration in milliseconds. This specifies the time
+     * of inactivity after which the session is considered expired.
+     *
+     * Default value: `300000` milliseconds (5 minutes).
+     */
+    sessionTimeout?: number;
+    /**
+     * Action to take when the session timeout due to inactivity occurs.
+     *
+     * - `'login'`: Execute the `keycloak.login` method.
+     * - `'logout'`: Logs the user out by calling the `keycloak.logout` method.
+     * - `'none'`: Takes no action on session timeout.
+     *
+     * Default value: `'logout'`.
+     */
+    onInactivityTimeout?: 'login' | 'logout' | 'none';
+    /**
+     * Logout options to pass to keycloak.logout when the user is getting logged out automatically after timout.
+     *
+     * Default value: undefined
+     */
+    logoutOptions?: KeycloakLogoutOptions;
+    /**
+     * Login options to pass to keycloak.login when the user is getting logged in automatically after timeout.
+     *
+     * Default value: undefined
+     */
+    loginOptions?: KeycloakLoginOptions;
+};
+/**
+ * Enables automatic token refresh and session inactivity handling for a
+ * Keycloak-enabled Angular application.
+ *
+ * This function initializes a service that tracks user interactions, such as
+ * mouse movements, touches, key presses, clicks, and scrolls. If user activity
+ * is detected, it periodically calls `Keycloak.updateToken` to ensure the bearer
+ * token remains valid and does not expire.
+ *
+ * If the session remains inactive beyond the defined `sessionTimeout`, the
+ * specified action (`logout`, `login`, or `none`) will be executed. By default,
+ * the service will call `keycloak.logout` upon inactivity timeout.
+ *
+ * Event tracking uses RxJS observables with a debounce of 300 milliseconds to
+ * monitor user interactions. When the Keycloak `OnTokenExpired` event occurs,
+ * the service checks the user's last activity timestamp. If the user has been
+ * active within the session timeout period, it refreshes the token using `updateToken`.
+ *
+ *
+ * @param options - Configuration options for the auto-refresh token feature.
+ *   - `sessionTimeout` (optional): The duration in milliseconds after which
+ *     the session is considered inactive. Defaults to `300000` (5 minutes).
+ *   - `onInactivityTimeout` (optional): The action to take when session inactivity
+ *     exceeds the specified timeout. Defaults to `'logout'`.
+ *       - `'login'`: Execute `keycloak.login` function.
+ *       - `'logout'`: Logs the user out by calling `keycloak.logout`.
+ *       - `'none'`: No action is taken.
+ *   - `logoutOptions` (optional): Logout options to pass to keycloak.logout
+ *     when the user is getting logged out automatically after timout.
+ *   - `loginOptions` (optional): Login options to pass to keycloak.login
+ *     when the user is getting logged in automatically after timout.
+ *
+ * @returns A `KeycloakFeature` instance that configures and enables the
+ * auto-refresh token functionality.
+ */
+declare function withAutoRefreshToken(options?: WithRefreshTokenOptions): KeycloakFeature;
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+/**
+ * Type representing the roles granted to a user, including both realm and resource-level roles.
+ */
+type Roles = {
+    /**
+     * Roles assigned at the realm level.
+     */
+    realmRoles: string[];
+    /**
+     * Roles assigned at the resource level, organized by resource name.
+     */
+    resourceRoles: {
+        [resource: string]: string[];
+    };
+};
+/**
+ * Data structure passed to the custom authorization guard to determine access.
+ */
+type AuthGuardData = {
+    /**
+     * Indicates whether the user is currently authenticated.
+     */
+    authenticated: boolean;
+    /**
+     * A collection of roles granted to the user, including both realm and resource roles.
+     */
+    grantedRoles: Roles;
+    /**
+     * The Keycloak instance managing the user's session and access.
+     */
+    keycloak: Keycloak__default;
+};
+/**
+ * Creates a custom authorization guard for Angular routes, enabling fine-grained access control.
+ *
+ * This guard invokes the provided `isAccessAllowed` function to determine if access is permitted
+ * based on the current route, router state, and user's authentication and roles data.
+ *
+ * @template T - The type of the guard function (`CanActivateFn` or `CanActivateChildFn`).
+ * @param isAccessAllowed - A callback function that evaluates access conditions. The function receives:
+ *   - `route`: The current `ActivatedRouteSnapshot` for the route being accessed.
+ *   - `state`: The current `RouterStateSnapshot` representing the router's state.
+ *   - `authData`: An `AuthGuardData` object containing the user's authentication status, roles, and Keycloak instance.
+ * @returns A guard function of type `T` that can be used as a route `canActivate` or `canActivateChild` guard.
+ *
+ * @example
+ * ```ts
+ * import { createAuthGuard } from './auth-guard';
+ * import { Routes } from '@angular/router';
+ *
+ * const isUserAllowed = async (route, state, authData) => {
+ *   const { authenticated, grantedRoles } = authData;
+ *   return authenticated && grantedRoles.realmRoles.includes('admin');
+ * };
+ *
+ * const routes: Routes = [
+ *   {
+ *     path: 'admin',
+ *     canActivate: [createAuthGuard(isUserAllowed)],
+ *     component: AdminComponent,
+ *   },
+ * ];
+ * ```
+ */
+declare const createAuthGuard: <T extends CanActivateFn | CanActivateChildFn>(isAccessAllowed: (route: ActivatedRouteSnapshot, state: RouterStateSnapshot, authData: AuthGuardData) => Promise<boolean | UrlTree>) => T;
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+/**
+ * Represents the HTTP methods supported by the interceptor for authorization purposes.
+ */
+type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'OPTIONS' | 'HEAD' | 'PATCH';
+/**
+ * Common attributes for the Auth Bearer interceptor that can be reused in other interceptor implementations.
+ */
+type BearerTokenCondition = {
+    /**
+     * Prefix to be used in the Authorization header. Default is "Bearer".
+     * This will result in a header formatted as: `Authorization: Bearer <token>`.
+     *
+     * Adjust this value if your backend expects a different prefix in the Authorization header.
+     */
+    bearerPrefix?: string;
+    /**
+     * Name of the HTTP header used for authorization. Default is "Authorization".
+     * Customize this value if your backend expects a different header, e.g., "JWT-Authorization".
+     */
+    authorizationHeaderName?: string;
+    /**
+     * Function to determine whether the token should be updated before a request. Default is a function returning true.
+     * If the function returns `true`, the token's validity will be checked and updated if needed.
+     * If it returns `false`, the token update process will be skipped for that request.
+     *
+     * @param request - The current `HttpRequest` object being intercepted.
+     * @returns A boolean indicating whether to update the token.
+     */
+    shouldUpdateToken?: (request: HttpRequest<unknown>) => boolean;
+};
+/**
+ * Generic factory function to create an interceptor condition with default values.
+ *
+ * This utility allows you to define custom interceptor conditions while ensuring that
+ * default values are applied to any missing fields. By using generics, you can enforce
+ * strong typing when creating the fields for the interceptor condition, enhancing type safety.
+ *
+ * @template T - A type that extends `AuthBearerCondition`.
+ * @param value - An object of type `T` (extending `AuthBearerCondition`) to be enhanced with default values.
+ * @returns A new object of type `T` with default values assigned to any undefined properties.
+ */
+declare const createInterceptorCondition: <T extends BearerTokenCondition>(value: T) => T;
+/**
+ * Conditionally updates the Keycloak token based on the provided request and conditions.
+ *
+ * @param req - The `HttpRequest` object being processed.
+ * @param keycloak - The Keycloak instance managing authentication.
+ * @param condition - An `AuthBearerCondition` object with the `shouldUpdateToken` function.
+ * @returns A `Promise<boolean>` indicating whether the token was successfully updated.
+ */
+declare const conditionallyUpdateToken: (req: HttpRequest<unknown>, keycloak: Keycloak__default, { shouldUpdateToken }: BearerTokenCondition) => Promise<boolean>;
+/**
+ * Adds the Authorization header to an HTTP request and forwards it to the next handler.
+ *
+ * @param req - The original `HttpRequest` object.
+ * @param next - The `HttpHandlerFn` function for forwarding the HTTP request.
+ * @param keycloak - The Keycloak instance providing the authentication token.
+ * @param condition - An `AuthBearerCondition` object specifying header configuration.
+ * @returns An `Observable<HttpEvent<unknown>>` representing the HTTP response.
+ */
+declare const addAuthorizationHeader: (req: HttpRequest<unknown>, next: HttpHandlerFn, keycloak: Keycloak__default, condition: BearerTokenCondition) => Observable<HttpEvent<unknown>>;
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+/**
+ * Defines a custom condition for determining whether a Bearer token should be included
+ * in the `Authorization` header of an outgoing HTTP request.
+ *
+ * This type extends the `BearerTokenCondition` type and adds a dynamic function
+ * (`shouldAddToken`) that evaluates whether the token should be added based on the
+ * request, handler, and Keycloak state.
+ */
+type CustomBearerTokenCondition = Partial<BearerTokenCondition> & {
+    /**
+     * A function that dynamically determines whether the Bearer token should be included
+     * in the `Authorization` header for a given request.
+     *
+     * This function is asynchronous and receives the following arguments:
+     * - `req`: The `HttpRequest` object representing the current outgoing HTTP request.
+     * - `next`: The `HttpHandlerFn` for forwarding the request to the next handler in the chain.
+     * - `keycloak`: The `Keycloak` instance representing the authentication context.
+     */
+    shouldAddToken: (req: HttpRequest<unknown>, next: HttpHandlerFn, keycloak: Keycloak__default) => Promise<boolean>;
+};
+/**
+ * Injection token for configuring the `customBearerTokenInterceptor`.
+ *
+ * This injection token holds an array of `CustomBearerTokenCondition` objects, which define
+ * the conditions under which a Bearer token should be included in the `Authorization` header
+ * of outgoing HTTP requests. Each condition provides a `shouldAddToken` function that dynamically
+ * determines whether the token should be added based on the request, handler, and Keycloak state.
+ */
+declare const CUSTOM_BEARER_TOKEN_INTERCEPTOR_CONFIG: InjectionToken<CustomBearerTokenCondition[]>;
+/**
+ * Custom HTTP Interceptor for dynamically adding a Bearer token to requests based on conditions.
+ *
+ * This interceptor uses a flexible approach where the decision to include a Bearer token in the
+ * `Authorization` HTTP header is determined by a user-provided function (`shouldAddToken`).
+ * This enables a dynamic and granular control over when tokens are added to HTTP requests.
+ *
+ * ### Key Features:
+ * 1. **Dynamic Token Inclusion**: Uses a condition function (`shouldAddToken`) to decide dynamically
+ *    whether to add the token based on the request, Keycloak state, and other factors.
+ * 2. **Token Management**: Optionally refreshes the Keycloak token before adding it to the request.
+ * 3. **Controlled Authorization**: Adds the Bearer token only when the condition function allows
+ *    and the user is authenticated in Keycloak.
+ *
+ * ### Configuration:
+ * The interceptor relies on `CUSTOM_BEARER_TOKEN_INTERCEPTOR_CONFIG`, an injection token that contains
+ * an array of `CustomBearerTokenCondition` objects. Each condition specifies a `shouldAddToken` function
+ * that determines whether to add the Bearer token for a given request.
+ *
+ * ### Workflow:
+ * 1. Reads the conditions from the `CUSTOM_BEARER_TOKEN_INTERCEPTOR_CONFIG` injection token.
+ * 2. Iterates through the conditions and evaluates the `shouldAddToken` function for the request.
+ * 3. If a condition matches:
+ *    - Optionally refreshes the Keycloak token if needed.
+ *    - Adds the Bearer token to the request's `Authorization` header if the user is authenticated.
+ * 4. If no conditions match, the request proceeds unchanged.
+ *
+ * ### Parameters:
+ * @param req - The `HttpRequest` object representing the outgoing HTTP request.
+ * @param next - The `HttpHandlerFn` for passing the request to the next handler in the chain.
+ *
+ * @returns An `Observable<HttpEvent<unknown>>` representing the HTTP response.
+ *
+ * ### Usage Example:
+ * ```typescript
+ * // Define a custom condition to include the token
+ * const customCondition: CustomBearerTokenCondition = {
+ *   shouldAddToken: async (req, next, keycloak) => {
+ *     // Add token only for requests to the /api endpoint
+ *     return req.url.startsWith('/api') && keycloak.authenticated;
+ *   },
+ * };
+ *
+ * // Configure the interceptor with the custom condition
+ * export const appConfig: ApplicationConfig = {
+ *   providers: [
+ *     provideHttpClient(withInterceptors([customBearerTokenInterceptor])),
+ *     {
+ *       provide: CUSTOM_BEARER_TOKEN_INTERCEPTOR_CONFIG,
+ *       useValue: [customCondition],
+ *     },
+ *   ],
+ * };
+ * ```
+ */
+declare const customBearerTokenInterceptor: (req: HttpRequest<unknown>, next: HttpHandlerFn) => Observable<HttpEvent<unknown>>;
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+/**
+ * Defines the conditions for including the Bearer token in the Authorization HTTP header.
+ */
+type IncludeBearerTokenCondition = Partial<BearerTokenCondition> & {
+    /**
+     * A URL pattern (as a `RegExp`) used to determine whether the Bearer token should be added
+     * to the Authorization HTTP header for a given request. The Bearer token is only added if
+     * this pattern matches the request's URL.
+     *
+     * This EXPLICIT configuration is for security purposes, ensuring that internal tokens are not
+     * shared with unintended services.
+     */
+    urlPattern: RegExp;
+    /**
+     * An optional array of HTTP methods (`HttpMethod[]`) to further refine the conditions under
+     * which the Bearer token is added. If not provided, the default behavior is to add the token
+     * for all HTTP methods matching the `urlPattern`.
+     */
+    httpMethods?: HttpMethod[];
+};
+/**
+ * Injection token for configuring the `includeBearerTokenInterceptor`, allowing the specification
+ * of conditions under which the Bearer token should be included in HTTP request headers.
+ *
+ * This configuration supports multiple conditions, enabling customization for different URLs.
+ * It also provides options to tailor the Bearer prefix and the Authorization header name as needed.
+ */
+declare const INCLUDE_BEARER_TOKEN_INTERCEPTOR_CONFIG: InjectionToken<IncludeBearerTokenCondition[]>;
+/**
+ * HTTP Interceptor to include a Bearer token in the Authorization header for specific HTTP requests.
+ *
+ * This interceptor ensures that a Bearer token is added to outgoing HTTP requests based on explicitly
+ * defined conditions. By default, the interceptor does not include the Bearer token unless the request
+ * matches the provided configuration (`IncludeBearerTokenCondition`). This approach enhances security
+ * by preventing sensitive tokens from being unintentionally sent to unauthorized services.
+ *
+ * ### Features:
+ * 1. **Explicit URL Matching**: The interceptor uses regular expressions to match URLs where the Bearer token should be included.
+ * 2. **HTTP Method Filtering**: Optional filtering by HTTP methods (e.g., `GET`, `POST`, `PUT`) to refine the conditions for adding the token.
+ * 3. **Token Management**: Ensures the Keycloak token is valid by optionally refreshing it before attaching it to the request.
+ * 4. **Controlled Authorization**: Sends the token only for requests where the user is authenticated, and the conditions match.
+ *
+ * ### Workflow:
+ * - Reads conditions from `INCLUDE_BEARER_TOKEN_INTERCEPTOR_CONFIG`, which specifies when the Bearer token should be included.
+ * - If a request matches the conditions:
+ *   1. The Keycloak token is refreshed if needed.
+ *   2. The Bearer token is added to the Authorization header.
+ *   3. The modified request is passed to the next handler.
+ * - If no conditions match, the request proceeds unchanged.
+ *
+ * ### Security:
+ * By explicitly defining URL patterns and optional HTTP methods, this interceptor prevents the leakage of tokens
+ * to unintended endpoints, such as third-party APIs or external services. This is especially critical for applications
+ * that interact with both internal and external services.
+ *
+ * @param req - The `HttpRequest` object representing the outgoing HTTP request.
+ * @param next - The `HttpHandlerFn` for passing the request to the next handler in the chain.
+ * @returns An `Observable<HttpEvent<unknown>>` representing the asynchronous HTTP response.
+ *
+ * ### Configuration:
+ * The interceptor relies on `INCLUDE_BEARER_TOKEN_INTERCEPTOR_CONFIG`, an injection token that holds
+ * an array of `IncludeBearerTokenCondition` objects. Each object defines the conditions for including
+ * the Bearer token in the request.
+ *
+ * #### Example Configuration:
+ * ```typescript
+ * provideHttpClient(
+ *   withInterceptors([includeBearerTokenInterceptor]),
+ *   {
+ *     provide: INCLUDE_BEARER_TOKEN_INTERCEPTOR_CONFIG,
+ *     useValue: [
+ *       {
+ *         urlPattern: /^https:\/\/api\.internal\.myapp\.com\/.*\/,
+ *         httpMethods: ['GET', 'POST'], // Add the token only for GET and POST methods
+ *       },
+ *     ],
+ *   }
+ * );
+ * ```
+ *
+ * ### Example Usage:
+ * ```typescript
+ * export const appConfig: ApplicationConfig = {
+ *   providers: [
+ *     provideHttpClient(withInterceptors([includeBearerTokenInterceptor])),
+ *     provideZoneChangeDetection({ eventCoalescing: true }),
+ *     provideRouter(routes),
+ *   ],
+ * };
+ * ```
+ *
+ * ### Example Matching Condition:
+ * ```typescript
+ * {
+ *   urlPattern: /^(https:\/\/internal\.mycompany\.com)(\/.*)?$/i,
+ *   httpMethods: ['GET', 'PUT'], // Optional: Match only specific HTTP methods
+ * }
+ * ```
+ */
+declare const includeBearerTokenInterceptor: (req: HttpRequest<unknown>, next: HttpHandlerFn) => Observable<HttpEvent<unknown>>;
+/**
+ * Service to monitor user activity in an Angular application.
+ * Tracks user interactions (e.g., mouse movement, touch, key presses, clicks, and scrolls)
+ * and updates the last activity timestamp. Consumers can check for user inactivity
+ * based on a configurable timeout.
+ *
+ * The service is supposed to be used in the client context and for safety, it checks during the startup
+ * if it is a browser context.
+ */
+declare class UserActivityService implements OnDestroy {
+    private ngZone;
+    /**
+     * Signal to store the timestamp of the last user activity.
+     * The timestamp is represented as the number of milliseconds since epoch.
+     */
+    private lastActivity;
+    /**
+     * Subject to signal the destruction of the service.
+     * Used to clean up RxJS subscriptions.
+     */
+    private destroy$;
+    /**
+     * Computed signal to expose the last user activity as a read-only signal.
+     */
+    readonly lastActivitySignal: i0.Signal<number>;
+    /**
+     * Starts monitoring user activity events (`mousemove`, `touchstart`, `keydown`, `click`, `scroll`)
+     * and updates the last activity timestamp using RxJS with debounce.
+     * The events are processed outside Angular zone for performance optimization.
+     */
+    startMonitoring(): void;
+    /**
+     * Updates the last activity timestamp to the current time.
+     * This method runs inside Angular's zone to ensure reactivity with Angular signals.
+     */
+    private updateLastActivity;
+    /**
+     * Retrieves the timestamp of the last recorded user activity.
+     * @returns {number} The last activity timestamp in milliseconds since epoch.
+     */
+    get lastActivityTime(): number;
+    /**
+     * Determines whether the user interacted with the application, meaning it is activily using the application, based on
+     * the specified duration.
+     * @param timeout - The inactivity timeout in milliseconds.
+     * @returns {boolean} `true` if the user is inactive, otherwise `false`.
+     */
+    isActive(timeout: number): boolean;
+    /**
+     * Cleans up RxJS subscriptions and resources when the service is destroyed.
+     * This method is automatically called by Angular when the service is removed.
+     */
+    ngOnDestroy(): void;
+    static ɵfac: i0.ɵɵFactoryDeclaration<UserActivityService, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<UserActivityService>;
+}
+/**
+ * Configuration options for the `AutoRefreshTokenService`.
+ */
+type AutoRefreshTokenOptions = {
+    /**
+     * Maximum allowed inactivity duration in milliseconds before
+     * the session times out. Default is `300000`.
+     */
+    sessionTimeout?: number;
+    /**
+     * Action to take when the session times out due to inactivity.
+     * Options are:
+     * - `'login'`: Redirect to the Keycloak login page.
+     * - `'logout'`: Log the user out of the session.
+     * - `'none'`: Do nothing.
+     * Default is `'logout'`.
+     */
+    onInactivityTimeout?: 'login' | 'logout' | 'none';
+    /**
+     * Logout options to pass to keycloak.logout when the user is getting logged out automatically after timout.
+     *
+     * Default value: undefined
+     */
+    logoutOptions?: KeycloakLogoutOptions;
+    /**
+     * Login options to pass to keycloak.login when the user is getting logged in automatically after timeout.
+     *
+     * Default value: undefined
+     */
+    loginOptions?: KeycloakLoginOptions;
+};
+/**
+ * Service to automatically manage the Keycloak token refresh process
+ * based on user activity and token expiration events. This service
+ * integrates with Keycloak for session management and interacts with
+ * user activity monitoring to determine the appropriate action when
+ * the token expires.
+ *
+ * The service listens to `KeycloakSignal` for token-related events
+ * (e.g., `TokenExpired`) and provides configurable options for
+ * session timeout and inactivity handling.
+ */
+declare class AutoRefreshTokenService {
+    private readonly keycloak;
+    private readonly userActivity;
+    private options;
+    private initialized;
+    constructor();
+    private get defaultOptions();
+    private executeOnInactivityTimeout;
+    private processTokenExpiredEvent;
+    start(options?: AutoRefreshTokenOptions): void;
+    static ɵfac: i0.ɵɵFactoryDeclaration<AutoRefreshTokenService, never>;
+    static ɵprov: i0.ɵɵInjectableDeclaration<AutoRefreshTokenService>;
+}
+/**
+ * Keycloak event types, as described at the keycloak-js documentation:
+ * https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-events
+ */
+declare enum KeycloakEventType {
+    /**
+     * Keycloak Angular is not initialized yet. This is the initial state applied to the Keycloak Event Signal.
+     * Note: This event is only emitted in Keycloak Angular, it is not part of the keycloak-js.
+     */
+    KeycloakAngularNotInitialized = "KeycloakAngularNotInitialized",
+    /**
+     * Keycloak Angular is in the process of initializing the providers and Keycloak Instance.
+     * Note: This event is only emitted in Keycloak Angular, it is not part of the keycloak-js.
+     */
+    KeycloakAngularInit = "KeycloakAngularInit",
+    /**
+     * Triggered if there is an error during authentication.
+     */
+    AuthError = "AuthError",
+    /**
+     * Triggered when the user logs out. This event will only be triggered
+     * if the session status iframe is enabled or in Cordova mode.
+     */
+    AuthLogout = "AuthLogout",
+    /**
+     * Triggered if an error occurs while attempting to refresh the token.
+     */
+    AuthRefreshError = "AuthRefreshError",
+    /**
+     * Triggered when the token is successfully refreshed.
+     */
+    AuthRefreshSuccess = "AuthRefreshSuccess",
+    /**
+     * Triggered when a user is successfully authenticated.
+     */
+    AuthSuccess = "AuthSuccess",
+    /**
+     * Triggered when the Keycloak adapter has completed initialization.
+     */
+    Ready = "Ready",
+    /**
+     * Triggered when the access token expires. Depending on the flow, you may
+     * need to use `updateToken` to refresh the token or redirect the user
+     * to the login screen.
+     */
+    TokenExpired = "TokenExpired",
+    /**
+     * Triggered when an authentication action is requested by the application.
+     */
+    ActionUpdate = "ActionUpdate"
+}
+/**
+ * Arguments for the `Ready` event, representing the authentication state.
+ */
+type ReadyArgs = boolean;
+/**
+ * Arguments for the `ActionUpdate` event, providing information about the status
+ * and optional details about the action.
+ */
+type ActionUpdateArgs = {
+    /**
+     * Status of the action, indicating whether it was successful, encountered an error,
+     * or was cancelled.
+     */
+    status: 'success' | 'error' | 'cancelled';
+    /**
+     * Optional name or identifier of the action performed.
+     */
+    action?: string;
+};
+/**
+ * Arguments for the `AuthError` event, providing detailed error information.
+ */
+type AuthErrorArgs = KeycloakError;
+type EventArgs = ReadyArgs | ActionUpdateArgs | AuthErrorArgs;
+/**
+ * Helper function to typecast unknown arguments into a specific Keycloak event type.
+ *
+ * @template T - The expected argument type.
+ * @param args - The arguments to be cast.
+ * @returns The arguments typed as `T`.
+ */
+declare const typeEventArgs: <T extends EventArgs>(args: unknown) => T;
+/**
+ * Structure of a Keycloak event, including its type and optional arguments.
+ */
+interface KeycloakEvent {
+    /**
+     * Event type as described at {@link KeycloakEventType}.
+     */
+    type: KeycloakEventType;
+    /**
+     * Arguments from the keycloak-js event function.
+     */
+    args?: unknown;
+}
+/**
+ * Creates a signal to manage Keycloak events, initializing the signal with
+ * appropriate default values or values from a given Keycloak instance.
+ *
+ * @param keycloak - An instance of the Keycloak client.
+ * @returns A `Signal` that tracks the current Keycloak event state.
+ */
+declare const createKeycloakSignal: (keycloak?: Keycloak__default) => i0.WritableSignal<KeycloakEvent>;
+/**
+ * Injection token for the Keycloak events signal, used for dependency injection.
+ */
+declare const KEYCLOAK_EVENT_SIGNAL: InjectionToken<Signal<KeycloakEvent>>;
+/**
+ * @license
+ * Copyright Mauricio Gemelli Vigolo All Rights Reserved.
+ *
+ * Use of this source code is governed by a MIT-style license that can be
+ * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md
+ */
+/**
+ * Options for configuring Keycloak and additional providers.
+ */
+type ProvideKeycloakOptions = {
+    /**
+     * Keycloak configuration, including the server URL, realm, and client ID.
+     */
+    config: KeycloakConfig;
+    /**
+     * Optional initialization options for the Keycloak instance.
+     * If not provided, Keycloak will not initialize automatically.
+     */
+    initOptions?: KeycloakInitOptions;
+    /**
+     * Optional array of additional Angular providers or environment providers.
+     */
+    providers?: Array<Provider | EnvironmentProviders>;
+    /**
+     * Optional array of Keycloak features to extend the functionality of the Keycloak integration.
+     */
+    features?: Array<KeycloakFeature>;
+};
+/**
+ * Configures and provides Keycloak as a dependency in an Angular application.
+ *
+ * This function initializes a Keycloak instance with the provided configuration and
+ * optional initialization options. It integrates Keycloak into Angular dependency
+ * injection system, allowing easy consumption throughout the application. Additionally,
+ * it supports custom providers and Keycloak Angular features.
+ *
+ * If `initOptions` is not provided, the Keycloak instance will not be automatically initialized.
+ * In such cases, the application must call `keycloak.init()` explicitly.
+ *
+ * @param options - Configuration object for Keycloak:
+ *   - `config`: The Keycloak configuration, including the server URL, realm, and client ID.
+ *   - `initOptions` (Optional): Initialization options for the Keycloak instance.
+ *   - `providers` (Optional): Additional Angular providers to include.
+ *   - `features` (Optional): Keycloak Angular features to configure during initialization.
+ *
+ * @returns An `EnvironmentProviders` object integrating Keycloak setup and additional providers.
+ *
+ * @example
+ * ```ts
+ * import { provideKeycloak } from './keycloak.providers';
+ * import { bootstrapApplication } from '@angular/platform-browser';
+ * import { AppComponent } from './app/app.component';
+ *
+ * bootstrapApplication(AppComponent, {
+ *   providers: [
+ *     provideKeycloak({
+ *       config: {
+ *         url: 'https://auth-server.example.com',
+ *         realm: 'my-realm',
+ *         clientId: 'my-client',
+ *       },
+ *       initOptions: {
+ *         onLoad: 'login-required',
+ *       },
+ *     }),
+ *   ],
+ * });
+ * ```
+ */
+declare function provideKeycloak(options: ProvideKeycloakOptions): EnvironmentProviders;
+export { AutoRefreshTokenService, CUSTOM_BEARER_TOKEN_INTERCEPTOR_CONFIG, CoreModule, HasRolesDirective, INCLUDE_BEARER_TOKEN_INTERCEPTOR_CONFIG, KEYCLOAK_EVENT_SIGNAL, KeycloakAngularModule, KeycloakAuthGuard, KeycloakBearerInterceptor, KeycloakEventType, KeycloakEventTypeLegacy, KeycloakService, UserActivityService, addAuthorizationHeader, conditionallyUpdateToken, createAuthGuard, createInterceptorCondition, createKeycloakSignal, customBearerTokenInterceptor, includeBearerTokenInterceptor, provideKeycloak, typeEventArgs, withAutoRefreshToken };
+export type { ActionUpdateArgs, AuthErrorArgs, AuthGuardData, BearerTokenCondition, CustomBearerTokenCondition, HttpMethod, IncludeBearerTokenCondition, KeycloakEvent, KeycloakEventLegacy, KeycloakFeature, KeycloakOptions, ProvideKeycloakOptions, ReadyArgs, Roles };