shared-lib-angular 1.0.0

package/.jest-cache/jest-transform-cache-9a3a3745ceefdbbde8dc96f3a11cb645-79ef2876fae7ca75eedb2aa53dc48338/57/angularoauth2oidc_5796eb8bb1f1dd6932dae6bb664d1cbb

@@ -0,0 +1,2766 @@
+e71f1c592f81af9c049d8c28484f6dd5
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from2, except, desc) => {
+  if (from2 && typeof from2 === "object" || typeof from2 === "function") {
+    for (let key of __getOwnPropNames(from2))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from2[key], enumerable: !(desc = __getOwnPropDesc(from2, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
+var angular_oauth2_oidc_exports = {};
+__export(angular_oauth2_oidc_exports, {
+  AUTH_CONFIG: () => AUTH_CONFIG,
+  AbstractValidationHandler: () => AbstractValidationHandler,
+  AuthConfig: () => AuthConfig,
+  DateTimeProvider: () => DateTimeProvider,
+  DefaultHashHandler: () => DefaultHashHandler,
+  DefaultOAuthInterceptor: () => DefaultOAuthInterceptor,
+  HashHandler: () => HashHandler,
+  JwksValidationHandler: () => JwksValidationHandler,
+  LoginOptions: () => LoginOptions,
+  MemoryStorage: () => MemoryStorage,
+  NullValidationHandler: () => NullValidationHandler,
+  OAuthErrorEvent: () => OAuthErrorEvent,
+  OAuthEvent: () => OAuthEvent,
+  OAuthInfoEvent: () => OAuthInfoEvent,
+  OAuthLogger: () => OAuthLogger,
+  OAuthModule: () => OAuthModule,
+  OAuthModuleConfig: () => OAuthModuleConfig,
+  OAuthNoopResourceServerErrorHandler: () => OAuthNoopResourceServerErrorHandler,
+  OAuthResourceServerConfig: () => OAuthResourceServerConfig,
+  OAuthResourceServerErrorHandler: () => OAuthResourceServerErrorHandler,
+  OAuthService: () => OAuthService,
+  OAuthStorage: () => OAuthStorage,
+  OAuthSuccessEvent: () => OAuthSuccessEvent,
+  ReceivedTokens: () => ReceivedTokens,
+  SystemDateTimeProvider: () => SystemDateTimeProvider,
+  UrlHelperService: () => UrlHelperService,
+  ValidationHandler: () => ValidationHandler,
+  provideOAuthClient: () => provideOAuthClient
+});
+module.exports = __toCommonJS(angular_oauth2_oidc_exports);
+var i0 = __toESM(require("@angular/core"), 1);
+var import_core = require("@angular/core");
+var import_common = require("@angular/common");
+var i1 = __toESM(require("@angular/common/http"), 1);
+var import_http = require("@angular/common/http");
+var import_rxjs = require("rxjs");
+var import_operators = require("rxjs/operators");
+class NullValidationHandler {
+  validateSignature(validationParams) {
+    return Promise.resolve(null);
+  }
+  validateAtHash(validationParams) {
+    return Promise.resolve(true);
+  }
+}
+class OAuthModuleConfig {
+}
+class OAuthResourceServerConfig {
+}
+class DateTimeProvider {
+}
+const _SystemDateTimeProvider = class _SystemDateTimeProvider extends DateTimeProvider {
+  now() {
+    return Date.now();
+  }
+  new() {
+    return /* @__PURE__ */ new Date();
+  }
+};
+_SystemDateTimeProvider.\u0275fac = i0.\u0275\u0275ngDeclareFactory({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _SystemDateTimeProvider, deps: null, target: i0.\u0275\u0275FactoryTarget.Injectable });
+_SystemDateTimeProvider.\u0275prov = i0.\u0275\u0275ngDeclareInjectable({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _SystemDateTimeProvider });
+let SystemDateTimeProvider = _SystemDateTimeProvider;
+i0.\u0275\u0275ngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: SystemDateTimeProvider, decorators: [{
+  type: import_core.Injectable
+}] });
+class LoginOptions {
+  constructor() {
+    this.disableNonceCheck = false;
+    this.preventClearHashAfterLogin = false;
+  }
+}
+class OAuthLogger {
+}
+class OAuthStorage {
+}
+const _MemoryStorage = class _MemoryStorage {
+  constructor() {
+    this.data = /* @__PURE__ */ new Map();
+  }
+  getItem(key) {
+    return this.data.get(key);
+  }
+  removeItem(key) {
+    this.data.delete(key);
+  }
+  setItem(key, data) {
+    this.data.set(key, data);
+  }
+};
+_MemoryStorage.\u0275fac = i0.\u0275\u0275ngDeclareFactory({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _MemoryStorage, deps: [], target: i0.\u0275\u0275FactoryTarget.Injectable });
+_MemoryStorage.\u0275prov = i0.\u0275\u0275ngDeclareInjectable({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _MemoryStorage });
+let MemoryStorage = _MemoryStorage;
+i0.\u0275\u0275ngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: MemoryStorage, decorators: [{
+  type: import_core.Injectable
+}] });
+class ReceivedTokens {
+}
+class OAuthEvent {
+  constructor(type) {
+    this.type = type;
+  }
+}
+class OAuthSuccessEvent extends OAuthEvent {
+  constructor(type, info = null) {
+    super(type);
+    this.info = info;
+  }
+}
+class OAuthInfoEvent extends OAuthEvent {
+  constructor(type, info = null) {
+    super(type);
+    this.info = info;
+  }
+}
+class OAuthErrorEvent extends OAuthEvent {
+  constructor(type, reason, params = null) {
+    super(type);
+    this.reason = reason;
+    this.params = params;
+  }
+}
+function b64DecodeUnicode(str) {
+  const base64 = str.replace(/-/g, "+").replace(/_/g, "/");
+  return decodeURIComponent(atob(base64).split("").map(function(c) {
+    return "%" + ("00" + c.charCodeAt(0).toString(16)).slice(-2);
+  }).join(""));
+}
+function base64UrlEncode(str) {
+  const base64 = btoa(str);
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+class AuthConfig {
+  constructor(json) {
+    this.clientId = "";
+    this.redirectUri = "";
+    this.postLogoutRedirectUri = "";
+    this.redirectUriAsPostLogoutRedirectUriFallback = true;
+    this.loginUrl = "";
+    this.scope = "openid profile";
+    this.resource = "";
+    this.rngUrl = "";
+    this.oidc = true;
+    this.requestAccessToken = true;
+    this.options = null;
+    this.issuer = "";
+    this.logoutUrl = "";
+    this.clearHashAfterLogin = true;
+    this.tokenEndpoint = null;
+    this.revocationEndpoint = null;
+    this.customTokenParameters = [];
+    this.userinfoEndpoint = null;
+    this.responseType = "";
+    this.showDebugInformation = false;
+    this.silentRefreshRedirectUri = "";
+    this.silentRefreshMessagePrefix = "";
+    this.silentRefreshShowIFrame = false;
+    this.siletRefreshTimeout = 1e3 * 20;
+    this.silentRefreshTimeout = 1e3 * 20;
+    this.dummyClientSecret = "";
+    this.requireHttps = "remoteOnly";
+    this.strictDiscoveryDocumentValidation = true;
+    this.jwks = null;
+    this.customQueryParams = null;
+    this.silentRefreshIFrameName = "angular-oauth-oidc-silent-refresh-iframe";
+    this.timeoutFactor = 0.75;
+    this.sessionChecksEnabled = false;
+    this.sessionCheckIntervall = 3 * 1e3;
+    this.sessionCheckIFrameUrl = null;
+    this.sessionCheckIFrameName = "angular-oauth-oidc-check-session-iframe";
+    this.disableAtHashCheck = false;
+    this.skipSubjectCheck = false;
+    this.useIdTokenHintForSilentRefresh = false;
+    this.skipIssuerCheck = false;
+    this.nonceStateSeparator = ";";
+    this.useHttpBasicAuth = false;
+    this.decreaseExpirationBySec = 0;
+    this.waitForTokenInMsec = 0;
+    this.disablePKCE = false;
+    this.preserveRequestedRoute = false;
+    this.disableIdTokenTimer = false;
+    this.checkOrigin = false;
+    this.openUri = (uri) => {
+      location.href = uri;
+    };
+    if (json) {
+      Object.assign(this, json);
+    }
+  }
+}
+class WebHttpUrlEncodingCodec {
+  encodeKey(k) {
+    return encodeURIComponent(k);
+  }
+  encodeValue(v) {
+    return encodeURIComponent(v);
+  }
+  decodeKey(k) {
+    return decodeURIComponent(k);
+  }
+  decodeValue(v) {
+    return decodeURIComponent(v);
+  }
+}
+class ValidationHandler {
+}
+class AbstractValidationHandler {
+  /**
+   * Validates the at_hash in an id_token against the received access_token.
+   */
+  validateAtHash(params) {
+    return __async(this, null, function* () {
+      const hashAlg = this.inferHashAlgorithm(params.idTokenHeader);
+      const tokenHash = yield this.calcHash(params.accessToken, hashAlg);
+      const leftMostHalf = tokenHash.substr(0, tokenHash.length / 2);
+      const atHash = base64UrlEncode(leftMostHalf);
+      const claimsAtHash = params.idTokenClaims["at_hash"].replace(/=/g, "");
+      if (atHash !== claimsAtHash) {
+        console.error("exptected at_hash: " + atHash);
+        console.error("actual at_hash: " + claimsAtHash);
+      }
+      return atHash === claimsAtHash;
+    });
+  }
+  /**
+   * Infers the name of the hash algorithm to use
+   * from the alg field of an id_token.
+   *
+   * @param jwtHeader the id_token's parsed header
+   */
+  inferHashAlgorithm(jwtHeader) {
+    const alg = jwtHeader["alg"];
+    if (!alg.match(/^.S[0-9]{3}$/)) {
+      throw new Error("Algorithm not supported: " + alg);
+    }
+    return "sha-" + alg.substr(2);
+  }
+}
+const _UrlHelperService = class _UrlHelperService {
+  getHashFragmentParams(customHashFragment) {
+    let hash2 = customHashFragment || window.location.hash;
+    hash2 = decodeURIComponent(hash2);
+    if (hash2.indexOf("#") !== 0) {
+      return {};
+    }
+    const questionMarkPosition = hash2.indexOf("?");
+    if (questionMarkPosition > -1) {
+      hash2 = hash2.substr(questionMarkPosition + 1);
+    } else {
+      hash2 = hash2.substr(1);
+    }
+    return this.parseQueryString(hash2);
+  }
+  parseQueryString(queryString) {
+    const data = {};
+    let pair, separatorIndex, escapedKey, escapedValue, key, value;
+    if (queryString === null) {
+      return data;
+    }
+    const pairs = queryString.split("&");
+    for (let i = 0; i < pairs.length; i++) {
+      pair = pairs[i];
+      separatorIndex = pair.indexOf("=");
+      if (separatorIndex === -1) {
+        escapedKey = pair;
+        escapedValue = null;
+      } else {
+        escapedKey = pair.substr(0, separatorIndex);
+        escapedValue = pair.substr(separatorIndex + 1);
+      }
+      key = decodeURIComponent(escapedKey);
+      value = decodeURIComponent(escapedValue);
+      if (key.substr(0, 1) === "/") {
+        key = key.substr(1);
+      }
+      data[key] = value;
+    }
+    return data;
+  }
+};
+_UrlHelperService.\u0275fac = i0.\u0275\u0275ngDeclareFactory({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _UrlHelperService, deps: [], target: i0.\u0275\u0275FactoryTarget.Injectable });
+_UrlHelperService.\u0275prov = i0.\u0275\u0275ngDeclareInjectable({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _UrlHelperService });
+let UrlHelperService = _UrlHelperService;
+i0.\u0275\u0275ngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: UrlHelperService, decorators: [{
+  type: import_core.Injectable
+}] });
+const digestLength = 32;
+const blockSize = 64;
+const K = new Uint32Array([
+  1116352408,
+  1899447441,
+  3049323471,
+  3921009573,
+  961987163,
+  1508970993,
+  2453635748,
+  2870763221,
+  3624381080,
+  310598401,
+  607225278,
+  1426881987,
+  1925078388,
+  2162078206,
+  2614888103,
+  3248222580,
+  3835390401,
+  4022224774,
+  264347078,
+  604807628,
+  770255983,
+  1249150122,
+  1555081692,
+  1996064986,
+  2554220882,
+  2821834349,
+  2952996808,
+  3210313671,
+  3336571891,
+  3584528711,
+  113926993,
+  338241895,
+  666307205,
+  773529912,
+  1294757372,
+  1396182291,
+  1695183700,
+  1986661051,
+  2177026350,
+  2456956037,
+  2730485921,
+  2820302411,
+  3259730800,
+  3345764771,
+  3516065817,
+  3600352804,
+  4094571909,
+  275423344,
+  430227734,
+  506948616,
+  659060556,
+  883997877,
+  958139571,
+  1322822218,
+  1537002063,
+  1747873779,
+  1955562222,
+  2024104815,
+  2227730452,
+  2361852424,
+  2428436474,
+  2756734187,
+  3204031479,
+  3329325298
+]);
+function hashBlocks(w, v, p, pos, len) {
+  let a, b, c, d, e, f, g, h, u, i, j, t1, t2;
+  while (len >= 64) {
+    a = v[0];
+    b = v[1];
+    c = v[2];
+    d = v[3];
+    e = v[4];
+    f = v[5];
+    g = v[6];
+    h = v[7];
+    for (i = 0; i < 16; i++) {
+      j = pos + i * 4;
+      w[i] = (p[j] & 255) << 24 | (p[j + 1] & 255) << 16 | (p[j + 2] & 255) << 8 | p[j + 3] & 255;
+    }
+    for (i = 16; i < 64; i++) {
+      u = w[i - 2];
+      t1 = (u >>> 17 | u << 32 - 17) ^ (u >>> 19 | u << 32 - 19) ^ u >>> 10;
+      u = w[i - 15];
+      t2 = (u >>> 7 | u << 32 - 7) ^ (u >>> 18 | u << 32 - 18) ^ u >>> 3;
+      w[i] = (t1 + w[i - 7] | 0) + (t2 + w[i - 16] | 0);
+    }
+    for (i = 0; i < 64; i++) {
+      t1 = (((e >>> 6 | e << 32 - 6) ^ (e >>> 11 | e << 32 - 11) ^ (e >>> 25 | e << 32 - 25)) + (e & f ^ ~e & g) | 0) + (h + (K[i] + w[i] | 0) | 0) | 0;
+      t2 = ((a >>> 2 | a << 32 - 2) ^ (a >>> 13 | a << 32 - 13) ^ (a >>> 22 | a << 32 - 22)) + (a & b ^ a & c ^ b & c) | 0;
+      h = g;
+      g = f;
+      f = e;
+      e = d + t1 | 0;
+      d = c;
+      c = b;
+      b = a;
+      a = t1 + t2 | 0;
+    }
+    v[0] += a;
+    v[1] += b;
+    v[2] += c;
+    v[3] += d;
+    v[4] += e;
+    v[5] += f;
+    v[6] += g;
+    v[7] += h;
+    pos += 64;
+    len -= 64;
+  }
+  return pos;
+}
+class Hash {
+  constructor() {
+    this.digestLength = digestLength;
+    this.blockSize = blockSize;
+    this.state = new Int32Array(8);
+    this.temp = new Int32Array(64);
+    this.buffer = new Uint8Array(128);
+    this.bufferLength = 0;
+    this.bytesHashed = 0;
+    this.finished = false;
+    this.reset();
+  }
+  // Resets hash state making it possible
+  // to re-use this instance to hash other data.
+  reset() {
+    this.state[0] = 1779033703;
+    this.state[1] = 3144134277;
+    this.state[2] = 1013904242;
+    this.state[3] = 2773480762;
+    this.state[4] = 1359893119;
+    this.state[5] = 2600822924;
+    this.state[6] = 528734635;
+    this.state[7] = 1541459225;
+    this.bufferLength = 0;
+    this.bytesHashed = 0;
+    this.finished = false;
+    return this;
+  }
+  // Cleans internal buffers and re-initializes hash state.
+  clean() {
+    for (let i = 0; i < this.buffer.length; i++) {
+      this.buffer[i] = 0;
+    }
+    for (let i = 0; i < this.temp.length; i++) {
+      this.temp[i] = 0;
+    }
+    this.reset();
+  }
+  // Updates hash state with the given data.
+  //
+  // Optionally, length of the data can be specified to hash
+  // fewer bytes than data.length.
+  //
+  // Throws error when trying to update already finalized hash:
+  // instance must be reset to use it again.
+  update(data, dataLength = data.length) {
+    if (this.finished) {
+      throw new Error("SHA256: can't update because hash was finished.");
+    }
+    let dataPos = 0;
+    this.bytesHashed += dataLength;
+    if (this.bufferLength > 0) {
+      while (this.bufferLength < 64 && dataLength > 0) {
+        this.buffer[this.bufferLength++] = data[dataPos++];
+        dataLength--;
+      }
+      if (this.bufferLength === 64) {
+        hashBlocks(this.temp, this.state, this.buffer, 0, 64);
+        this.bufferLength = 0;
+      }
+    }
+    if (dataLength >= 64) {
+      dataPos = hashBlocks(this.temp, this.state, data, dataPos, dataLength);
+      dataLength %= 64;
+    }
+    while (dataLength > 0) {
+      this.buffer[this.bufferLength++] = data[dataPos++];
+      dataLength--;
+    }
+    return this;
+  }
+  // Finalizes hash state and puts hash into out.
+  //
+  // If hash was already finalized, puts the same value.
+  finish(out) {
+    if (!this.finished) {
+      const bytesHashed = this.bytesHashed;
+      const left = this.bufferLength;
+      const bitLenHi = bytesHashed / 536870912 | 0;
+      const bitLenLo = bytesHashed << 3;
+      const padLength = bytesHashed % 64 < 56 ? 64 : 128;
+      this.buffer[left] = 128;
+      for (let i = left + 1; i < padLength - 8; i++) {
+        this.buffer[i] = 0;
+      }
+      this.buffer[padLength - 8] = bitLenHi >>> 24 & 255;
+      this.buffer[padLength - 7] = bitLenHi >>> 16 & 255;
+      this.buffer[padLength - 6] = bitLenHi >>> 8 & 255;
+      this.buffer[padLength - 5] = bitLenHi >>> 0 & 255;
+      this.buffer[padLength - 4] = bitLenLo >>> 24 & 255;
+      this.buffer[padLength - 3] = bitLenLo >>> 16 & 255;
+      this.buffer[padLength - 2] = bitLenLo >>> 8 & 255;
+      this.buffer[padLength - 1] = bitLenLo >>> 0 & 255;
+      hashBlocks(this.temp, this.state, this.buffer, 0, padLength);
+      this.finished = true;
+    }
+    for (let i = 0; i < 8; i++) {
+      out[i * 4 + 0] = this.state[i] >>> 24 & 255;
+      out[i * 4 + 1] = this.state[i] >>> 16 & 255;
+      out[i * 4 + 2] = this.state[i] >>> 8 & 255;
+      out[i * 4 + 3] = this.state[i] >>> 0 & 255;
+    }
+    return this;
+  }
+  // Returns the final hash digest.
+  digest() {
+    const out = new Uint8Array(this.digestLength);
+    this.finish(out);
+    return out;
+  }
+  // Internal function for use in HMAC for optimization.
+  _saveState(out) {
+    for (let i = 0; i < this.state.length; i++) {
+      out[i] = this.state[i];
+    }
+  }
+  // Internal function for use in HMAC for optimization.
+  _restoreState(from2, bytesHashed) {
+    for (let i = 0; i < this.state.length; i++) {
+      this.state[i] = from2[i];
+    }
+    this.bytesHashed = bytesHashed;
+    this.finished = false;
+    this.bufferLength = 0;
+  }
+}
+class HMAC {
+  constructor(key) {
+    this.inner = new Hash();
+    this.outer = new Hash();
+    this.blockSize = this.inner.blockSize;
+    this.digestLength = this.inner.digestLength;
+    const pad = new Uint8Array(this.blockSize);
+    if (key.length > this.blockSize) {
+      new Hash().update(key).finish(pad).clean();
+    } else {
+      for (let i = 0; i < key.length; i++) {
+        pad[i] = key[i];
+      }
+    }
+    for (let i = 0; i < pad.length; i++) {
+      pad[i] ^= 54;
+    }
+    this.inner.update(pad);
+    for (let i = 0; i < pad.length; i++) {
+      pad[i] ^= 54 ^ 92;
+    }
+    this.outer.update(pad);
+    this.istate = new Uint32Array(8);
+    this.ostate = new Uint32Array(8);
+    this.inner._saveState(this.istate);
+    this.outer._saveState(this.ostate);
+    for (let i = 0; i < pad.length; i++) {
+      pad[i] = 0;
+    }
+  }
+  // Returns HMAC state to the state initialized with key
+  // to make it possible to run HMAC over the other data with the same
+  // key without creating a new instance.
+  reset() {
+    this.inner._restoreState(this.istate, this.inner.blockSize);
+    this.outer._restoreState(this.ostate, this.outer.blockSize);
+    return this;
+  }
+  // Cleans HMAC state.
+  clean() {
+    for (let i = 0; i < this.istate.length; i++) {
+      this.ostate[i] = this.istate[i] = 0;
+    }
+    this.inner.clean();
+    this.outer.clean();
+  }
+  // Updates state with provided data.
+  update(data) {
+    this.inner.update(data);
+    return this;
+  }
+  // Finalizes HMAC and puts the result in out.
+  finish(out) {
+    if (this.outer.finished) {
+      this.outer.finish(out);
+    } else {
+      this.inner.finish(out);
+      this.outer.update(out, this.digestLength).finish(out);
+    }
+    return this;
+  }
+  // Returns message authentication code.
+  digest() {
+    const out = new Uint8Array(this.digestLength);
+    this.finish(out);
+    return out;
+  }
+}
+function hash(data) {
+  const h = new Hash().update(data);
+  const digest = h.digest();
+  h.clean();
+  return digest;
+}
+function hmac(key, data) {
+  const h = new HMAC(key).update(data);
+  const digest = h.digest();
+  h.clean();
+  return digest;
+}
+function fillBuffer(buffer, hmac2, info, counter) {
+  const num = counter[0];
+  if (num === 0) {
+    throw new Error("hkdf: cannot expand more");
+  }
+  hmac2.reset();
+  if (num > 1) {
+    hmac2.update(buffer);
+  }
+  if (info) {
+    hmac2.update(info);
+  }
+  hmac2.update(counter);
+  hmac2.finish(buffer);
+  counter[0]++;
+}
+const hkdfSalt = new Uint8Array(digestLength);
+function hkdf(key, salt = hkdfSalt, info, length = 32) {
+  const counter = new Uint8Array([1]);
+  const okm = hmac(salt, key);
+  const hmac_ = new HMAC(okm);
+  const buffer = new Uint8Array(hmac_.digestLength);
+  let bufpos = buffer.length;
+  const out = new Uint8Array(length);
+  for (let i = 0; i < length; i++) {
+    if (bufpos === buffer.length) {
+      fillBuffer(buffer, hmac_, info, counter);
+      bufpos = 0;
+    }
+    out[i] = buffer[bufpos++];
+  }
+  hmac_.clean();
+  buffer.fill(0);
+  counter.fill(0);
+  return out;
+}
+function pbkdf2(password, salt, iterations, dkLen) {
+  const prf = new HMAC(password);
+  const len = prf.digestLength;
+  const ctr = new Uint8Array(4);
+  const t = new Uint8Array(len);
+  const u = new Uint8Array(len);
+  const dk = new Uint8Array(dkLen);
+  for (let i = 0; i * len < dkLen; i++) {
+    const c = i + 1;
+    ctr[0] = c >>> 24 & 255;
+    ctr[1] = c >>> 16 & 255;
+    ctr[2] = c >>> 8 & 255;
+    ctr[3] = c >>> 0 & 255;
+    prf.reset();
+    prf.update(salt);
+    prf.update(ctr);
+    prf.finish(u);
+    for (let j = 0; j < len; j++) {
+      t[j] = u[j];
+    }
+    for (let j = 2; j <= iterations; j++) {
+      prf.reset();
+      prf.update(u).finish(u);
+      for (let k = 0; k < len; k++) {
+        t[k] ^= u[k];
+      }
+    }
+    for (let j = 0; j < len && i * len + j < dkLen; j++) {
+      dk[i * len + j] = t[j];
+    }
+  }
+  for (let i = 0; i < len; i++) {
+    t[i] = u[i] = 0;
+  }
+  for (let i = 0; i < 4; i++) {
+    ctr[i] = 0;
+  }
+  prf.clean();
+  return dk;
+}
+class HashHandler {
+}
+function decodeUTF8(s) {
+  if (typeof s !== "string")
+    throw new TypeError("expected string");
+  const d = s, b = new Uint8Array(d.length);
+  for (let i = 0; i < d.length; i++)
+    b[i] = d.charCodeAt(i);
+  return b;
+}
+function encodeUTF8(arr) {
+  const s = [];
+  for (let i = 0; i < arr.length; i++)
+    s.push(String.fromCharCode(arr[i]));
+  return s.join("");
+}
+const _DefaultHashHandler = class _DefaultHashHandler {
+  calcHash(valueToHash, algorithm) {
+    return __async(this, null, function* () {
+      const candHash = encodeUTF8(hash(decodeUTF8(valueToHash)));
+      return candHash;
+    });
+  }
+  toHashString2(byteArray) {
+    let result = "";
+    for (const e of byteArray) {
+      result += String.fromCharCode(e);
+    }
+    return result;
+  }
+  toHashString(buffer) {
+    const byteArray = new Uint8Array(buffer);
+    let result = "";
+    for (const e of byteArray) {
+      result += String.fromCharCode(e);
+    }
+    return result;
+  }
+};
+_DefaultHashHandler.\u0275fac = i0.\u0275\u0275ngDeclareFactory({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _DefaultHashHandler, deps: [], target: i0.\u0275\u0275FactoryTarget.Injectable });
+_DefaultHashHandler.\u0275prov = i0.\u0275\u0275ngDeclareInjectable({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _DefaultHashHandler });
+let DefaultHashHandler = _DefaultHashHandler;
+i0.\u0275\u0275ngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: DefaultHashHandler, decorators: [{
+  type: import_core.Injectable
+}] });
+const _OAuthService = class _OAuthService extends AuthConfig {
+  constructor(ngZone, http, storage, tokenValidationHandler, config, urlHelper, logger, crypto, document, dateTimeService) {
+    var _a;
+    super();
+    this.ngZone = ngZone;
+    this.http = http;
+    this.config = config;
+    this.urlHelper = urlHelper;
+    this.logger = logger;
+    this.crypto = crypto;
+    this.dateTimeService = dateTimeService;
+    this.discoveryDocumentLoaded = false;
+    this.state = "";
+    this.eventsSubject = new import_rxjs.Subject();
+    this.discoveryDocumentLoadedSubject = new import_rxjs.Subject();
+    this.grantTypesSupported = [];
+    this.inImplicitFlow = false;
+    this.saveNoncesInLocalStorage = false;
+    this.debug("angular-oauth2-oidc v10");
+    this.document = document;
+    if (!config) {
+      config = {};
+    }
+    this.discoveryDocumentLoaded$ = this.discoveryDocumentLoadedSubject.asObservable();
+    this.events = this.eventsSubject.asObservable();
+    if (tokenValidationHandler) {
+      this.tokenValidationHandler = tokenValidationHandler;
+    }
+    if (config) {
+      this.configure(config);
+    }
+    try {
+      if (storage) {
+        this.setStorage(storage);
+      } else if (typeof sessionStorage !== "undefined") {
+        this.setStorage(sessionStorage);
+      }
+    } catch (e) {
+      console.error("No OAuthStorage provided and cannot access default (sessionStorage).Consider providing a custom OAuthStorage implementation in your module.", e);
+    }
+    if (this.checkLocalStorageAccessable()) {
+      const ua = (_a = window == null ? void 0 : window.navigator) == null ? void 0 : _a.userAgent;
+      const msie = (ua == null ? void 0 : ua.includes("MSIE ")) || (ua == null ? void 0 : ua.includes("Trident"));
+      if (msie) {
+        this.saveNoncesInLocalStorage = true;
+      }
+    }
+    this.setupRefreshTimer();
+  }
+  checkLocalStorageAccessable() {
+    if (typeof window === "undefined")
+      return false;
+    const test = "test";
+    try {
+      if (typeof window["localStorage"] === "undefined")
+        return false;
+      localStorage.setItem(test, test);
+      localStorage.removeItem(test);
+      return true;
+    } catch (e) {
+      return false;
+    }
+  }
+  /**
+   * Use this method to configure the service
+   * @param config the configuration
+   */
+  configure(config) {
+    Object.assign(this, new AuthConfig(), config);
+    this.config = Object.assign({}, new AuthConfig(), config);
+    if (this.sessionChecksEnabled) {
+      this.setupSessionCheck();
+    }
+    this.configChanged();
+  }
+  configChanged() {
+    this.setupRefreshTimer();
+  }
+  restartSessionChecksIfStillLoggedIn() {
+    if (this.hasValidIdToken()) {
+      this.initSessionCheck();
+    }
+  }
+  restartRefreshTimerIfStillLoggedIn() {
+    this.setupExpirationTimers();
+  }
+  setupSessionCheck() {
+    this.events.pipe((0, import_operators.filter)((e) => e.type === "token_received")).subscribe(() => {
+      this.initSessionCheck();
+    });
+  }
+  /**
+   * Will setup up silent refreshing for when the token is
+   * about to expire. When the user is logged out via this.logOut method, the
+   * silent refreshing will pause and not refresh the tokens until the user is
+   * logged back in via receiving a new token.
+   * @param params Additional parameter to pass
+   * @param listenTo Setup automatic refresh of a specific token type
+   */
+  setupAutomaticSilentRefresh(params = {}, listenTo, noPrompt = true) {
+    let shouldRunSilentRefresh = true;
+    this.clearAutomaticRefreshTimer();
+    this.automaticRefreshSubscription = this.events.pipe((0, import_operators.tap)((e) => {
+      if (e.type === "token_received") {
+        shouldRunSilentRefresh = true;
+      } else if (e.type === "logout") {
+        shouldRunSilentRefresh = false;
+      }
+    }), (0, import_operators.filter)((e) => e.type === "token_expires" && (listenTo == null || listenTo === "any" || e.info === listenTo)), (0, import_operators.debounceTime)(1e3)).subscribe(() => {
+      if (shouldRunSilentRefresh) {
+        this.refreshInternal(params, noPrompt).catch(() => {
+          this.debug("Automatic silent refresh did not work");
+        });
+      }
+    });
+    this.restartRefreshTimerIfStillLoggedIn();
+  }
+  refreshInternal(params, noPrompt) {
+    if (!this.useSilentRefresh && this.responseType === "code") {
+      return this.refreshToken();
+    } else {
+      return this.silentRefresh(params, noPrompt);
+    }
+  }
+  /**
+   * Convenience method that first calls `loadDiscoveryDocument(...)` and
+   * directly chains using the `then(...)` part of the promise to call
+   * the `tryLogin(...)` method.
+   *
+   * @param options LoginOptions to pass through to `tryLogin(...)`
+   */
+  loadDiscoveryDocumentAndTryLogin(options = null) {
+    return this.loadDiscoveryDocument().then(() => {
+      return this.tryLogin(options);
+    });
+  }
+  /**
+   * Convenience method that first calls `loadDiscoveryDocumentAndTryLogin(...)`
+   * and if then chains to `initLoginFlow()`, but only if there is no valid
+   * IdToken or no valid AccessToken.
+   *
+   * @param options LoginOptions to pass through to `tryLogin(...)`
+   */
+  loadDiscoveryDocumentAndLogin(options = null) {
+    options = options || {};
+    return this.loadDiscoveryDocumentAndTryLogin(options).then(() => {
+      if (!this.hasValidIdToken() || !this.hasValidAccessToken()) {
+        const state = typeof options.state === "string" ? options.state : "";
+        this.initLoginFlow(state);
+        return false;
+      } else {
+        return true;
+      }
+    });
+  }
+  debug(...args) {
+    if (this.showDebugInformation) {
+      this.logger.debug(...args);
+    }
+  }
+  validateUrlFromDiscoveryDocument(url) {
+    const errors = [];
+    const httpsCheck = this.validateUrlForHttps(url);
+    const issuerCheck = this.validateUrlAgainstIssuer(url);
+    if (!httpsCheck) {
+      errors.push("https for all urls required. Also for urls received by discovery.");
+    }
+    if (!issuerCheck) {
+      errors.push("Every url in discovery document has to start with the issuer url.Also see property strictDiscoveryDocumentValidation.");
+    }
+    return errors;
+  }
+  validateUrlForHttps(url) {
+    if (!url) {
+      return true;
+    }
+    const lcUrl = url.toLowerCase();
+    if (this.requireHttps === false) {
+      return true;
+    }
+    if ((lcUrl.match(/^http:\/\/localhost($|[:/])/) || lcUrl.match(/^http:\/\/localhost($|[:/])/)) && this.requireHttps === "remoteOnly") {
+      return true;
+    }
+    return lcUrl.startsWith("https://");
+  }
+  assertUrlNotNullAndCorrectProtocol(url, description) {
+    if (!url) {
+      throw new Error(`'${description}' should not be null`);
+    }
+    if (!this.validateUrlForHttps(url)) {
+      throw new Error(`'${description}' must use HTTPS (with TLS), or config value for property 'requireHttps' must be set to 'false' and allow HTTP (without TLS).`);
+    }
+  }
+  validateUrlAgainstIssuer(url) {
+    if (!this.strictDiscoveryDocumentValidation) {
+      return true;
+    }
+    if (!url) {
+      return true;
+    }
+    return url.toLowerCase().startsWith(this.issuer.toLowerCase());
+  }
+  setupRefreshTimer() {
+    if (typeof window === "undefined") {
+      this.debug("timer not supported on this plattform");
+      return;
+    }
+    if (this.hasValidIdToken() || this.hasValidAccessToken()) {
+      this.clearAccessTokenTimer();
+      this.clearIdTokenTimer();
+      this.setupExpirationTimers();
+    }
+    if (this.tokenReceivedSubscription)
+      this.tokenReceivedSubscription.unsubscribe();
+    this.tokenReceivedSubscription = this.events.pipe((0, import_operators.filter)((e) => e.type === "token_received")).subscribe(() => {
+      this.clearAccessTokenTimer();
+      this.clearIdTokenTimer();
+      this.setupExpirationTimers();
+    });
+  }
+  setupExpirationTimers() {
+    if (this.hasValidAccessToken()) {
+      this.setupAccessTokenTimer();
+    }
+    if (!this.disableIdTokenTimer && this.hasValidIdToken()) {
+      this.setupIdTokenTimer();
+    }
+  }
+  setupAccessTokenTimer() {
+    const expiration = this.getAccessTokenExpiration();
+    const storedAt = this.getAccessTokenStoredAt();
+    const timeout2 = this.calcTimeout(storedAt, expiration);
+    this.ngZone.runOutsideAngular(() => {
+      this.accessTokenTimeoutSubscription = (0, import_rxjs.of)(new OAuthInfoEvent("token_expires", "access_token")).pipe((0, import_operators.delay)(timeout2)).subscribe((e) => {
+        this.ngZone.run(() => {
+          this.eventsSubject.next(e);
+        });
+      });
+    });
+  }
+  setupIdTokenTimer() {
+    const expiration = this.getIdTokenExpiration();
+    const storedAt = this.getIdTokenStoredAt();
+    const timeout2 = this.calcTimeout(storedAt, expiration);
+    this.ngZone.runOutsideAngular(() => {
+      this.idTokenTimeoutSubscription = (0, import_rxjs.of)(new OAuthInfoEvent("token_expires", "id_token")).pipe((0, import_operators.delay)(timeout2)).subscribe((e) => {
+        this.ngZone.run(() => {
+          this.eventsSubject.next(e);
+        });
+      });
+    });
+  }
+  /**
+   * Stops timers for automatic refresh.
+   * To restart it, call setupAutomaticSilentRefresh again.
+   */
+  stopAutomaticRefresh() {
+    this.clearAccessTokenTimer();
+    this.clearIdTokenTimer();
+    this.clearAutomaticRefreshTimer();
+  }
+  clearAccessTokenTimer() {
+    if (this.accessTokenTimeoutSubscription) {
+      this.accessTokenTimeoutSubscription.unsubscribe();
+    }
+  }
+  clearIdTokenTimer() {
+    if (this.idTokenTimeoutSubscription) {
+      this.idTokenTimeoutSubscription.unsubscribe();
+    }
+  }
+  clearAutomaticRefreshTimer() {
+    if (this.automaticRefreshSubscription) {
+      this.automaticRefreshSubscription.unsubscribe();
+    }
+  }
+  calcTimeout(storedAt, expiration) {
+    const now = this.dateTimeService.now();
+    const delta = (expiration - storedAt) * this.timeoutFactor - (now - storedAt);
+    const duration = Math.max(0, delta);
+    const maxTimeoutValue = 2147483647;
+    return duration > maxTimeoutValue ? maxTimeoutValue : duration;
+  }
+  /**
+   * DEPRECATED. Use a provider for OAuthStorage instead:
+   *
+   * { provide: OAuthStorage, useFactory: oAuthStorageFactory }
+   * export function oAuthStorageFactory(): OAuthStorage { return localStorage; }
+   * Sets a custom storage used to store the received
+   * tokens on client side. By default, the browser's
+   * sessionStorage is used.
+   * @ignore
+   *
+   * @param storage
+   */
+  setStorage(storage) {
+    this._storage = storage;
+    this.configChanged();
+  }
+  /**
+   * Loads the discovery document to configure most
+   * properties of this service. The url of the discovery
+   * document is infered from the issuer's url according
+   * to the OpenId Connect spec. To use another url you
+   * can pass it to to optional parameter fullUrl.
+   *
+   * @param fullUrl
+   */
+  loadDiscoveryDocument(fullUrl = null) {
+    return new Promise((resolve, reject) => {
+      if (!fullUrl) {
+        fullUrl = this.issuer || "";
+        if (!fullUrl.endsWith("/")) {
+          fullUrl += "/";
+        }
+        fullUrl += ".well-known/openid-configuration";
+      }
+      if (!this.validateUrlForHttps(fullUrl)) {
+        reject("issuer  must use HTTPS (with TLS), or config value for property 'requireHttps' must be set to 'false' and allow HTTP (without TLS).");
+        return;
+      }
+      this.http.get(fullUrl).subscribe((doc) => {
+        if (!this.validateDiscoveryDocument(doc)) {
+          this.eventsSubject.next(new OAuthErrorEvent("discovery_document_validation_error", null));
+          reject("discovery_document_validation_error");
+          return;
+        }
+        this.loginUrl = doc.authorization_endpoint;
+        this.logoutUrl = doc.end_session_endpoint || this.logoutUrl;
+        this.grantTypesSupported = doc.grant_types_supported;
+        this.issuer = doc.issuer;
+        this.tokenEndpoint = doc.token_endpoint;
+        this.userinfoEndpoint = doc.userinfo_endpoint || this.userinfoEndpoint;
+        this.jwksUri = doc.jwks_uri;
+        this.sessionCheckIFrameUrl = doc.check_session_iframe || this.sessionCheckIFrameUrl;
+        this.discoveryDocumentLoaded = true;
+        this.discoveryDocumentLoadedSubject.next(doc);
+        this.revocationEndpoint = doc.revocation_endpoint || this.revocationEndpoint;
+        if (this.sessionChecksEnabled) {
+          this.restartSessionChecksIfStillLoggedIn();
+        }
+        this.loadJwks().then((jwks) => {
+          const result = {
+            discoveryDocument: doc,
+            jwks
+          };
+          const event = new OAuthSuccessEvent("discovery_document_loaded", result);
+          this.eventsSubject.next(event);
+          resolve(event);
+          return;
+        }).catch((err2) => {
+          this.eventsSubject.next(new OAuthErrorEvent("discovery_document_load_error", err2));
+          reject(err2);
+          return;
+        });
+      }, (err2) => {
+        this.logger.error("error loading discovery document", err2);
+        this.eventsSubject.next(new OAuthErrorEvent("discovery_document_load_error", err2));
+        reject(err2);
+      });
+    });
+  }
+  loadJwks() {
+    return new Promise((resolve, reject) => {
+      if (this.jwksUri) {
+        this.http.get(this.jwksUri).subscribe((jwks) => {
+          this.jwks = jwks;
+          resolve(jwks);
+        }, (err2) => {
+          this.logger.error("error loading jwks", err2);
+          this.eventsSubject.next(new OAuthErrorEvent("jwks_load_error", err2));
+          reject(err2);
+        });
+      } else {
+        resolve(null);
+      }
+    });
+  }
+  validateDiscoveryDocument(doc) {
+    let errors;
+    if (!this.skipIssuerCheck && doc.issuer !== this.issuer) {
+      this.logger.error("invalid issuer in discovery document", "expected: " + this.issuer, "current: " + doc.issuer);
+      return false;
+    }
+    errors = this.validateUrlFromDiscoveryDocument(doc.authorization_endpoint);
+    if (errors.length > 0) {
+      this.logger.error("error validating authorization_endpoint in discovery document", errors);
+      return false;
+    }
+    errors = this.validateUrlFromDiscoveryDocument(doc.end_session_endpoint);
+    if (errors.length > 0) {
+      this.logger.error("error validating end_session_endpoint in discovery document", errors);
+      return false;
+    }
+    errors = this.validateUrlFromDiscoveryDocument(doc.token_endpoint);
+    if (errors.length > 0) {
+      this.logger.error("error validating token_endpoint in discovery document", errors);
+    }
+    errors = this.validateUrlFromDiscoveryDocument(doc.revocation_endpoint);
+    if (errors.length > 0) {
+      this.logger.error("error validating revocation_endpoint in discovery document", errors);
+    }
+    errors = this.validateUrlFromDiscoveryDocument(doc.userinfo_endpoint);
+    if (errors.length > 0) {
+      this.logger.error("error validating userinfo_endpoint in discovery document", errors);
+      return false;
+    }
+    errors = this.validateUrlFromDiscoveryDocument(doc.jwks_uri);
+    if (errors.length > 0) {
+      this.logger.error("error validating jwks_uri in discovery document", errors);
+      return false;
+    }
+    if (this.sessionChecksEnabled && !doc.check_session_iframe) {
+      this.logger.warn("sessionChecksEnabled is activated but discovery document does not contain a check_session_iframe field");
+    }
+    return true;
+  }
+  /**
+   * Uses password flow to exchange userName and password for an
+   * access_token. After receiving the access_token, this method
+   * uses it to query the userinfo endpoint in order to get information
+   * about the user in question.
+   *
+   * When using this, make sure that the property oidc is set to false.
+   * Otherwise stricter validations take place that make this operation
+   * fail.
+   *
+   * @param userName
+   * @param password
+   * @param headers Optional additional http-headers.
+   */
+  fetchTokenUsingPasswordFlowAndLoadUserProfile(userName, password, headers = new import_http.HttpHeaders()) {
+    return this.fetchTokenUsingPasswordFlow(userName, password, headers).then(() => this.loadUserProfile());
+  }
+  /**
+   * Loads the user profile by accessing the user info endpoint defined by OpenId Connect.
+   *
+   * When using this with OAuth2 password flow, make sure that the property oidc is set to false.
+   * Otherwise stricter validations take place that make this operation fail.
+   */
+  loadUserProfile() {
+    if (!this.hasValidAccessToken()) {
+      throw new Error("Can not load User Profile without access_token");
+    }
+    if (!this.validateUrlForHttps(this.userinfoEndpoint)) {
+      throw new Error("userinfoEndpoint must use HTTPS (with TLS), or config value for property 'requireHttps' must be set to 'false' and allow HTTP (without TLS).");
+    }
+    return new Promise((resolve, reject) => {
+      const headers = new import_http.HttpHeaders().set("Authorization", "Bearer " + this.getAccessToken());
+      this.http.get(this.userinfoEndpoint, {
+        headers,
+        observe: "response",
+        responseType: "text"
+      }).subscribe((response) => {
+        this.debug("userinfo received", JSON.stringify(response));
+        if (response.headers.get("content-type").startsWith("application/json")) {
+          let info = JSON.parse(response.body);
+          const existingClaims = this.getIdentityClaims() || {};
+          if (!this.skipSubjectCheck) {
+            if (this.oidc && (!existingClaims["sub"] || info.sub !== existingClaims["sub"])) {
+              const err2 = "if property oidc is true, the received user-id (sub) has to be the user-id of the user that has logged in with oidc.\nif you are not using oidc but just oauth2 password flow set oidc to false";
+              reject(err2);
+              return;
+            }
+          }
+          info = Object.assign({}, existingClaims, info);
+          this._storage.setItem("id_token_claims_obj", JSON.stringify(info));
+          this.eventsSubject.next(new OAuthSuccessEvent("user_profile_loaded"));
+          resolve({ info });
+        } else {
+          this.debug("userinfo is not JSON, treating it as JWE/JWS");
+          this.eventsSubject.next(new OAuthSuccessEvent("user_profile_loaded"));
+          resolve(JSON.parse(response.body));
+        }
+      }, (err2) => {
+        this.logger.error("error loading user info", err2);
+        this.eventsSubject.next(new OAuthErrorEvent("user_profile_load_error", err2));
+        reject(err2);
+      });
+    });
+  }
+  /**
+   * Uses password flow to exchange userName and password for an access_token.
+   * @param userName
+   * @param password
+   * @param headers Optional additional http-headers.
+   */
+  fetchTokenUsingPasswordFlow(userName, password, headers = new import_http.HttpHeaders()) {
+    const parameters = {
+      username: userName,
+      password
+    };
+    return this.fetchTokenUsingGrant("password", parameters, headers);
+  }
+  /**
+   * Uses a custom grant type to retrieve tokens.
+   * @param grantType Grant type.
+   * @param parameters Parameters to pass.
+   * @param headers Optional additional HTTP headers.
+   */
+  fetchTokenUsingGrant(grantType, parameters, headers = new import_http.HttpHeaders()) {
+    this.assertUrlNotNullAndCorrectProtocol(this.tokenEndpoint, "tokenEndpoint");
+    let params = new import_http.HttpParams({ encoder: new WebHttpUrlEncodingCodec() }).set("grant_type", grantType).set("scope", this.scope);
+    if (this.useHttpBasicAuth) {
+      const header = btoa(`${this.clientId}:${this.dummyClientSecret}`);
+      headers = headers.set("Authorization", "Basic " + header);
+    }
+    if (!this.useHttpBasicAuth) {
+      params = params.set("client_id", this.clientId);
+    }
+    if (!this.useHttpBasicAuth && this.dummyClientSecret) {
+      params = params.set("client_secret", this.dummyClientSecret);
+    }
+    if (this.customQueryParams) {
+      for (const key of Object.getOwnPropertyNames(this.customQueryParams)) {
+        params = params.set(key, this.customQueryParams[key]);
+      }
+    }
+    for (const key of Object.keys(parameters)) {
+      params = params.set(key, parameters[key]);
+    }
+    headers = headers.set("Content-Type", "application/x-www-form-urlencoded");
+    return new Promise((resolve, reject) => {
+      this.http.post(this.tokenEndpoint, params, { headers }).subscribe((tokenResponse) => {
+        this.debug("tokenResponse", tokenResponse);
+        this.storeAccessTokenResponse(tokenResponse.access_token, tokenResponse.refresh_token, tokenResponse.expires_in || this.fallbackAccessTokenExpirationTimeInSec, tokenResponse.scope, this.extractRecognizedCustomParameters(tokenResponse));
+        if (this.oidc && tokenResponse.id_token) {
+          this.processIdToken(tokenResponse.id_token, tokenResponse.access_token).then((result) => {
+            this.storeIdToken(result);
+            resolve(tokenResponse);
+          });
+        }
+        this.eventsSubject.next(new OAuthSuccessEvent("token_received"));
+        resolve(tokenResponse);
+      }, (err2) => {
+        this.logger.error("Error performing ${grantType} flow", err2);
+        this.eventsSubject.next(new OAuthErrorEvent("token_error", err2));
+        reject(err2);
+      });
+    });
+  }
+  /**
+   * Refreshes the token using a refresh_token.
+   * This does not work for implicit flow, b/c
+   * there is no refresh_token in this flow.
+   * A solution for this is provided by the
+   * method silentRefresh.
+   */
+  refreshToken() {
+    this.assertUrlNotNullAndCorrectProtocol(this.tokenEndpoint, "tokenEndpoint");
+    return new Promise((resolve, reject) => {
+      let params = new import_http.HttpParams({ encoder: new WebHttpUrlEncodingCodec() }).set("grant_type", "refresh_token").set("scope", this.scope).set("refresh_token", this._storage.getItem("refresh_token"));
+      let headers = new import_http.HttpHeaders().set("Content-Type", "application/x-www-form-urlencoded");
+      if (this.useHttpBasicAuth) {
+        const header = btoa(`${this.clientId}:${this.dummyClientSecret}`);
+        headers = headers.set("Authorization", "Basic " + header);
+      }
+      if (!this.useHttpBasicAuth) {
+        params = params.set("client_id", this.clientId);
+      }
+      if (!this.useHttpBasicAuth && this.dummyClientSecret) {
+        params = params.set("client_secret", this.dummyClientSecret);
+      }
+      if (this.customQueryParams) {
+        for (const key of Object.getOwnPropertyNames(this.customQueryParams)) {
+          params = params.set(key, this.customQueryParams[key]);
+        }
+      }
+      this.http.post(this.tokenEndpoint, params, { headers }).pipe((0, import_operators.switchMap)((tokenResponse) => {
+        if (this.oidc && tokenResponse.id_token) {
+          return (0, import_rxjs.from)(this.processIdToken(tokenResponse.id_token, tokenResponse.access_token, true)).pipe((0, import_operators.tap)((result) => this.storeIdToken(result)), (0, import_operators.map)(() => tokenResponse));
+        } else {
+          return (0, import_rxjs.of)(tokenResponse);
+        }
+      })).subscribe((tokenResponse) => {
+        this.debug("refresh tokenResponse", tokenResponse);
+        this.storeAccessTokenResponse(tokenResponse.access_token, tokenResponse.refresh_token, tokenResponse.expires_in || this.fallbackAccessTokenExpirationTimeInSec, tokenResponse.scope, this.extractRecognizedCustomParameters(tokenResponse));
+        this.eventsSubject.next(new OAuthSuccessEvent("token_received"));
+        this.eventsSubject.next(new OAuthSuccessEvent("token_refreshed"));
+        resolve(tokenResponse);
+      }, (err2) => {
+        this.logger.error("Error refreshing token", err2);
+        this.eventsSubject.next(new OAuthErrorEvent("token_refresh_error", err2));
+        reject(err2);
+      });
+    });
+  }
+  removeSilentRefreshEventListener() {
+    if (this.silentRefreshPostMessageEventListener) {
+      window.removeEventListener("message", this.silentRefreshPostMessageEventListener);
+      this.silentRefreshPostMessageEventListener = null;
+    }
+  }
+  setupSilentRefreshEventListener() {
+    this.removeSilentRefreshEventListener();
+    this.silentRefreshPostMessageEventListener = (e) => {
+      const message = this.processMessageEventMessage(e);
+      if (this.checkOrigin && e.origin !== location.origin) {
+        console.error("wrong origin requested silent refresh!");
+      }
+      this.tryLogin({
+        customHashFragment: message,
+        preventClearHashAfterLogin: true,
+        customRedirectUri: this.silentRefreshRedirectUri || this.redirectUri
+      }).catch((err2) => this.debug("tryLogin during silent refresh failed", err2));
+    };
+    window.addEventListener("message", this.silentRefreshPostMessageEventListener);
+  }
+  /**
+   * Performs a silent refresh for implicit flow.
+   * Use this method to get new tokens when/before
+   * the existing tokens expire.
+   */
+  silentRefresh(params = {}, noPrompt = true) {
+    const claims = this.getIdentityClaims() || {};
+    if (this.useIdTokenHintForSilentRefresh && this.hasValidIdToken()) {
+      params["id_token_hint"] = this.getIdToken();
+    }
+    if (!this.validateUrlForHttps(this.loginUrl)) {
+      throw new Error("loginUrl  must use HTTPS (with TLS), or config value for property 'requireHttps' must be set to 'false' and allow HTTP (without TLS).");
+    }
+    if (typeof this.document === "undefined") {
+      throw new Error("silent refresh is not supported on this platform");
+    }
+    const existingIframe = this.document.getElementById(this.silentRefreshIFrameName);
+    if (existingIframe) {
+      this.document.body.removeChild(existingIframe);
+    }
+    this.silentRefreshSubject = claims["sub"];
+    const iframe = this.document.createElement("iframe");
+    iframe.id = this.silentRefreshIFrameName;
+    this.setupSilentRefreshEventListener();
+    const redirectUri = this.silentRefreshRedirectUri || this.redirectUri;
+    this.createLoginUrl(null, null, redirectUri, noPrompt, params).then((url) => {
+      iframe.setAttribute("src", url);
+      if (!this.silentRefreshShowIFrame) {
+        iframe.style["display"] = "none";
+      }
+      this.document.body.appendChild(iframe);
+    });
+    const errors = this.events.pipe((0, import_operators.filter)((e) => e instanceof OAuthErrorEvent), (0, import_operators.first)());
+    const success = this.events.pipe((0, import_operators.filter)((e) => e.type === "token_received"), (0, import_operators.first)());
+    const timeout2 = (0, import_rxjs.of)(new OAuthErrorEvent("silent_refresh_timeout", null)).pipe((0, import_operators.delay)(this.silentRefreshTimeout));
+    return (0, import_rxjs.race)([errors, success, timeout2]).pipe((0, import_operators.map)((e) => {
+      if (e instanceof OAuthErrorEvent) {
+        if (e.type === "silent_refresh_timeout") {
+          this.eventsSubject.next(e);
+        } else {
+          e = new OAuthErrorEvent("silent_refresh_error", e);
+          this.eventsSubject.next(e);
+        }
+        throw e;
+      } else if (e.type === "token_received") {
+        e = new OAuthSuccessEvent("silently_refreshed");
+        this.eventsSubject.next(e);
+      }
+      return e;
+    })).toPromise();
+  }
+  /**
+   * This method exists for backwards compatibility.
+   * {@link OAuthService#initLoginFlowInPopup} handles both code
+   * and implicit flows.
+   */
+  initImplicitFlowInPopup(options) {
+    return this.initLoginFlowInPopup(options);
+  }
+  initLoginFlowInPopup(options) {
+    options = options || {};
+    return this.createLoginUrl(null, null, this.silentRefreshRedirectUri, false, {
+      display: "popup"
+    }).then((url) => {
+      return new Promise((resolve, reject) => {
+        const checkForPopupClosedInterval = 500;
+        let windowRef = null;
+        if (!options.windowRef) {
+          windowRef = window.open(url, "ngx-oauth2-oidc-login", this.calculatePopupFeatures(options));
+        } else if (options.windowRef && !options.windowRef.closed) {
+          windowRef = options.windowRef;
+          windowRef.location.href = url;
+        }
+        let checkForPopupClosedTimer;
+        const tryLogin = (hash2) => {
+          this.tryLogin({
+            customHashFragment: hash2,
+            preventClearHashAfterLogin: true,
+            customRedirectUri: this.silentRefreshRedirectUri
+          }).then(() => {
+            cleanup();
+            resolve(true);
+          }, (err2) => {
+            cleanup();
+            reject(err2);
+          });
+        };
+        const checkForPopupClosed = () => {
+          if (!windowRef || windowRef.closed) {
+            cleanup();
+            reject(new OAuthErrorEvent("popup_closed", {}));
+          }
+        };
+        if (!windowRef) {
+          reject(new OAuthErrorEvent("popup_blocked", {}));
+        } else {
+          checkForPopupClosedTimer = window.setInterval(checkForPopupClosed, checkForPopupClosedInterval);
+        }
+        const cleanup = () => {
+          window.clearInterval(checkForPopupClosedTimer);
+          window.removeEventListener("storage", storageListener);
+          window.removeEventListener("message", listener);
+          if (windowRef !== null) {
+            windowRef.close();
+          }
+          windowRef = null;
+        };
+        const listener = (e) => {
+          const message = this.processMessageEventMessage(e);
+          if (message && message !== null) {
+            window.removeEventListener("storage", storageListener);
+            tryLogin(message);
+          } else {
+            console.log("false event firing");
+          }
+        };
+        const storageListener = (event) => {
+          if (event.key === "auth_hash") {
+            window.removeEventListener("message", listener);
+            tryLogin(event.newValue);
+          }
+        };
+        window.addEventListener("message", listener);
+        window.addEventListener("storage", storageListener);
+      });
+    });
+  }
+  calculatePopupFeatures(options) {
+    const height = options.height || 470;
+    const width = options.width || 500;
+    const left = window.screenLeft + (window.outerWidth - width) / 2;
+    const top = window.screenTop + (window.outerHeight - height) / 2;
+    return `location=no,toolbar=no,width=${width},height=${height},top=${top},left=${left}`;
+  }
+  processMessageEventMessage(e) {
+    let expectedPrefix = "#";
+    if (this.silentRefreshMessagePrefix) {
+      expectedPrefix += this.silentRefreshMessagePrefix;
+    }
+    if (!e || !e.data || typeof e.data !== "string") {
+      return;
+    }
+    const prefixedMessage = e.data;
+    if (!prefixedMessage.startsWith(expectedPrefix)) {
+      return;
+    }
+    return "#" + prefixedMessage.substr(expectedPrefix.length);
+  }
+  canPerformSessionCheck() {
+    if (!this.sessionChecksEnabled) {
+      return false;
+    }
+    if (!this.sessionCheckIFrameUrl) {
+      console.warn("sessionChecksEnabled is activated but there is no sessionCheckIFrameUrl");
+      return false;
+    }
+    const sessionState = this.getSessionState();
+    if (!sessionState) {
+      console.warn("sessionChecksEnabled is activated but there is no session_state");
+      return false;
+    }
+    if (typeof this.document === "undefined") {
+      return false;
+    }
+    return true;
+  }
+  setupSessionCheckEventListener() {
+    this.removeSessionCheckEventListener();
+    this.sessionCheckEventListener = (e) => {
+      const origin = e.origin.toLowerCase();
+      const issuer = this.issuer.toLowerCase();
+      this.debug("sessionCheckEventListener");
+      if (!issuer.startsWith(origin)) {
+        this.debug("sessionCheckEventListener", "wrong origin", origin, "expected", issuer, "event", e);
+        return;
+      }
+      switch (e.data) {
+        case "unchanged":
+          this.ngZone.run(() => {
+            this.handleSessionUnchanged();
+          });
+          break;
+        case "changed":
+          this.ngZone.run(() => {
+            this.handleSessionChange();
+          });
+          break;
+        case "error":
+          this.ngZone.run(() => {
+            this.handleSessionError();
+          });
+          break;
+      }
+      this.debug("got info from session check inframe", e);
+    };
+    this.ngZone.runOutsideAngular(() => {
+      window.addEventListener("message", this.sessionCheckEventListener);
+    });
+  }
+  handleSessionUnchanged() {
+    this.debug("session check", "session unchanged");
+    this.eventsSubject.next(new OAuthInfoEvent("session_unchanged"));
+  }
+  handleSessionChange() {
+    this.eventsSubject.next(new OAuthInfoEvent("session_changed"));
+    this.stopSessionCheckTimer();
+    if (!this.useSilentRefresh && this.responseType === "code") {
+      this.refreshToken().then(() => {
+        this.debug("token refresh after session change worked");
+      }).catch(() => {
+        this.debug("token refresh did not work after session changed");
+        this.eventsSubject.next(new OAuthInfoEvent("session_terminated"));
+        this.logOut(true);
+      });
+    } else if (this.silentRefreshRedirectUri) {
+      this.silentRefresh().catch(() => this.debug("silent refresh failed after session changed"));
+      this.waitForSilentRefreshAfterSessionChange();
+    } else {
+      this.eventsSubject.next(new OAuthInfoEvent("session_terminated"));
+      this.logOut(true);
+    }
+  }
+  waitForSilentRefreshAfterSessionChange() {
+    this.events.pipe((0, import_operators.filter)((e) => e.type === "silently_refreshed" || e.type === "silent_refresh_timeout" || e.type === "silent_refresh_error"), (0, import_operators.first)()).subscribe((e) => {
+      if (e.type !== "silently_refreshed") {
+        this.debug("silent refresh did not work after session changed");
+        this.eventsSubject.next(new OAuthInfoEvent("session_terminated"));
+        this.logOut(true);
+      }
+    });
+  }
+  handleSessionError() {
+    this.stopSessionCheckTimer();
+    this.eventsSubject.next(new OAuthInfoEvent("session_error"));
+  }
+  removeSessionCheckEventListener() {
+    if (this.sessionCheckEventListener) {
+      window.removeEventListener("message", this.sessionCheckEventListener);
+      this.sessionCheckEventListener = null;
+    }
+  }
+  initSessionCheck() {
+    if (!this.canPerformSessionCheck()) {
+      return;
+    }
+    const existingIframe = this.document.getElementById(this.sessionCheckIFrameName);
+    if (existingIframe) {
+      this.document.body.removeChild(existingIframe);
+    }
+    const iframe = this.document.createElement("iframe");
+    iframe.id = this.sessionCheckIFrameName;
+    this.setupSessionCheckEventListener();
+    const url = this.sessionCheckIFrameUrl;
+    iframe.setAttribute("src", url);
+    iframe.style.display = "none";
+    this.document.body.appendChild(iframe);
+    this.startSessionCheckTimer();
+  }
+  startSessionCheckTimer() {
+    this.stopSessionCheckTimer();
+    this.ngZone.runOutsideAngular(() => {
+      this.sessionCheckTimer = setInterval(this.checkSession.bind(this), this.sessionCheckIntervall);
+    });
+  }
+  stopSessionCheckTimer() {
+    if (this.sessionCheckTimer) {
+      clearInterval(this.sessionCheckTimer);
+      this.sessionCheckTimer = null;
+    }
+  }
+  checkSession() {
+    const iframe = this.document.getElementById(this.sessionCheckIFrameName);
+    if (!iframe) {
+      this.logger.warn("checkSession did not find iframe", this.sessionCheckIFrameName);
+    }
+    const sessionState = this.getSessionState();
+    if (!sessionState) {
+      this.stopSessionCheckTimer();
+    }
+    const message = this.clientId + " " + sessionState;
+    iframe.contentWindow.postMessage(message, this.issuer);
+  }
+  createLoginUrl() {
+    return __async(this, arguments, function* (state = "", loginHint = "", customRedirectUri = "", noPrompt = false, params = {}) {
+      const that = this;
+      let redirectUri;
+      if (customRedirectUri) {
+        redirectUri = customRedirectUri;
+      } else {
+        redirectUri = this.redirectUri;
+      }
+      const nonce = yield this.createAndSaveNonce();
+      if (state) {
+        state = nonce + this.config.nonceStateSeparator + encodeURIComponent(state);
+      } else {
+        state = nonce;
+      }
+      if (!this.requestAccessToken && !this.oidc) {
+        throw new Error("Either requestAccessToken or oidc or both must be true");
+      }
+      if (this.config.responseType) {
+        this.responseType = this.config.responseType;
+      } else {
+        if (this.oidc && this.requestAccessToken) {
+          this.responseType = "id_token token";
+        } else if (this.oidc && !this.requestAccessToken) {
+          this.responseType = "id_token";
+        } else {
+          this.responseType = "token";
+        }
+      }
+      const seperationChar = that.loginUrl.indexOf("?") > -1 ? "&" : "?";
+      let scope = that.scope;
+      if (this.oidc && !scope.match(/(^|\s)openid($|\s)/)) {
+        scope = "openid " + scope;
+      }
+      let url = that.loginUrl + seperationChar + "response_type=" + encodeURIComponent(that.responseType) + "&client_id=" + encodeURIComponent(that.clientId) + "&state=" + encodeURIComponent(state) + "&redirect_uri=" + encodeURIComponent(redirectUri) + "&scope=" + encodeURIComponent(scope);
+      if (this.responseType.includes("code") && !this.disablePKCE) {
+        const [challenge, verifier] = yield this.createChallangeVerifierPairForPKCE();
+        if (this.saveNoncesInLocalStorage && typeof window["localStorage"] !== "undefined") {
+          localStorage.setItem("PKCE_verifier", verifier);
+        } else {
+          this._storage.setItem("PKCE_verifier", verifier);
+        }
+        url += "&code_challenge=" + challenge;
+        url += "&code_challenge_method=S256";
+      }
+      if (loginHint) {
+        url += "&login_hint=" + encodeURIComponent(loginHint);
+      }
+      if (that.resource) {
+        url += "&resource=" + encodeURIComponent(that.resource);
+      }
+      if (that.oidc) {
+        url += "&nonce=" + encodeURIComponent(nonce);
+      }
+      if (noPrompt) {
+        url += "&prompt=none";
+      }
+      for (const key of Object.keys(params)) {
+        url += "&" + encodeURIComponent(key) + "=" + encodeURIComponent(params[key]);
+      }
+      if (this.customQueryParams) {
+        for (const key of Object.getOwnPropertyNames(this.customQueryParams)) {
+          url += "&" + key + "=" + encodeURIComponent(this.customQueryParams[key]);
+        }
+      }
+      return url;
+    });
+  }
+  initImplicitFlowInternal(additionalState = "", params = "") {
+    if (this.inImplicitFlow) {
+      return;
+    }
+    this.inImplicitFlow = true;
+    if (!this.validateUrlForHttps(this.loginUrl)) {
+      throw new Error("loginUrl  must use HTTPS (with TLS), or config value for property 'requireHttps' must be set to 'false' and allow HTTP (without TLS).");
+    }
+    let addParams = {};
+    let loginHint = null;
+    if (typeof params === "string") {
+      loginHint = params;
+    } else if (typeof params === "object") {
+      addParams = params;
+    }
+    this.createLoginUrl(additionalState, loginHint, null, false, addParams).then(this.config.openUri).catch((error) => {
+      console.error("Error in initImplicitFlow", error);
+      this.inImplicitFlow = false;
+    });
+  }
+  /**
+   * Starts the implicit flow and redirects to user to
+   * the auth servers' login url.
+   *
+   * @param additionalState Optional state that is passed around.
+   *  You'll find this state in the property `state` after `tryLogin` logged in the user.
+   * @param params Hash with additional parameter. If it is a string, it is used for the
+   *               parameter loginHint (for the sake of compatibility with former versions)
+   */
+  initImplicitFlow(additionalState = "", params = "") {
+    if (this.loginUrl !== "") {
+      this.initImplicitFlowInternal(additionalState, params);
+    } else {
+      this.events.pipe((0, import_operators.filter)((e) => e.type === "discovery_document_loaded")).subscribe(() => this.initImplicitFlowInternal(additionalState, params));
+    }
+  }
+  /**
+   * Reset current implicit flow
+   *
+   * @description This method allows resetting the current implict flow in order to be initialized again.
+   */
+  resetImplicitFlow() {
+    this.inImplicitFlow = false;
+  }
+  callOnTokenReceivedIfExists(options) {
+    const that = this;
+    if (options.onTokenReceived) {
+      const tokenParams = {
+        idClaims: that.getIdentityClaims(),
+        idToken: that.getIdToken(),
+        accessToken: that.getAccessToken(),
+        state: that.state
+      };
+      options.onTokenReceived(tokenParams);
+    }
+  }
+  storeAccessTokenResponse(accessToken, refreshToken, expiresIn, grantedScopes, customParameters) {
+    this._storage.setItem("access_token", accessToken);
+    if (grantedScopes && !Array.isArray(grantedScopes)) {
+      this._storage.setItem("granted_scopes", JSON.stringify(grantedScopes.split(" ")));
+    } else if (grantedScopes && Array.isArray(grantedScopes)) {
+      this._storage.setItem("granted_scopes", JSON.stringify(grantedScopes));
+    }
+    this._storage.setItem("access_token_stored_at", "" + this.dateTimeService.now());
+    if (expiresIn) {
+      const expiresInMilliSeconds = expiresIn * 1e3;
+      const now = this.dateTimeService.new();
+      const expiresAt = now.getTime() + expiresInMilliSeconds;
+      this._storage.setItem("expires_at", "" + expiresAt);
+    }
+    if (refreshToken) {
+      this._storage.setItem("refresh_token", refreshToken);
+    }
+    if (customParameters) {
+      customParameters.forEach((value, key) => {
+        this._storage.setItem(key, value);
+      });
+    }
+  }
+  /**
+   * Delegates to tryLoginImplicitFlow for the sake of competability
+   * @param options Optional options.
+   */
+  tryLogin(options = null) {
+    if (this.config.responseType === "code") {
+      return this.tryLoginCodeFlow(options).then(() => true);
+    } else {
+      return this.tryLoginImplicitFlow(options);
+    }
+  }
+  parseQueryString(queryString) {
+    if (!queryString || queryString.length === 0) {
+      return {};
+    }
+    if (queryString.charAt(0) === "?") {
+      queryString = queryString.substr(1);
+    }
+    return this.urlHelper.parseQueryString(queryString);
+  }
+  tryLoginCodeFlow(options = null) {
+    return __async(this, null, function* () {
+      options = options || {};
+      const querySource = options.customHashFragment ? options.customHashFragment.substring(1) : window.location.search;
+      const parts = this.getCodePartsFromUrl(querySource);
+      const code = parts["code"];
+      const state = parts["state"];
+      const sessionState = parts["session_state"];
+      if (!options.preventClearHashAfterLogin) {
+        const href = location.origin + location.pathname + location.search.replace(/code=[^&$]*/, "").replace(/scope=[^&$]*/, "").replace(/state=[^&$]*/, "").replace(/session_state=[^&$]*/, "").replace(/^\?&/, "?").replace(/&$/, "").replace(/^\?$/, "").replace(/&+/g, "&").replace(/\?&/, "?").replace(/\?$/, "") + location.hash;
+        history.replaceState(null, window.name, href);
+      }
+      const [nonceInState, userState] = this.parseState(state);
+      this.state = userState;
+      if (parts["error"]) {
+        this.debug("error trying to login");
+        this.handleLoginError(options, parts);
+        const err2 = new OAuthErrorEvent("code_error", {}, parts);
+        this.eventsSubject.next(err2);
+        return Promise.reject(err2);
+      }
+      if (!options.disableNonceCheck) {
+        if (!nonceInState) {
+          this.saveRequestedRoute();
+          return Promise.resolve();
+        }
+        if (!options.disableOAuth2StateCheck) {
+          const success = this.validateNonce(nonceInState);
+          if (!success) {
+            const event = new OAuthErrorEvent("invalid_nonce_in_state", null);
+            this.eventsSubject.next(event);
+            return Promise.reject(event);
+          }
+        }
+      }
+      this.storeSessionState(sessionState);
+      if (code) {
+        yield this.getTokenFromCode(code, options);
+        this.restoreRequestedRoute();
+        return Promise.resolve();
+      } else {
+        return Promise.resolve();
+      }
+    });
+  }
+  saveRequestedRoute() {
+    if (this.config.preserveRequestedRoute) {
+      this._storage.setItem("requested_route", window.location.pathname + window.location.search);
+    }
+  }
+  restoreRequestedRoute() {
+    const requestedRoute = this._storage.getItem("requested_route");
+    if (requestedRoute) {
+      history.replaceState(null, "", window.location.origin + requestedRoute);
+    }
+  }
+  /**
+   * Retrieve the returned auth code from the redirect uri that has been called.
+   * If required also check hash, as we could use hash location strategy.
+   */
+  getCodePartsFromUrl(queryString) {
+    if (!queryString || queryString.length === 0) {
+      return this.urlHelper.getHashFragmentParams();
+    }
+    if (queryString.charAt(0) === "?") {
+      queryString = queryString.substr(1);
+    }
+    return this.urlHelper.parseQueryString(queryString);
+  }
+  /**
+   * Get token using an intermediate code. Works for the Authorization Code flow.
+   */
+  getTokenFromCode(code, options) {
+    let params = new import_http.HttpParams({ encoder: new WebHttpUrlEncodingCodec() }).set("grant_type", "authorization_code").set("code", code).set("redirect_uri", options.customRedirectUri || this.redirectUri);
+    if (!this.disablePKCE) {
+      let PKCEVerifier;
+      if (this.saveNoncesInLocalStorage && typeof window["localStorage"] !== "undefined") {
+        PKCEVerifier = localStorage.getItem("PKCE_verifier");
+      } else {
+        PKCEVerifier = this._storage.getItem("PKCE_verifier");
+      }
+      if (!PKCEVerifier) {
+        console.warn("No PKCE verifier found in oauth storage!");
+      } else {
+        params = params.set("code_verifier", PKCEVerifier);
+      }
+    }
+    return this.fetchAndProcessToken(params, options);
+  }
+  fetchAndProcessToken(params, options) {
+    options = options || {};
+    this.assertUrlNotNullAndCorrectProtocol(this.tokenEndpoint, "tokenEndpoint");
+    let headers = new import_http.HttpHeaders().set("Content-Type", "application/x-www-form-urlencoded");
+    if (this.useHttpBasicAuth) {
+      const header = btoa(`${this.clientId}:${this.dummyClientSecret}`);
+      headers = headers.set("Authorization", "Basic " + header);
+    }
+    if (!this.useHttpBasicAuth) {
+      params = params.set("client_id", this.clientId);
+    }
+    if (!this.useHttpBasicAuth && this.dummyClientSecret) {
+      params = params.set("client_secret", this.dummyClientSecret);
+    }
+    return new Promise((resolve, reject) => {
+      if (this.customQueryParams) {
+        for (const key of Object.getOwnPropertyNames(this.customQueryParams)) {
+          params = params.set(key, this.customQueryParams[key]);
+        }
+      }
+      this.http.post(this.tokenEndpoint, params, { headers }).subscribe((tokenResponse) => {
+        this.debug("refresh tokenResponse", tokenResponse);
+        this.storeAccessTokenResponse(tokenResponse.access_token, tokenResponse.refresh_token, tokenResponse.expires_in || this.fallbackAccessTokenExpirationTimeInSec, tokenResponse.scope, this.extractRecognizedCustomParameters(tokenResponse));
+        if (this.oidc && tokenResponse.id_token) {
+          this.processIdToken(tokenResponse.id_token, tokenResponse.access_token, options.disableNonceCheck).then((result) => {
+            this.storeIdToken(result);
+            this.eventsSubject.next(new OAuthSuccessEvent("token_received"));
+            this.eventsSubject.next(new OAuthSuccessEvent("token_refreshed"));
+            resolve(tokenResponse);
+          }).catch((reason) => {
+            this.eventsSubject.next(new OAuthErrorEvent("token_validation_error", reason));
+            console.error("Error validating tokens");
+            console.error(reason);
+            reject(reason);
+          });
+        } else {
+          this.eventsSubject.next(new OAuthSuccessEvent("token_received"));
+          this.eventsSubject.next(new OAuthSuccessEvent("token_refreshed"));
+          resolve(tokenResponse);
+        }
+      }, (err2) => {
+        console.error("Error getting token", err2);
+        this.eventsSubject.next(new OAuthErrorEvent("token_refresh_error", err2));
+        reject(err2);
+      });
+    });
+  }
+  /**
+   * Checks whether there are tokens in the hash fragment
+   * as a result of the implicit flow. These tokens are
+   * parsed, validated and used to sign the user in to the
+   * current client.
+   *
+   * @param options Optional options.
+   */
+  tryLoginImplicitFlow(options = null) {
+    options = options || {};
+    let parts;
+    if (options.customHashFragment) {
+      parts = this.urlHelper.getHashFragmentParams(options.customHashFragment);
+    } else {
+      parts = this.urlHelper.getHashFragmentParams();
+    }
+    this.debug("parsed url", parts);
+    const state = parts["state"];
+    const [nonceInState, userState] = this.parseState(state);
+    this.state = userState;
+    if (parts["error"]) {
+      this.debug("error trying to login");
+      this.handleLoginError(options, parts);
+      const err2 = new OAuthErrorEvent("token_error", {}, parts);
+      this.eventsSubject.next(err2);
+      return Promise.reject(err2);
+    }
+    const accessToken = parts["access_token"];
+    const idToken = parts["id_token"];
+    const sessionState = parts["session_state"];
+    const grantedScopes = parts["scope"];
+    if (!this.requestAccessToken && !this.oidc) {
+      return Promise.reject("Either requestAccessToken or oidc (or both) must be true.");
+    }
+    if (this.requestAccessToken && !accessToken) {
+      return Promise.resolve(false);
+    }
+    if (this.requestAccessToken && !options.disableOAuth2StateCheck && !state) {
+      return Promise.resolve(false);
+    }
+    if (this.oidc && !idToken) {
+      return Promise.resolve(false);
+    }
+    if (this.sessionChecksEnabled && !sessionState) {
+      this.logger.warn("session checks (Session Status Change Notification) were activated in the configuration but the id_token does not contain a session_state claim");
+    }
+    if (this.requestAccessToken && !options.disableNonceCheck) {
+      const success = this.validateNonce(nonceInState);
+      if (!success) {
+        const event = new OAuthErrorEvent("invalid_nonce_in_state", null);
+        this.eventsSubject.next(event);
+        return Promise.reject(event);
+      }
+    }
+    if (this.requestAccessToken) {
+      this.storeAccessTokenResponse(accessToken, null, parts["expires_in"] || this.fallbackAccessTokenExpirationTimeInSec, grantedScopes);
+    }
+    if (!this.oidc) {
+      this.eventsSubject.next(new OAuthSuccessEvent("token_received"));
+      if (this.clearHashAfterLogin && !options.preventClearHashAfterLogin) {
+        this.clearLocationHash();
+      }
+      this.callOnTokenReceivedIfExists(options);
+      return Promise.resolve(true);
+    }
+    return this.processIdToken(idToken, accessToken, options.disableNonceCheck).then((result) => {
+      if (options.validationHandler) {
+        return options.validationHandler({
+          accessToken,
+          idClaims: result.idTokenClaims,
+          idToken: result.idToken,
+          state
+        }).then(() => result);
+      }
+      return result;
+    }).then((result) => {
+      this.storeIdToken(result);
+      this.storeSessionState(sessionState);
+      if (this.clearHashAfterLogin && !options.preventClearHashAfterLogin) {
+        this.clearLocationHash();
+      }
+      this.eventsSubject.next(new OAuthSuccessEvent("token_received"));
+      this.callOnTokenReceivedIfExists(options);
+      this.inImplicitFlow = false;
+      return true;
+    }).catch((reason) => {
+      this.eventsSubject.next(new OAuthErrorEvent("token_validation_error", reason));
+      this.logger.error("Error validating tokens");
+      this.logger.error(reason);
+      return Promise.reject(reason);
+    });
+  }
+  parseState(state) {
+    let nonce = state;
+    let userState = "";
+    if (state) {
+      const idx = state.indexOf(this.config.nonceStateSeparator);
+      if (idx > -1) {
+        nonce = state.substr(0, idx);
+        userState = state.substr(idx + this.config.nonceStateSeparator.length);
+      }
+    }
+    return [nonce, userState];
+  }
+  validateNonce(nonceInState) {
+    let savedNonce;
+    if (this.saveNoncesInLocalStorage && typeof window["localStorage"] !== "undefined") {
+      savedNonce = localStorage.getItem("nonce");
+    } else {
+      savedNonce = this._storage.getItem("nonce");
+    }
+    if (savedNonce !== nonceInState) {
+      const err2 = "Validating access_token failed, wrong state/nonce.";
+      console.error(err2, savedNonce, nonceInState);
+      return false;
+    }
+    return true;
+  }
+  storeIdToken(idToken) {
+    this._storage.setItem("id_token", idToken.idToken);
+    this._storage.setItem("id_token_claims_obj", idToken.idTokenClaimsJson);
+    this._storage.setItem("id_token_expires_at", "" + idToken.idTokenExpiresAt);
+    this._storage.setItem("id_token_stored_at", "" + this.dateTimeService.now());
+  }
+  storeSessionState(sessionState) {
+    this._storage.setItem("session_state", sessionState);
+  }
+  getSessionState() {
+    return this._storage.getItem("session_state");
+  }
+  handleLoginError(options, parts) {
+    if (options.onLoginError) {
+      options.onLoginError(parts);
+    }
+    if (this.clearHashAfterLogin && !options.preventClearHashAfterLogin) {
+      this.clearLocationHash();
+    }
+  }
+  getClockSkewInMsec(defaultSkewMsc = 6e5) {
+    if (!this.clockSkewInSec && this.clockSkewInSec !== 0) {
+      return defaultSkewMsc;
+    }
+    return this.clockSkewInSec * 1e3;
+  }
+  /**
+   * @ignore
+   */
+  processIdToken(idToken, accessToken, skipNonceCheck = false) {
+    const tokenParts = idToken.split(".");
+    const headerBase64 = this.padBase64(tokenParts[0]);
+    const headerJson = b64DecodeUnicode(headerBase64);
+    const header = JSON.parse(headerJson);
+    const claimsBase64 = this.padBase64(tokenParts[1]);
+    const claimsJson = b64DecodeUnicode(claimsBase64);
+    const claims = JSON.parse(claimsJson);
+    let savedNonce;
+    if (this.saveNoncesInLocalStorage && typeof window["localStorage"] !== "undefined") {
+      savedNonce = localStorage.getItem("nonce");
+    } else {
+      savedNonce = this._storage.getItem("nonce");
+    }
+    if (Array.isArray(claims.aud)) {
+      if (claims.aud.every((v) => v !== this.clientId)) {
+        const err2 = "Wrong audience: " + claims.aud.join(",");
+        this.logger.warn(err2);
+        return Promise.reject(err2);
+      }
+    } else {
+      if (claims.aud !== this.clientId) {
+        const err2 = "Wrong audience: " + claims.aud;
+        this.logger.warn(err2);
+        return Promise.reject(err2);
+      }
+    }
+    if (!claims.sub) {
+      const err2 = "No sub claim in id_token";
+      this.logger.warn(err2);
+      return Promise.reject(err2);
+    }
+    if (this.sessionChecksEnabled && this.silentRefreshSubject && this.silentRefreshSubject !== claims["sub"]) {
+      const err2 = `After refreshing, we got an id_token for another user (sub). Expected sub: ${this.silentRefreshSubject}, received sub: ${claims["sub"]}`;
+      this.logger.warn(err2);
+      return Promise.reject(err2);
+    }
+    if (!claims.iat) {
+      const err2 = "No iat claim in id_token";
+      this.logger.warn(err2);
+      return Promise.reject(err2);
+    }
+    if (!this.skipIssuerCheck && claims.iss !== this.issuer) {
+      const err2 = "Wrong issuer: " + claims.iss;
+      this.logger.warn(err2);
+      return Promise.reject(err2);
+    }
+    if (!skipNonceCheck && claims.nonce !== savedNonce) {
+      const err2 = "Wrong nonce: " + claims.nonce;
+      this.logger.warn(err2);
+      return Promise.reject(err2);
+    }
+    if (Object.prototype.hasOwnProperty.call(this, "responseType") && (this.responseType === "code" || this.responseType === "id_token")) {
+      this.disableAtHashCheck = true;
+    }
+    if (!this.disableAtHashCheck && this.requestAccessToken && !claims["at_hash"]) {
+      const err2 = "An at_hash is needed!";
+      this.logger.warn(err2);
+      return Promise.reject(err2);
+    }
+    const now = this.dateTimeService.now();
+    const issuedAtMSec = claims.iat * 1e3;
+    const expiresAtMSec = claims.exp * 1e3;
+    const clockSkewInMSec = this.getClockSkewInMsec();
+    if (issuedAtMSec - clockSkewInMSec >= now || expiresAtMSec + clockSkewInMSec - this.decreaseExpirationBySec <= now) {
+      const err2 = "Token has expired";
+      console.error(err2);
+      console.error({
+        now,
+        issuedAtMSec,
+        expiresAtMSec
+      });
+      return Promise.reject(err2);
+    }
+    const validationParams = {
+      accessToken,
+      idToken,
+      jwks: this.jwks,
+      idTokenClaims: claims,
+      idTokenHeader: header,
+      loadKeys: () => this.loadJwks()
+    };
+    if (this.disableAtHashCheck) {
+      return this.checkSignature(validationParams).then(() => {
+        const result = {
+          idToken,
+          idTokenClaims: claims,
+          idTokenClaimsJson: claimsJson,
+          idTokenHeader: header,
+          idTokenHeaderJson: headerJson,
+          idTokenExpiresAt: expiresAtMSec
+        };
+        return result;
+      });
+    }
+    return this.checkAtHash(validationParams).then((atHashValid) => {
+      if (!this.disableAtHashCheck && this.requestAccessToken && !atHashValid) {
+        const err2 = "Wrong at_hash";
+        this.logger.warn(err2);
+        return Promise.reject(err2);
+      }
+      return this.checkSignature(validationParams).then(() => {
+        const atHashCheckEnabled = !this.disableAtHashCheck;
+        const result = {
+          idToken,
+          idTokenClaims: claims,
+          idTokenClaimsJson: claimsJson,
+          idTokenHeader: header,
+          idTokenHeaderJson: headerJson,
+          idTokenExpiresAt: expiresAtMSec
+        };
+        if (atHashCheckEnabled) {
+          return this.checkAtHash(validationParams).then((atHashValid2) => {
+            if (this.requestAccessToken && !atHashValid2) {
+              const err2 = "Wrong at_hash";
+              this.logger.warn(err2);
+              return Promise.reject(err2);
+            } else {
+              return result;
+            }
+          });
+        } else {
+          return result;
+        }
+      });
+    });
+  }
+  /**
+   * Returns the received claims about the user.
+   */
+  getIdentityClaims() {
+    const claims = this._storage.getItem("id_token_claims_obj");
+    if (!claims) {
+      return null;
+    }
+    return JSON.parse(claims);
+  }
+  /**
+   * Returns the granted scopes from the server.
+   */
+  getGrantedScopes() {
+    const scopes = this._storage.getItem("granted_scopes");
+    if (!scopes) {
+      return null;
+    }
+    return JSON.parse(scopes);
+  }
+  /**
+   * Returns the current id_token.
+   */
+  getIdToken() {
+    return this._storage ? this._storage.getItem("id_token") : null;
+  }
+  padBase64(base64data) {
+    while (base64data.length % 4 !== 0) {
+      base64data += "=";
+    }
+    return base64data;
+  }
+  /**
+   * Returns the current access_token.
+   */
+  getAccessToken() {
+    return this._storage ? this._storage.getItem("access_token") : null;
+  }
+  getRefreshToken() {
+    return this._storage ? this._storage.getItem("refresh_token") : null;
+  }
+  /**
+   * Returns the expiration date of the access_token
+   * as milliseconds since 1970.
+   */
+  getAccessTokenExpiration() {
+    if (!this._storage.getItem("expires_at")) {
+      return null;
+    }
+    return parseInt(this._storage.getItem("expires_at"), 10);
+  }
+  getAccessTokenStoredAt() {
+    return parseInt(this._storage.getItem("access_token_stored_at"), 10);
+  }
+  getIdTokenStoredAt() {
+    return parseInt(this._storage.getItem("id_token_stored_at"), 10);
+  }
+  /**
+   * Returns the expiration date of the id_token
+   * as milliseconds since 1970.
+   */
+  getIdTokenExpiration() {
+    if (!this._storage.getItem("id_token_expires_at")) {
+      return null;
+    }
+    return parseInt(this._storage.getItem("id_token_expires_at"), 10);
+  }
+  /**
+   * Checkes, whether there is a valid access_token.
+   */
+  hasValidAccessToken() {
+    if (this.getAccessToken()) {
+      const expiresAt = this._storage.getItem("expires_at");
+      const now = this.dateTimeService.new();
+      if (expiresAt && parseInt(expiresAt, 10) - this.decreaseExpirationBySec < now.getTime() - this.getClockSkewInMsec()) {
+        return false;
+      }
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Checks whether there is a valid id_token.
+   */
+  hasValidIdToken() {
+    if (this.getIdToken()) {
+      const expiresAt = this._storage.getItem("id_token_expires_at");
+      const now = this.dateTimeService.new();
+      if (expiresAt && parseInt(expiresAt, 10) - this.decreaseExpirationBySec < now.getTime() - this.getClockSkewInMsec()) {
+        return false;
+      }
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Retrieve a saved custom property of the TokenReponse object. Only if predefined in authconfig.
+   */
+  getCustomTokenResponseProperty(requestedProperty) {
+    return this._storage && this.config.customTokenParameters && this.config.customTokenParameters.indexOf(requestedProperty) >= 0 && this._storage.getItem(requestedProperty) !== null ? JSON.parse(this._storage.getItem(requestedProperty)) : null;
+  }
+  /**
+   * Returns the auth-header that can be used
+   * to transmit the access_token to a service
+   */
+  authorizationHeader() {
+    return "Bearer " + this.getAccessToken();
+  }
+  logOut(customParameters = {}, state = "") {
+    let noRedirectToLogoutUrl = false;
+    if (typeof customParameters === "boolean") {
+      noRedirectToLogoutUrl = customParameters;
+      customParameters = {};
+    }
+    const id_token = this.getIdToken();
+    this._storage.removeItem("access_token");
+    this._storage.removeItem("id_token");
+    this._storage.removeItem("refresh_token");
+    if (this.saveNoncesInLocalStorage) {
+      localStorage.removeItem("nonce");
+      localStorage.removeItem("PKCE_verifier");
+    } else {
+      this._storage.removeItem("nonce");
+      this._storage.removeItem("PKCE_verifier");
+    }
+    this._storage.removeItem("expires_at");
+    this._storage.removeItem("id_token_claims_obj");
+    this._storage.removeItem("id_token_expires_at");
+    this._storage.removeItem("id_token_stored_at");
+    this._storage.removeItem("access_token_stored_at");
+    this._storage.removeItem("granted_scopes");
+    this._storage.removeItem("session_state");
+    if (this.config.customTokenParameters) {
+      this.config.customTokenParameters.forEach((customParam) => this._storage.removeItem(customParam));
+    }
+    this.silentRefreshSubject = null;
+    this.eventsSubject.next(new OAuthInfoEvent("logout"));
+    if (!this.logoutUrl) {
+      return;
+    }
+    if (noRedirectToLogoutUrl) {
+      return;
+    }
+    let logoutUrl;
+    if (!this.validateUrlForHttps(this.logoutUrl)) {
+      throw new Error("logoutUrl  must use HTTPS (with TLS), or config value for property 'requireHttps' must be set to 'false' and allow HTTP (without TLS).");
+    }
+    if (this.logoutUrl.indexOf("{{") > -1) {
+      logoutUrl = this.logoutUrl.replace(/\{\{id_token\}\}/, encodeURIComponent(id_token)).replace(/\{\{client_id\}\}/, encodeURIComponent(this.clientId));
+    } else {
+      let params = new import_http.HttpParams({ encoder: new WebHttpUrlEncodingCodec() });
+      if (id_token) {
+        params = params.set("id_token_hint", id_token);
+      }
+      const postLogoutUrl = this.postLogoutRedirectUri || this.redirectUriAsPostLogoutRedirectUriFallback && this.redirectUri || "";
+      if (postLogoutUrl) {
+        params = params.set("post_logout_redirect_uri", postLogoutUrl);
+        if (state) {
+          params = params.set("state", state);
+        }
+      }
+      for (const key in customParameters) {
+        params = params.set(key, customParameters[key]);
+      }
+      logoutUrl = this.logoutUrl + (this.logoutUrl.indexOf("?") > -1 ? "&" : "?") + params.toString();
+    }
+    this.config.openUri(logoutUrl);
+  }
+  /**
+   * @ignore
+   */
+  createAndSaveNonce() {
+    const that = this;
+    return this.createNonce().then(function(nonce) {
+      if (that.saveNoncesInLocalStorage && typeof window["localStorage"] !== "undefined") {
+        localStorage.setItem("nonce", nonce);
+      } else {
+        that._storage.setItem("nonce", nonce);
+      }
+      return nonce;
+    });
+  }
+  /**
+   * @ignore
+   */
+  ngOnDestroy() {
+    this.clearAccessTokenTimer();
+    this.clearIdTokenTimer();
+    this.removeSilentRefreshEventListener();
+    const silentRefreshFrame = this.document.getElementById(this.silentRefreshIFrameName);
+    if (silentRefreshFrame) {
+      silentRefreshFrame.remove();
+    }
+    this.stopSessionCheckTimer();
+    this.removeSessionCheckEventListener();
+    const sessionCheckFrame = this.document.getElementById(this.sessionCheckIFrameName);
+    if (sessionCheckFrame) {
+      sessionCheckFrame.remove();
+    }
+  }
+  createNonce() {
+    return new Promise((resolve) => {
+      if (this.rngUrl) {
+        throw new Error("createNonce with rng-web-api has not been implemented so far");
+      }
+      const unreserved = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+      let size = 45;
+      let id = "";
+      const crypto = typeof self === "undefined" ? null : self.crypto || self["msCrypto"];
+      if (crypto) {
+        let bytes = new Uint8Array(size);
+        crypto.getRandomValues(bytes);
+        if (!bytes.map) {
+          bytes.map = Array.prototype.map;
+        }
+        bytes = bytes.map((x) => unreserved.charCodeAt(x % unreserved.length));
+        id = String.fromCharCode.apply(null, bytes);
+      } else {
+        while (0 < size--) {
+          id += unreserved[Math.random() * unreserved.length | 0];
+        }
+      }
+      resolve(base64UrlEncode(id));
+    });
+  }
+  checkAtHash(params) {
+    return __async(this, null, function* () {
+      if (!this.tokenValidationHandler) {
+        this.logger.warn("No tokenValidationHandler configured. Cannot check at_hash.");
+        return true;
+      }
+      return this.tokenValidationHandler.validateAtHash(params);
+    });
+  }
+  checkSignature(params) {
+    if (!this.tokenValidationHandler) {
+      this.logger.warn("No tokenValidationHandler configured. Cannot check signature.");
+      return Promise.resolve(null);
+    }
+    return this.tokenValidationHandler.validateSignature(params);
+  }
+  /**
+   * Start the implicit flow or the code flow,
+   * depending on your configuration.
+   */
+  initLoginFlow(additionalState = "", params = {}) {
+    if (this.responseType === "code") {
+      return this.initCodeFlow(additionalState, params);
+    } else {
+      return this.initImplicitFlow(additionalState, params);
+    }
+  }
+  /**
+   * Starts the authorization code flow and redirects to user to
+   * the auth servers login url.
+   */
+  initCodeFlow(additionalState = "", params = {}) {
+    if (this.loginUrl !== "") {
+      this.initCodeFlowInternal(additionalState, params);
+    } else {
+      this.events.pipe((0, import_operators.filter)((e) => e.type === "discovery_document_loaded")).subscribe(() => this.initCodeFlowInternal(additionalState, params));
+    }
+  }
+  initCodeFlowInternal(additionalState = "", params = {}) {
+    if (!this.validateUrlForHttps(this.loginUrl)) {
+      throw new Error("loginUrl  must use HTTPS (with TLS), or config value for property 'requireHttps' must be set to 'false' and allow HTTP (without TLS).");
+    }
+    let addParams = {};
+    let loginHint = null;
+    if (typeof params === "string") {
+      loginHint = params;
+    } else if (typeof params === "object") {
+      addParams = params;
+    }
+    this.createLoginUrl(additionalState, loginHint, null, false, addParams).then(this.config.openUri).catch((error) => {
+      console.error("Error in initAuthorizationCodeFlow");
+      console.error(error);
+    });
+  }
+  createChallangeVerifierPairForPKCE() {
+    return __async(this, null, function* () {
+      if (!this.crypto) {
+        throw new Error("PKCE support for code flow needs a CryptoHander. Did you import the OAuthModule using forRoot() ?");
+      }
+      const verifier = yield this.createNonce();
+      const challengeRaw = yield this.crypto.calcHash(verifier, "sha-256");
+      const challenge = base64UrlEncode(challengeRaw);
+      return [challenge, verifier];
+    });
+  }
+  extractRecognizedCustomParameters(tokenResponse) {
+    const foundParameters = /* @__PURE__ */ new Map();
+    if (!this.config.customTokenParameters) {
+      return foundParameters;
+    }
+    this.config.customTokenParameters.forEach((recognizedParameter) => {
+      if (tokenResponse[recognizedParameter]) {
+        foundParameters.set(recognizedParameter, JSON.stringify(tokenResponse[recognizedParameter]));
+      }
+    });
+    return foundParameters;
+  }
+  /**
+   * Revokes the auth token to secure the vulnarability
+   * of the token issued allowing the authorization server to clean
+   * up any security credentials associated with the authorization
+   */
+  revokeTokenAndLogout(customParameters = {}, ignoreCorsIssues = false) {
+    const revokeEndpoint = this.revocationEndpoint;
+    const accessToken = this.getAccessToken();
+    const refreshToken = this.getRefreshToken();
+    if (!accessToken) {
+      return Promise.resolve();
+    }
+    let params = new import_http.HttpParams({ encoder: new WebHttpUrlEncodingCodec() });
+    let headers = new import_http.HttpHeaders().set("Content-Type", "application/x-www-form-urlencoded");
+    if (this.useHttpBasicAuth) {
+      const header = btoa(`${this.clientId}:${this.dummyClientSecret}`);
+      headers = headers.set("Authorization", "Basic " + header);
+    }
+    if (!this.useHttpBasicAuth) {
+      params = params.set("client_id", this.clientId);
+    }
+    if (!this.useHttpBasicAuth && this.dummyClientSecret) {
+      params = params.set("client_secret", this.dummyClientSecret);
+    }
+    if (this.customQueryParams) {
+      for (const key of Object.getOwnPropertyNames(this.customQueryParams)) {
+        params = params.set(key, this.customQueryParams[key]);
+      }
+    }
+    return new Promise((resolve, reject) => {
+      let revokeAccessToken;
+      let revokeRefreshToken;
+      if (accessToken) {
+        const revokationParams = params.set("token", accessToken).set("token_type_hint", "access_token");
+        revokeAccessToken = this.http.post(revokeEndpoint, revokationParams, { headers });
+      } else {
+        revokeAccessToken = (0, import_rxjs.of)(null);
+      }
+      if (refreshToken) {
+        const revokationParams = params.set("token", refreshToken).set("token_type_hint", "refresh_token");
+        revokeRefreshToken = this.http.post(revokeEndpoint, revokationParams, { headers });
+      } else {
+        revokeRefreshToken = (0, import_rxjs.of)(null);
+      }
+      if (ignoreCorsIssues) {
+        revokeAccessToken = revokeAccessToken.pipe((0, import_operators.catchError)((err2) => {
+          if (err2.status === 0) {
+            return (0, import_rxjs.of)(null);
+          }
+          return (0, import_rxjs.throwError)(err2);
+        }));
+        revokeRefreshToken = revokeRefreshToken.pipe((0, import_operators.catchError)((err2) => {
+          if (err2.status === 0) {
+            return (0, import_rxjs.of)(null);
+          }
+          return (0, import_rxjs.throwError)(err2);
+        }));
+      }
+      (0, import_rxjs.combineLatest)([revokeAccessToken, revokeRefreshToken]).subscribe((res) => {
+        this.logOut(customParameters);
+        resolve(res);
+        this.logger.info("Token successfully revoked");
+      }, (err2) => {
+        this.logger.error("Error revoking token", err2);
+        this.eventsSubject.next(new OAuthErrorEvent("token_revoke_error", err2));
+        reject(err2);
+      });
+    });
+  }
+  /**
+   * Clear location.hash if it's present
+   */
+  clearLocationHash() {
+    if (location.hash != "") {
+      location.hash = "";
+    }
+  }
+};
+_OAuthService.\u0275fac = i0.\u0275\u0275ngDeclareFactory({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _OAuthService, deps: [{ token: i0.NgZone }, { token: i1.HttpClient }, { token: OAuthStorage, optional: true }, { token: ValidationHandler, optional: true }, { token: AuthConfig, optional: true }, { token: UrlHelperService }, { token: OAuthLogger }, { token: HashHandler, optional: true }, { token: import_common.DOCUMENT }, { token: DateTimeProvider }], target: i0.\u0275\u0275FactoryTarget.Injectable });
+_OAuthService.\u0275prov = i0.\u0275\u0275ngDeclareInjectable({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _OAuthService });
+let OAuthService = _OAuthService;
+i0.\u0275\u0275ngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: OAuthService, decorators: [{
+  type: import_core.Injectable
+}], ctorParameters: () => [{ type: i0.NgZone }, { type: i1.HttpClient }, { type: OAuthStorage, decorators: [{
+  type: import_core.Optional
+}] }, { type: ValidationHandler, decorators: [{
+  type: import_core.Optional
+}] }, { type: AuthConfig, decorators: [{
+  type: import_core.Optional
+}] }, { type: UrlHelperService }, { type: OAuthLogger }, { type: HashHandler, decorators: [{
+  type: import_core.Optional
+}] }, { type: Document, decorators: [{
+  type: import_core.Inject,
+  args: [import_common.DOCUMENT]
+}] }, { type: DateTimeProvider }] });
+class OAuthResourceServerErrorHandler {
+}
+class OAuthNoopResourceServerErrorHandler {
+  handleError(err2) {
+    return (0, import_rxjs.throwError)(err2);
+  }
+}
+const _DefaultOAuthInterceptor = class _DefaultOAuthInterceptor {
+  constructor(oAuthService, errorHandler, moduleConfig) {
+    this.oAuthService = oAuthService;
+    this.errorHandler = errorHandler;
+    this.moduleConfig = moduleConfig;
+  }
+  checkUrl(url) {
+    if (this.moduleConfig.resourceServer.customUrlValidation) {
+      return this.moduleConfig.resourceServer.customUrlValidation(url);
+    }
+    if (this.moduleConfig.resourceServer.allowedUrls) {
+      return !!this.moduleConfig.resourceServer.allowedUrls.find((u) => url.toLowerCase().startsWith(u.toLowerCase()));
+    }
+    return true;
+  }
+  intercept(req, next) {
+    const url = req.url.toLowerCase();
+    if (!this.moduleConfig || !this.moduleConfig.resourceServer || !this.checkUrl(url)) {
+      return next.handle(req);
+    }
+    const sendAccessToken = this.moduleConfig.resourceServer.sendAccessToken;
+    if (!sendAccessToken) {
+      return next.handle(req).pipe((0, import_operators.catchError)((err2) => this.errorHandler.handleError(err2)));
+    }
+    return (0, import_rxjs.merge)((0, import_rxjs.of)(this.oAuthService.getAccessToken()).pipe((0, import_operators.filter)((token) => !!token)), this.oAuthService.events.pipe(
+      (0, import_operators.filter)((e) => e.type === "token_received"),
+      (0, import_operators.timeout)(this.oAuthService.waitForTokenInMsec || 0),
+      (0, import_operators.catchError)(() => (0, import_rxjs.of)(null)),
+      // timeout is not an error
+      (0, import_operators.map)(() => this.oAuthService.getAccessToken())
+    )).pipe((0, import_operators.take)(1), (0, import_operators.mergeMap)((token) => {
+      if (token) {
+        const header = "Bearer " + token;
+        const headers = req.headers.set("Authorization", header);
+        req = req.clone({ headers });
+      }
+      return next.handle(req).pipe((0, import_operators.catchError)((err2) => this.errorHandler.handleError(err2)));
+    }));
+  }
+};
+_DefaultOAuthInterceptor.\u0275fac = i0.\u0275\u0275ngDeclareFactory({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _DefaultOAuthInterceptor, deps: [{ token: OAuthService }, { token: OAuthResourceServerErrorHandler }, { token: OAuthModuleConfig, optional: true }], target: i0.\u0275\u0275FactoryTarget.Injectable });
+_DefaultOAuthInterceptor.\u0275prov = i0.\u0275\u0275ngDeclareInjectable({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _DefaultOAuthInterceptor });
+let DefaultOAuthInterceptor = _DefaultOAuthInterceptor;
+i0.\u0275\u0275ngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: DefaultOAuthInterceptor, decorators: [{
+  type: import_core.Injectable
+}], ctorParameters: () => [{ type: OAuthService }, { type: OAuthResourceServerErrorHandler }, { type: OAuthModuleConfig, decorators: [{
+  type: import_core.Optional
+}] }] });
+function createDefaultLogger() {
+  return console;
+}
+function createDefaultStorage() {
+  return typeof sessionStorage !== "undefined" ? sessionStorage : new MemoryStorage();
+}
+function provideOAuthClient(config = null, validationHandlerClass = NullValidationHandler) {
+  return (0, import_core.makeEnvironmentProviders)([
+    OAuthService,
+    UrlHelperService,
+    { provide: OAuthLogger, useFactory: createDefaultLogger },
+    { provide: OAuthStorage, useFactory: createDefaultStorage },
+    { provide: ValidationHandler, useClass: validationHandlerClass },
+    { provide: HashHandler, useClass: DefaultHashHandler },
+    {
+      provide: OAuthResourceServerErrorHandler,
+      useClass: OAuthNoopResourceServerErrorHandler
+    },
+    { provide: OAuthModuleConfig, useValue: config },
+    {
+      provide: import_http.HTTP_INTERCEPTORS,
+      useClass: DefaultOAuthInterceptor,
+      multi: true
+    },
+    { provide: DateTimeProvider, useClass: SystemDateTimeProvider }
+  ]);
+}
+const _OAuthModule = class _OAuthModule {
+  static forRoot(config = null, validationHandlerClass = NullValidationHandler) {
+    return {
+      ngModule: _OAuthModule,
+      providers: [provideOAuthClient(config, validationHandlerClass)]
+    };
+  }
+};
+_OAuthModule.\u0275fac = i0.\u0275\u0275ngDeclareFactory({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _OAuthModule, deps: [], target: i0.\u0275\u0275FactoryTarget.NgModule });
+_OAuthModule.\u0275mod = i0.\u0275\u0275ngDeclareNgModule({ minVersion: "14.0.0", version: "19.0.1", ngImport: i0, type: _OAuthModule, imports: [import_common.CommonModule] });
+_OAuthModule.\u0275inj = i0.\u0275\u0275ngDeclareInjector({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: _OAuthModule, imports: [import_common.CommonModule] });
+let OAuthModule = _OAuthModule;
+i0.\u0275\u0275ngDeclareClassMetadata({ minVersion: "12.0.0", version: "19.0.1", ngImport: i0, type: OAuthModule, decorators: [{
+  type: import_core.NgModule,
+  args: [{
+    imports: [import_common.CommonModule],
+    declarations: [],
+    exports: []
+  }]
+}] });
+const err = `PLEASE READ THIS CAREFULLY:
+
+Beginning with angular-oauth2-oidc version 9, the JwksValidationHandler
+has been moved to an library of its own. If you need it for implementing
+OAuth2/OIDC **implicit flow**, please install it using npm:
+
+  npm i angular-oauth2-oidc-jwks --save
+
+After that, you can import it into your application:
+
+  import { JwksValidationHandler } from 'angular-oauth2-oidc-jwks';
+
+Please note, that this dependency is not needed for the **code flow**,
+which is nowadays the **recommented** one for single page applications.
+This also results in smaller bundle sizes.
+`;
+class JwksValidationHandler extends NullValidationHandler {
+  constructor() {
+    super();
+    console.error(err);
+  }
+}
+const AUTH_CONFIG = new import_core.InjectionToken("AUTH_CONFIG");