oidc-spa 7.2.0-rc.1 → 7.2.0-rc.2

package/{src/keycloak/keycloak-js/Keycloak.ts → esm/keycloak/keycloak-js/Keycloak.js}

@@ -1,45 +1,12 @@
-import type {
-    KeycloakServerConfig,
-    KeycloakInitOptions,
-    KeycloakError,
-    KeycloakLogoutOptions,
-    KeycloakRoles,
-    KeycloakTokenParsed,
-    KeycloakResourceAccess,
-    KeycloakProfile,
-    KeycloakUserInfo,
-    KeycloakLoginOptions,
-    KeycloakRegisterOptions,
-    KeycloakAccountOptions
-} from "./types";
 import { assert, is, isAmong } from "../../vendor/frontend/tsafe";
-import { createOidc, type Oidc, OidcInitializationError } from "../../core";
+import { createOidc, OidcInitializationError } from "../../core";
 import { Deferred } from "../../tools/Deferred";
 import { decodeJwt } from "../../tools/decodeJwt";
-import { type KeycloakUtils, createKeycloakUtils } from "../keycloakUtils";
+import { createKeycloakUtils } from "../keycloakUtils";
 import { workerTimers } from "../../vendor/frontend/worker-timers";
-import { type StatefulEvt, createStatefulEvt } from "../../tools/StatefulEvt";
+import { createStatefulEvt } from "../../tools/StatefulEvt";
 import { readExpirationTimeInJwt } from "../../tools/readExpirationTimeInJwt";
-
-type ConstructorParams = KeycloakServerConfig & {
-    homeUrl: string;
-};
-
-type InternalState = {
-    constructorParams: ConstructorParams;
-    keycloakUtils: KeycloakUtils;
-    issuerUri: string;
-    dInitialized: Deferred<void>;
-    initOptions: KeycloakInitOptions | undefined;
-    oidc: Oidc<Record<string, unknown>> | undefined;
-    tokens: Oidc.Tokens<Record<string, unknown>> | undefined;
-    profile: KeycloakProfile | undefined;
-    userInfo: KeycloakUserInfo | undefined;
-    $onTokenExpired: StatefulEvt<(() => void) | undefined>;
-};
-
-const internalStateByInstance = new WeakMap<Keycloak, InternalState>();
-
+const internalStateByInstance = new WeakMap();
 /**
  * This module provides a drop-in replacement for `keycloak-js`,
  * designed for teams migrating to `oidc-spa` with minimal changes.
@@ -56,9 +23,36 @@ export class Keycloak {
      * But we could if with the __metadata parameter of oidc-spa.
      * I'm not seeing the usecase when ran against keycloak right now so not doing it.
      */
-    constructor(params: ConstructorParams) {
+    constructor(params) {
+        /**
+         * Response mode passed in init (default value is `'fragment'`).
+         *
+         * NOTE oidc-spa: Can only be fragment.
+         */
+        this.responseMode = "fragment";
+        /**
+         * Response type sent to Keycloak with login requests. This is determined
+         * based on the flow value used during initialization, but can be overridden
+         * by setting this value.
+         *
+         * NOTE oidc-spa: Can only be 'code'
+         */
+        this.responseType = "code";
+        /**
+         * Flow passed in init.
+         *
+         * NOTE oidc-spa: Can only be 'standard'
+         */
+        this.flow = "standard";
+        /**
+         * The estimated time difference between the browser time and the Keycloak
+         * server in seconds. This value is just an estimation, but is accurate
+         * enough when determining if a token is expired or not.
+         *
+         * NOTE oidc-spa: Not supported.
+         */
+        this.timeSkew = null;
         const issuerUri = `${params.url.replace(/\/$/, "")}/realms/${params.realm}`;
-
         internalStateByInstance.set(this, {
             constructorParams: params,
             dInitialized: new Deferred(),
@@ -72,19 +66,15 @@ export class Keycloak {
             $onTokenExpired: createStatefulEvt(() => undefined)
         });
     }
-
     /**
      * Called to initialize the adapter.
      * @param initOptions Initialization options.
      * @returns A promise to set functions to be invoked on success or error.
      */
-    async init(initOptions: KeycloakInitOptions = {}): Promise<boolean> {
+    async init(initOptions = {}) {
         const { onLoad = "check-sso", redirectUri, enableLogging, scope, locale } = initOptions;
-
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         if (internalState.initOptions !== undefined) {
             if (JSON.stringify(internalState.initOptions) !== JSON.stringify(initOptions)) {
                 throw new Error("Can't call init() multiple time with different params");
@@ -94,15 +84,10 @@ export class Keycloak {
             assert(oidc !== undefined);
             return oidc.isUserLoggedIn;
         }
-
         internalState.initOptions = initOptions;
-
         const { constructorParams, issuerUri } = internalState;
-
         const autoLogin = onLoad === "login-required";
-
         let hasCreateResolved = false;
-
         const oidcOrError = await createOidc({
             homeUrl: constructorParams.homeUrl,
             issuerUri,
@@ -111,84 +96,62 @@ export class Keycloak {
             postLoginRedirectUrl: redirectUri,
             debugLogs: enableLogging,
             scopes: scope?.split(" "),
-            extraQueryParams:
-                !autoLogin || locale === undefined
-                    ? undefined
-                    : () => {
-                          if (hasCreateResolved) {
-                              return {};
-                          }
-
-                          return {
-                              ui_locales: locale
-                          };
-                      }
+            extraQueryParams: !autoLogin || locale === undefined
+                ? undefined
+                : () => {
+                    if (hasCreateResolved) {
+                        return {};
+                    }
+                    return {
+                        ui_locales: locale
+                    };
+                }
         })
             // NOTE: This can only happen when autoLogin is true, otherwise the error
             // is in oidc.initializationError
-            .catch((error: OidcInitializationError) => error);
-
+            .catch((error) => error);
         hasCreateResolved = true;
-
         if (oidcOrError instanceof OidcInitializationError) {
             this.onAuthError?.({
                 error: oidcOrError.name,
                 error_description: oidcOrError.message
             });
-
-            await new Promise<never>(() => {});
+            await new Promise(() => { });
             assert(false);
         }
-
         const oidc = oidcOrError;
-
         internalState.oidc = oidc;
-
         if (oidc.isUserLoggedIn) {
             {
                 const tokens = await oidc.getTokens();
-
-                const onNewToken = (tokens_new: Oidc.Tokens<Record<string, unknown>>) => {
+                const onNewToken = (tokens_new) => {
                     internalState.tokens = tokens_new;
                     this.onAuthRefreshSuccess?.();
                 };
-
                 onNewToken(tokens);
-
                 oidc.subscribeToTokensChange(onNewToken);
             }
-
             {
                 const { $onTokenExpired } = internalState;
-
-                let clear: (() => void) | undefined = undefined;
-
+                let clear = undefined;
                 $onTokenExpired.subscribe(onTokenExpired => {
                     clear?.();
-
                     if (onTokenExpired === undefined) {
                         return;
                     }
-
-                    let timer: ReturnType<typeof workerTimers.setTimeout> | undefined = undefined;
-
+                    let timer = undefined;
                     const onNewToken = () => {
                         if (timer !== undefined) {
                             workerTimers.clearTimeout(timer);
                         }
-
                         const { tokens } = internalState;
                         assert(tokens !== undefined);
-
                         timer = workerTimers.setTimeout(() => {
                             onTokenExpired.call(this);
-                        }, Math.max(tokens.accessTokenExpirationTime - Date.now() - 3_000, 0));
+                        }, Math.max(tokens.accessTokenExpirationTime - Date.now() - 3000, 0));
                     };
-
                     onNewToken();
-
                     const { unsubscribe } = oidc.subscribeToTokensChange(onNewToken);
-
                     clear = () => {
                         if (timer !== undefined) {
                             workerTimers.clearTimeout(timer);
@@ -197,445 +160,283 @@ export class Keycloak {
                     };
                 });
             }
-
             onActionUpdate_call: {
                 if (this.onActionUpdate === undefined) {
                     break onActionUpdate_call;
                 }
-
                 const { backFromAuthServer } = oidc;
-
                 if (backFromAuthServer === undefined) {
                     break onActionUpdate_call;
                 }
-
                 const status = backFromAuthServer.result.kc_action_status;
-
                 if (!isAmong(["success", "cancelled", "error"], status)) {
                     break onActionUpdate_call;
                 }
-
                 const action = backFromAuthServer.extraQueryParams.kc_action;
-
                 if (action === undefined) {
                     break onActionUpdate_call;
                 }
-
                 this.onActionUpdate(status, action);
             }
         }
-
         if (!oidc.isUserLoggedIn && oidc.initializationError !== undefined) {
             this.onAuthError?.({
                 error: oidc.initializationError.name,
                 error_description: oidc.initializationError.message
             });
         }
-
         internalState.dInitialized.resolve();
-
         this.onReady?.(oidc.isUserLoggedIn);
         if (oidc.isUserLoggedIn) {
             this.onAuthSuccess?.();
         }
-
         return oidc.isUserLoggedIn;
     }
-
     /**
      * Is true if the user is authenticated, false otherwise.
      */
-    get authenticated(): boolean {
+    get authenticated() {
         if (!this.didInitialize) {
             return false;
         }
-
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         const { oidc } = internalState;
-
         assert(oidc !== undefined);
-
         return oidc.isUserLoggedIn;
     }
-
     /**
      * The user id.
      */
-    get subject(): string | undefined {
+    get subject() {
         if (!this.didInitialize) {
             return undefined;
         }
-
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         const { oidc, tokens } = internalState;
-
         assert(oidc !== undefined);
-
         if (!oidc.isUserLoggedIn) {
-            console.warn(
-                "Trying to read keycloak.subject when keycloak.authenticated is false is a logical error in your application"
-            );
+            console.warn("Trying to read keycloak.subject when keycloak.authenticated is false is a logical error in your application");
             return undefined;
         }
-
         assert(tokens !== undefined);
-
         return tokens.decodedIdToken_original.sub;
     }
-
-    /**
-     * Response mode passed in init (default value is `'fragment'`).
-     *
-     * NOTE oidc-spa: Can only be fragment.
-     */
-    responseMode = "fragment";
-
-    /**
-     * Response type sent to Keycloak with login requests. This is determined
-     * based on the flow value used during initialization, but can be overridden
-     * by setting this value.
-     *
-     * NOTE oidc-spa: Can only be 'code'
-     */
-    responseType = "code";
-
-    /**
-     * Flow passed in init.
-     *
-     * NOTE oidc-spa: Can only be 'standard'
-     */
-    flow = "standard";
-
     /**
      * The realm roles associated with the token.
      */
-    get realmAccess(): KeycloakRoles | undefined {
+    get realmAccess() {
         if (!this.didInitialize) {
             return undefined;
         }
-
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         const { oidc, tokens } = internalState;
-
         assert(oidc !== undefined);
-
         if (!oidc.isUserLoggedIn) {
-            console.warn(
-                "Trying to read keycloak.realAccess when keycloak.realmAccess is false is a logical error in your application"
-            );
+            console.warn("Trying to read keycloak.realAccess when keycloak.realmAccess is false is a logical error in your application");
             return undefined;
         }
-
         assert(tokens !== undefined);
-        assert(is<KeycloakTokenParsed>(tokens.decodedIdToken_original));
-
+        assert(is(tokens.decodedIdToken_original));
         return tokens.decodedIdToken_original.realm_access;
     }
-
     /**
      * The resource roles associated with the token.
      */
-    get resourceAccess(): KeycloakResourceAccess | undefined {
+    get resourceAccess() {
         if (!this.didInitialize) {
             return undefined;
         }
-
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         const { oidc, tokens } = internalState;
-
         assert(oidc !== undefined);
-
         if (!oidc.isUserLoggedIn) {
-            console.warn(
-                "Trying to read keycloak.resourceAccess when keycloak.authenticated is false is a logical error in your application"
-            );
+            console.warn("Trying to read keycloak.resourceAccess when keycloak.authenticated is false is a logical error in your application");
             return undefined;
         }
-
         assert(tokens !== undefined);
-        assert(is<KeycloakTokenParsed>(tokens.decodedIdToken_original));
-
+        assert(is(tokens.decodedIdToken_original));
         return tokens.decodedIdToken_original.resource_access;
     }
-
     /**
      * The base64 encoded token that can be sent in the Authorization header in
      * requests to services.
      */
-    get token(): string | undefined {
+    get token() {
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         if (!this.didInitialize) {
             return internalState.initOptions?.token;
         }
-
         const { oidc, tokens } = internalState;
-
         assert(oidc !== undefined);
-
         if (!oidc.isUserLoggedIn) {
-            console.warn(
-                "Trying to read keycloak.token when keycloak.token is false is a logical error in your application"
-            );
+            console.warn("Trying to read keycloak.token when keycloak.token is false is a logical error in your application");
             return undefined;
         }
-
         assert(tokens !== undefined);
-
         return tokens.accessToken;
     }
-
     /**
      * The parsed token as a JavaScript object.
      */
-    get tokenParsed(): KeycloakTokenParsed | undefined {
+    get tokenParsed() {
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         if (!this.didInitialize) {
             const { token } = internalState.initOptions ?? {};
-
             if (token === undefined) {
                 return undefined;
             }
-
-            return decodeJwt(token) as KeycloakTokenParsed;
+            return decodeJwt(token);
         }
-
         const { oidc, tokens } = internalState;
-
         assert(oidc !== undefined);
-
         if (!oidc.isUserLoggedIn) {
-            console.warn(
-                "Trying to read keycloak.token when keycloak.tokenParsed is false is a logical error in your application"
-            );
+            console.warn("Trying to read keycloak.token when keycloak.tokenParsed is false is a logical error in your application");
             return undefined;
         }
-
         assert(tokens !== undefined);
-
         return decodeJwt(tokens.accessToken);
     }
-
     /**
      * The base64 encoded refresh token that can be used to retrieve a new token.
      */
-    get refreshToken(): string | undefined {
+    get refreshToken() {
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         if (!this.didInitialize) {
             return internalState.initOptions?.refreshToken;
         }
-
         const { oidc, tokens } = internalState;
-
         assert(oidc !== undefined);
-
         if (!oidc.isUserLoggedIn) {
-            console.warn(
-                "Trying to read keycloak.token when keycloak.refreshToken is false is a logical error in your application"
-            );
+            console.warn("Trying to read keycloak.token when keycloak.refreshToken is false is a logical error in your application");
             return undefined;
         }
-
         assert(tokens !== undefined);
-
         return tokens.refreshToken;
     }
-
     /**
      * The parsed refresh token as a JavaScript object.
      */
-    get refreshTokenParsed(): KeycloakTokenParsed | undefined {
+    get refreshTokenParsed() {
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         if (!this.didInitialize) {
             const { refreshToken } = internalState.initOptions ?? {};
-
             if (refreshToken === undefined) {
                 return undefined;
             }
-
-            return decodeJwt(refreshToken) as KeycloakTokenParsed;
+            return decodeJwt(refreshToken);
         }
-
         const { oidc, tokens } = internalState;
-
         assert(oidc !== undefined);
-
         if (!oidc.isUserLoggedIn) {
-            console.warn(
-                "Trying to read keycloak.token when keycloak.refreshTokenParsed is false is a logical error in your application"
-            );
+            console.warn("Trying to read keycloak.token when keycloak.refreshTokenParsed is false is a logical error in your application");
             return undefined;
         }
-
         assert(tokens !== undefined);
-
         if (tokens.refreshToken === undefined) {
             return undefined;
         }
-
-        return decodeJwt(tokens.refreshToken) as KeycloakTokenParsed;
+        return decodeJwt(tokens.refreshToken);
     }
-
     /**
      * The base64 encoded ID token.
      */
-    get idToken(): string | undefined {
+    get idToken() {
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         if (!this.didInitialize) {
             return internalState.initOptions?.idToken;
         }
-
         const { oidc, tokens } = internalState;
-
         assert(oidc !== undefined);
-
         if (!oidc.isUserLoggedIn) {
-            console.warn(
-                "Trying to read keycloak.token when keycloak.token is false is a logical error in your application"
-            );
+            console.warn("Trying to read keycloak.token when keycloak.token is false is a logical error in your application");
             return undefined;
         }
-
         assert(tokens !== undefined);
-
         return tokens.idToken;
     }
-
     /**
      * The parsed id token as a JavaScript object.
      */
-    get idTokenParsed(): KeycloakTokenParsed | undefined {
+    get idTokenParsed() {
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         if (!this.didInitialize) {
             const { idToken } = internalState.initOptions ?? {};
-
             if (idToken === undefined) {
                 return undefined;
             }
-
-            return decodeJwt(idToken) as KeycloakTokenParsed;
+            return decodeJwt(idToken);
         }
-
         const { oidc, tokens } = internalState;
-
         assert(oidc !== undefined);
-
         if (!oidc.isUserLoggedIn) {
-            console.warn(
-                "Trying to read keycloak.token when keycloak.refreshTokenParsed is false is a logical error in your application"
-            );
+            console.warn("Trying to read keycloak.token when keycloak.refreshTokenParsed is false is a logical error in your application");
             return undefined;
         }
-
         assert(tokens !== undefined);
-        assert(is<KeycloakTokenParsed>(tokens.decodedIdToken_original));
-
+        assert(is(tokens.decodedIdToken_original));
         return tokens.decodedIdToken_original;
     }
-
-    /**
-     * The estimated time difference between the browser time and the Keycloak
-     * server in seconds. This value is just an estimation, but is accurate
-     * enough when determining if a token is expired or not.
-     *
-     * NOTE oidc-spa: Not supported.
-     */
-    timeSkew = null;
-
     /**
      * Whether the instance has been initialized by calling `.init()`.
      */
-    get didInitialize(): boolean {
+    get didInitialize() {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
         return internalState.oidc !== undefined;
     }
-
     /**
      * @private Undocumented.
      */
-    get loginRequired(): boolean {
+    get loginRequired() {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
-
         const { initOptions } = internalState;
-
         if (initOptions === undefined) {
             return false;
         }
-
         return initOptions.onLoad === "login-required";
     }
-
     /**
      * @private Undocumented.
      */
-    get authServerUrl(): string {
+    get authServerUrl() {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
-        const {
-            keycloakUtils: { issuerUriParsed }
-        } = internalState;
-
+        const { keycloakUtils: { issuerUriParsed } } = internalState;
         return `${issuerUriParsed.origin}${issuerUriParsed.kcHttpRelativePath}`;
     }
-
     /**
      * @private Undocumented.
      */
-    get realm(): string {
+    get realm() {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
-        const {
-            keycloakUtils: { issuerUriParsed }
-        } = internalState;
-
+        const { keycloakUtils: { issuerUriParsed } } = internalState;
         return issuerUriParsed.realm;
     }
-
     /**
      * @private Undocumented.
      */
-    get clientId(): string {
+    get clientId() {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
         const { constructorParams } = internalState;
         return constructorParams.clientId;
     }
-
     /**
      * @private Undocumented.
      */
-    get redirectUri(): string | undefined {
+    get redirectUri() {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
         const { initOptions } = internalState;
@@ -644,84 +445,50 @@ export class Keycloak {
         }
         return initOptions.redirectUri;
     }
-
     /**
      * @private Undocumented.
      */
-    get sessionId(): string | undefined {
+    get sessionId() {
         if (!this.didInitialize) {
             return undefined;
         }
-
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
         const { oidc, tokens } = internalState;
-
         assert(oidc !== undefined);
-
         if (!oidc.isUserLoggedIn) {
-            console.warn(
-                "Trying to read keycloak.sessionId when keycloak.authenticated is false is a logical error in your application"
-            );
+            console.warn("Trying to read keycloak.sessionId when keycloak.authenticated is false is a logical error in your application");
             return undefined;
         }
-
         assert(tokens !== undefined);
-
         const { sid } = tokens.decodedIdToken_original;
-
         assert(typeof sid === "string");
-
         return sid;
     }
-
     /**
      * @private Undocumented.
      */
-    get profile(): KeycloakProfile | undefined {
+    get profile() {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
         const { profile } = internalState;
         return profile;
     }
-
     /**
      * @private Undocumented.
      */
-    get userInfo(): KeycloakUserInfo | undefined {
+    get userInfo() {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
         const { userInfo } = internalState;
         return userInfo;
     }
-
-    /**
-     * Called when the adapter is initialized.
-     */
-    onReady?(authenticated: boolean): void;
-
-    /**
-     * Called when a user is successfully authenticated.
-     */
-    onAuthSuccess?(): void;
-
-    /**
-     * Called if there was an error during authentication.
-     */
-    onAuthError?(errorData: KeycloakError): void;
-
-    /**
-     * Called when the token is refreshed.
-     */
-    onAuthRefreshSuccess?(): void;
-
     /**
      * Called if there was an error while trying to refresh the token.
      *
      * NOTE oidc-spa: In oidc-spa an auth refresh error always triggers a page refresh.
      */
     //onAuthRefreshError?(): void;
-
     /**
      * Called if the user is logged out (will only be called if the session
      * status iframe is enabled, or in Cordova mode).
@@ -729,14 +496,13 @@ export class Keycloak {
      * NOTE oidc-spa: In oidc-spa a logout always triggers a page refresh.
      */
     //onAuthLogout?(): void;
-
     /**
      * Called when the access token is expired. If a refresh token is available
      * the token can be refreshed with Keycloak#updateToken, or in cases where
      * it's not (ie. with implicit flow) you can redirect to login screen to
      * obtain a new access token.
      */
-    set onTokenExpired(value: (() => void) | undefined) {
+    set onTokenExpired(value) {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
         const { $onTokenExpired } = internalState;
@@ -748,62 +514,35 @@ export class Keycloak {
         const { $onTokenExpired } = internalState;
         return $onTokenExpired.current;
     }
-
-    /**
-     * Called when a AIA has been requested by the application.
-     * @param status the outcome of the required action
-     * @param action the alias name of the required action, e.g. UPDATE_PASSWORD, CONFIGURE_TOTP etc.
-     */
-    onActionUpdate?(status: "success" | "cancelled" | "error", action?: string): void;
-
     /**
      * Redirects to login form.
      * @param options Login options.
      */
-    async login(
-        options?: KeycloakLoginOptions & { doesCurrentHrefRequiresAuth?: boolean }
-    ): Promise<never> {
-        const {
-            redirectUri,
-            action,
-            loginHint,
-            acr,
-            acrValues,
-            idpHint,
-            locale,
-            doesCurrentHrefRequiresAuth
-        } = options ?? {};
-
+    async login(options) {
+        const { redirectUri, action, loginHint, acr, acrValues, idpHint, locale, doesCurrentHrefRequiresAuth } = options ?? {};
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
-
         if (!this.didInitialize) {
             await internalState.dInitialized.pr;
         }
-
         const { oidc, keycloakUtils } = internalState;
-
         assert(oidc !== undefined);
-
-        const extraQueryParams_commons: Record<string, string | undefined> = {
-            claims:
-                acr === undefined
-                    ? undefined
-                    : JSON.stringify({
-                          id_token: {
-                              acr
-                          }
-                      }),
+        const extraQueryParams_commons = {
+            claims: acr === undefined
+                ? undefined
+                : JSON.stringify({
+                    id_token: {
+                        acr
+                    }
+                }),
             acr_values: acrValues,
             ui_locales: locale
         };
-
         if (oidc.isUserLoggedIn) {
             assert(action !== "register");
             assert(loginHint === undefined);
             assert(idpHint === undefined);
             assert(doesCurrentHrefRequiresAuth === undefined);
-
             await oidc.goToAuthServer({
                 redirectUrl: redirectUri,
                 extraQueryParams: {
@@ -814,9 +553,7 @@ export class Keycloak {
             });
             assert(false);
         }
-
         assert(action === undefined || action === "register");
-
         await oidc.login({
             redirectUrl: redirectUri,
             doesCurrentHrefRequiresAuth: doesCurrentHrefRequiresAuth ?? false,
@@ -825,34 +562,25 @@ export class Keycloak {
                 login_hint: loginHint,
                 kc_idp_hint: idpHint
             },
-            transformUrlBeforeRedirect:
-                action !== "register" ? undefined : keycloakUtils.transformUrlBeforeRedirectForRegister
+            transformUrlBeforeRedirect: action !== "register" ? undefined : keycloakUtils.transformUrlBeforeRedirectForRegister
         });
         assert(false);
     }
-
     /**
      * Redirects to logout.
      * @param options Logout options.
      */
-    async logout(options?: KeycloakLogoutOptions): Promise<never> {
+    async logout(options) {
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         if (!this.didInitialize) {
             await internalState.dInitialized.pr;
         }
-
         const { oidc, initOptions } = internalState;
-
         assert(oidc !== undefined);
         assert(initOptions !== undefined);
-
         assert(oidc.isUserLoggedIn, "The user is not currently logged in");
-
         const redirectUri = options?.redirectUri ?? initOptions.redirectUri;
-
         await oidc.logout({
             ...(redirectUri === undefined
                 ? { redirectTo: "current page" }
@@ -860,37 +588,27 @@ export class Keycloak {
         });
         assert(false);
     }
-
     /**
      * Redirects to registration form.
      * @param options The options used for the registration.
      */
-    async register(options?: KeycloakRegisterOptions): Promise<never> {
+    async register(options) {
         return this.login({
             ...options,
             action: "register"
         });
     }
-
     /**
      * Redirects to the Account Management Console.
      */
-    async accountManagement(options?: {
-        /**
-         * Specifies the uri to redirect to when redirecting back to the application.
-         */
-        redirectUri?: string;
-        locale?: string;
-    }): Promise<never> {
+    async accountManagement(options) {
         const { redirectUri, locale } = options ?? {};
-
         window.location.href = this.createAccountUrl({
             redirectUri,
             locale
         });
-        return new Promise<never>(() => {});
+        return new Promise(() => { });
     }
-
     /**
      * Returns the URL to login form.
      * @param options Supports same options as Keycloak#login.
@@ -898,7 +616,6 @@ export class Keycloak {
      * NOTE oidc-spa: Not supported, please use login() method.
      */
     //createLoginUrl(options?: KeycloakLoginOptions): Promise<string>;
-
     /**
      * Returns the URL to logout the user.
      * @param options Logout options.
@@ -906,7 +623,6 @@ export class Keycloak {
      * NOTE oidc-spa: Not supported, please use logout() method.
      */
     //createLogoutUrl(options?: KeycloakLogoutOptions): string;
-
     /**
      * Returns the URL to registration page.
      * @param options The options used for creating the registration URL.
@@ -914,63 +630,49 @@ export class Keycloak {
      * NOTE oidc-spa: Not supported please user login({ action: "register" })
      */
     //createRegisterUrl(options?: KeycloakRegisterOptions): Promise<string>;
-
     /**
      * Returns the URL to the Account Management Console.
      * @param options The options used for creating the account URL.
      */
-    createAccountUrl(options?: KeycloakAccountOptions & { locale?: string }): string {
+    createAccountUrl(options) {
         const { locale, redirectUri } = options ?? {};
-
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         const { keycloakUtils } = internalState;
-
         return keycloakUtils.getAccountUrl({
             clientId: this.clientId,
             backToAppFromAccountUrl: redirectUri ?? location.href,
             locale
         });
     }
-
     /**
      * Returns true if the token has less than `minValidity` seconds left before
      * it expires.
      * @param minValidity If not specified, `0` is used.
      */
-    isTokenExpired(minValidity: number = 0): boolean {
+    isTokenExpired(minValidity = 0) {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
-
-        let accessTokenExpirationTime: number;
-
+        let accessTokenExpirationTime;
         if (!this.didInitialize) {
             const fakeAccessToken = this.token;
             if (fakeAccessToken === undefined) {
                 throw new Error("isTokenExpired was called too early");
             }
-
             const time = readExpirationTimeInJwt(fakeAccessToken);
-
             assert(time !== undefined, "The initial token is not a JWT");
-
             accessTokenExpirationTime = time;
-        } else {
+        }
+        else {
             const { tokens } = internalState;
             assert(tokens !== undefined);
-
             accessTokenExpirationTime = tokens.accessTokenExpirationTime;
         }
-
-        if (accessTokenExpirationTime > Date.now() + minValidity * 1_000) {
+        if (accessTokenExpirationTime > Date.now() + minValidity * 1000) {
             return false;
         }
-
         return true;
     }
-
     /**
      * If the token expires within `minValidity` seconds, the token is refreshed.
      * If the session status iframe is enabled, the session status is also
@@ -990,30 +692,21 @@ export class Keycloak {
      *   alert('Failed to refresh the token, or the session has expired');
      * });
      */
-    async updateToken(minValidity: number = 5): Promise<boolean> {
+    async updateToken(minValidity = 5) {
         const internalState = internalStateByInstance.get(this);
-
         assert(internalState !== undefined);
-
         if (!this.didInitialize) {
             await internalState.dInitialized.pr;
         }
-
         const { oidc } = internalState;
-
         assert(oidc !== undefined);
-
         assert(oidc.isUserLoggedIn, "updateToken called too early");
-
         if (!this.isTokenExpired(minValidity)) {
             return false;
         }
-
         await oidc.renewTokens();
-
         return true;
     }
-
     /**
      * Clears authentication state, including tokens. This can be useful if
      * the application has detected the session was expired, for example if
@@ -1026,72 +719,56 @@ export class Keycloak {
      * adapter.
      */
     //clearToken(): void;
-
     /**
      * Returns true if the token has the given realm role.
      * @param role A realm role name.
      */
-    hasRealmRole(role: string): boolean {
+    hasRealmRole(role) {
         const access = this.realmAccess;
         return access !== undefined && access.roles.indexOf(role) >= 0;
     }
-
     /**
      * Returns true if the token has the given role for the resource.
      * @param role A role name.
      * @param resource If not specified, `clientId` is used.
      */
-    hasResourceRole(role: string, resource?: string): boolean {
+    hasResourceRole(role, resource) {
         if (this.resourceAccess === undefined) {
             return false;
         }
-
         const access = this.resourceAccess[resource || this.clientId];
         return access !== undefined && access.roles.indexOf(role) >= 0;
     }
-
     /**
      * Loads the user's profile.
      * @returns A promise to set functions to be invoked on success or error.
      */
-    async loadUserProfile(): Promise<KeycloakProfile> {
+    async loadUserProfile() {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
-
         if (!this.didInitialize) {
             await internalState.dInitialized.pr;
         }
-
         const { oidc, keycloakUtils } = internalState;
-
         assert(oidc !== undefined);
-
         assert(oidc.isUserLoggedIn, "Can't load userProfile if user not authenticated");
-
         const { accessToken } = await oidc.getTokens();
-
         return (internalState.profile = await keycloakUtils.fetchUserProfile({ accessToken }));
     }
-
     /**
      * @private Undocumented.
      */
-    async loadUserInfo(): Promise<KeycloakUserInfo> {
+    async loadUserInfo() {
         const internalState = internalStateByInstance.get(this);
         assert(internalState !== undefined);
-
         if (!this.didInitialize) {
             await internalState.dInitialized.pr;
         }
-
         const { oidc, keycloakUtils } = internalState;
-
         assert(oidc !== undefined);
-
         assert(oidc.isUserLoggedIn, "Can't load userInfo if user not authenticated");
-
         const { accessToken } = await oidc.getTokens();
-
         return (internalState.userInfo = await keycloakUtils.fetchUserInfo({ accessToken }));
     }
 }
+//# sourceMappingURL=Keycloak.js.map