oidc-spa 7.1.10 → 7.2.0-rc.2

package/esm/keycloak/keycloak-js/Keycloak.d.ts

@@ -0,0 +1,284 @@
+import type { KeycloakServerConfig, KeycloakInitOptions, KeycloakError, KeycloakLogoutOptions, KeycloakRoles, KeycloakTokenParsed, KeycloakResourceAccess, KeycloakProfile, KeycloakUserInfo, KeycloakLoginOptions, KeycloakRegisterOptions, KeycloakAccountOptions } from "./types";
+type ConstructorParams = KeycloakServerConfig & {
+    homeUrl: string;
+};
+/**
+ * This module provides a drop-in replacement for `keycloak-js`,
+ * designed for teams migrating to `oidc-spa` with minimal changes.
+ *
+ * ⚠️ While the import path is `oidc-spa/keycloak-js`, this is *not* a re-export or patch —
+ * it is a full alternative implementation aligned with the `keycloak-js` API.
+ */
+export declare class Keycloak {
+    /**
+     * Creates a new Keycloak client instance.
+     * @param config A configuration object or path to a JSON config file.
+     *
+     * NOTE oidc-spa: Currently not supporting GenericOidcConfig (providing explicitly authorization_endpoint ect)
+     * But we could if with the __metadata parameter of oidc-spa.
+     * I'm not seeing the usecase when ran against keycloak right now so not doing it.
+     */
+    constructor(params: ConstructorParams);
+    /**
+     * Called to initialize the adapter.
+     * @param initOptions Initialization options.
+     * @returns A promise to set functions to be invoked on success or error.
+     */
+    init(initOptions?: KeycloakInitOptions): Promise<boolean>;
+    /**
+     * Is true if the user is authenticated, false otherwise.
+     */
+    get authenticated(): boolean;
+    /**
+     * The user id.
+     */
+    get subject(): string | undefined;
+    /**
+     * Response mode passed in init (default value is `'fragment'`).
+     *
+     * NOTE oidc-spa: Can only be fragment.
+     */
+    responseMode: string;
+    /**
+     * Response type sent to Keycloak with login requests. This is determined
+     * based on the flow value used during initialization, but can be overridden
+     * by setting this value.
+     *
+     * NOTE oidc-spa: Can only be 'code'
+     */
+    responseType: string;
+    /**
+     * Flow passed in init.
+     *
+     * NOTE oidc-spa: Can only be 'standard'
+     */
+    flow: string;
+    /**
+     * The realm roles associated with the token.
+     */
+    get realmAccess(): KeycloakRoles | undefined;
+    /**
+     * The resource roles associated with the token.
+     */
+    get resourceAccess(): KeycloakResourceAccess | undefined;
+    /**
+     * The base64 encoded token that can be sent in the Authorization header in
+     * requests to services.
+     */
+    get token(): string | undefined;
+    /**
+     * The parsed token as a JavaScript object.
+     */
+    get tokenParsed(): KeycloakTokenParsed | undefined;
+    /**
+     * The base64 encoded refresh token that can be used to retrieve a new token.
+     */
+    get refreshToken(): string | undefined;
+    /**
+     * The parsed refresh token as a JavaScript object.
+     */
+    get refreshTokenParsed(): KeycloakTokenParsed | undefined;
+    /**
+     * The base64 encoded ID token.
+     */
+    get idToken(): string | undefined;
+    /**
+     * The parsed id token as a JavaScript object.
+     */
+    get idTokenParsed(): KeycloakTokenParsed | undefined;
+    /**
+     * The estimated time difference between the browser time and the Keycloak
+     * server in seconds. This value is just an estimation, but is accurate
+     * enough when determining if a token is expired or not.
+     *
+     * NOTE oidc-spa: Not supported.
+     */
+    timeSkew: null;
+    /**
+     * Whether the instance has been initialized by calling `.init()`.
+     */
+    get didInitialize(): boolean;
+    /**
+     * @private Undocumented.
+     */
+    get loginRequired(): boolean;
+    /**
+     * @private Undocumented.
+     */
+    get authServerUrl(): string;
+    /**
+     * @private Undocumented.
+     */
+    get realm(): string;
+    /**
+     * @private Undocumented.
+     */
+    get clientId(): string;
+    /**
+     * @private Undocumented.
+     */
+    get redirectUri(): string | undefined;
+    /**
+     * @private Undocumented.
+     */
+    get sessionId(): string | undefined;
+    /**
+     * @private Undocumented.
+     */
+    get profile(): KeycloakProfile | undefined;
+    /**
+     * @private Undocumented.
+     */
+    get userInfo(): KeycloakUserInfo | undefined;
+    /**
+     * Called when the adapter is initialized.
+     */
+    onReady?(authenticated: boolean): void;
+    /**
+     * Called when a user is successfully authenticated.
+     */
+    onAuthSuccess?(): void;
+    /**
+     * Called if there was an error during authentication.
+     */
+    onAuthError?(errorData: KeycloakError): void;
+    /**
+     * Called when the token is refreshed.
+     */
+    onAuthRefreshSuccess?(): void;
+    /**
+     * Called if there was an error while trying to refresh the token.
+     *
+     * NOTE oidc-spa: In oidc-spa an auth refresh error always triggers a page refresh.
+     */
+    /**
+     * Called if the user is logged out (will only be called if the session
+     * status iframe is enabled, or in Cordova mode).
+     *
+     * NOTE oidc-spa: In oidc-spa a logout always triggers a page refresh.
+     */
+    /**
+     * Called when the access token is expired. If a refresh token is available
+     * the token can be refreshed with Keycloak#updateToken, or in cases where
+     * it's not (ie. with implicit flow) you can redirect to login screen to
+     * obtain a new access token.
+     */
+    set onTokenExpired(value: (() => void) | undefined);
+    get onTokenExpired(): (() => void) | undefined;
+    /**
+     * Called when a AIA has been requested by the application.
+     * @param status the outcome of the required action
+     * @param action the alias name of the required action, e.g. UPDATE_PASSWORD, CONFIGURE_TOTP etc.
+     */
+    onActionUpdate?(status: "success" | "cancelled" | "error", action?: string): void;
+    /**
+     * Redirects to login form.
+     * @param options Login options.
+     */
+    login(options?: KeycloakLoginOptions & {
+        doesCurrentHrefRequiresAuth?: boolean;
+    }): Promise<never>;
+    /**
+     * Redirects to logout.
+     * @param options Logout options.
+     */
+    logout(options?: KeycloakLogoutOptions): Promise<never>;
+    /**
+     * Redirects to registration form.
+     * @param options The options used for the registration.
+     */
+    register(options?: KeycloakRegisterOptions): Promise<never>;
+    /**
+     * Redirects to the Account Management Console.
+     */
+    accountManagement(options?: {
+        /**
+         * Specifies the uri to redirect to when redirecting back to the application.
+         */
+        redirectUri?: string;
+        locale?: string;
+    }): Promise<never>;
+    /**
+     * Returns the URL to login form.
+     * @param options Supports same options as Keycloak#login.
+     *
+     * NOTE oidc-spa: Not supported, please use login() method.
+     */
+    /**
+     * Returns the URL to logout the user.
+     * @param options Logout options.
+     *
+     * NOTE oidc-spa: Not supported, please use logout() method.
+     */
+    /**
+     * Returns the URL to registration page.
+     * @param options The options used for creating the registration URL.
+     *
+     * NOTE oidc-spa: Not supported please user login({ action: "register" })
+     */
+    /**
+     * Returns the URL to the Account Management Console.
+     * @param options The options used for creating the account URL.
+     */
+    createAccountUrl(options?: KeycloakAccountOptions & {
+        locale?: string;
+    }): string;
+    /**
+     * Returns true if the token has less than `minValidity` seconds left before
+     * it expires.
+     * @param minValidity If not specified, `0` is used.
+     */
+    isTokenExpired(minValidity?: number): boolean;
+    /**
+     * If the token expires within `minValidity` seconds, the token is refreshed.
+     * If the session status iframe is enabled, the session status is also
+     * checked.
+     * @param minValidity If not specified, `5` is used.
+     * @returns A promise to set functions that can be invoked if the token is
+     *          still valid, or if the token is no longer valid.
+     * @example
+     * ```js
+     * keycloak.updateToken(5).then(function(refreshed) {
+     *   if (refreshed) {
+     *     alert('Token was successfully refreshed');
+     *   } else {
+     *     alert('Token is still valid');
+     *   }
+     * }).catch(function() {
+     *   alert('Failed to refresh the token, or the session has expired');
+     * });
+     */
+    updateToken(minValidity?: number): Promise<boolean>;
+    /**
+     * Clears authentication state, including tokens. This can be useful if
+     * the application has detected the session was expired, for example if
+     * updating token fails. Invoking this results in Keycloak#onAuthLogout
+     * callback listener being invoked.
+     *
+     * NOTE oidc-spa: In this implementation we never end up in the kind of
+     * state where calling this makes sense.
+     * oidc-spa take more control and exposes less complexity to the user of the
+     * adapter.
+     */
+    /**
+     * Returns true if the token has the given realm role.
+     * @param role A realm role name.
+     */
+    hasRealmRole(role: string): boolean;
+    /**
+     * Returns true if the token has the given role for the resource.
+     * @param role A role name.
+     * @param resource If not specified, `clientId` is used.
+     */
+    hasResourceRole(role: string, resource?: string): boolean;
+    /**
+     * Loads the user's profile.
+     * @returns A promise to set functions to be invoked on success or error.
+     */
+    loadUserProfile(): Promise<KeycloakProfile>;
+    /**
+     * @private Undocumented.
+     */
+    loadUserInfo(): Promise<KeycloakUserInfo>;
+}
+export {};