| 1 | {"version":3,"sources":["../../../node_modules/tslib/tslib.es6.js","ng://@lbrkanic/keycloak-angular/lib/core/interfaces/keycloak-event.ts","ng://@lbrkanic/keycloak-angular/lib/core/services/keycloak-auth-guard.ts","ng://@lbrkanic/keycloak-angular/lib/core/services/keycloak.service.ts","ng://@lbrkanic/keycloak-angular/lib/core/interceptors/keycloak-bearer.interceptor.ts","ng://@lbrkanic/keycloak-angular/lib/core/interceptors/keycloak-rpt.interceptor.ts","ng://@lbrkanic/keycloak-angular/lib/core/core.module.ts","ng://@lbrkanic/keycloak-angular/lib/keycloak-angular.module.ts"],"names":["__assign","Object","assign","t","s","i","n","arguments","length","p","prototype","hasOwnProperty","call","apply","this","__awaiter","thisArg","_arguments","P","generator","Promise","resolve","reject","fulfilled","value","step","next","e","rejected","result","done","then","__generator","body","f","y","g","_","label","sent","trys","ops","verb","throw","return","Symbol","iterator","v","op","TypeError","pop","push","__read","o","m","r","ar","error","OnAuthError","OnAuthLogout","OnAuthRefreshError","OnAuthRefreshSuccess","OnAuthSuccess","OnReady","OnTokenExpired","KeycloakAuthGuard","router","keycloakAngular","canActivate","route","state","_this","_a","isLoggedIn","authenticated","_c","_b","getUserRoles","roles","isAccessAllowed","error_1","Keycloak","Keycloak_","KeycloakAuthorization","KeycloakAuthorization_","KeycloakService","_RPTupdateEmitter","complete","_RPTupdated$","Observable","create","observer","_keycloakEvents$","Subject","sanitizeBearerPrefix","bearerPrefix","trim","concat","ifUndefinedIsTrue","returnValue","undefined","bindsKeycloakEvents","_instance","onAuthError","errorData","args","type","KeycloakEventType","onAuthLogout","onAuthRefreshSuccess","onAuthRefreshError","onAuthSuccess","onTokenExpired","onReady","console","warn","loadExcludedUrls","bearerExcludedUrls","excludedUrls","bearerExcludedUrls_1","tslib_1.__values","bearerExcludedUrls_1_1","item","excludedUrl","urlPattern","RegExp","httpMethods","url","initServiceValues","enableBearerInterceptor","loadUserProfileAtStartUp","_d","_e","rptExcludedUrls","_f","enableRPTInterceptor","_g","authorizationHeaderName","_h","initOptions","_enableBearerInterceptor","_loadUserProfileAtStartUp","_authorizationHeaderName","_bearerPrefix","_bearerExcludedUrls","_rptExcludedUrls","_isEnableRPTInterceptor","_silentRefresh","flow","init","options","config","success","_authzInstance","_authorizationRequestTemplate","authorizationRequestTemplate","_resourceServerAuthorizationType","resourceServerAuthorizationType","toLowerCase","_resourceServerID","resourceServerID","loadUserProfile","kcError","msg","error_description","login","logout","redirectUri","_userProfile","register","action","isUserInRole","role","resource","hasRole","hasResourceRole","hasRealmRole","allRoles","resourceAccess","key","clientRoles","realmAccess","realmRoles","__spread","updateToken","isTokenExpired","minValidity","refreshed","forceReload","getToken","token","getUsername","Error","username","clearToken","addTokenToHeader","headersArg","headers","HttpHeaders","set","error_3","getKeycloakInstance","defineProperty","keycloakAuthorizationInstance","rpt","addRPTToHeader","log","Injectable","KeycloakBearerInterceptor","keycloak","isUrlExcluded","method","httpTest","join","indexOf","toUpperCase","urlTest","test","intercept","req","findIndex","handle","pipe","mergeMap","headersWithBearer","kcReq","clone","KeycloakRptInterceptor","loadExcludedUrlsRegex","excludedUrlsRegex","map","isEnableRPTInterceptor","headersWithRPTorAccessToken$","urlRequest","find","regex","RPT","headersWithRpt","of","switchMap","headersWithRPTorAccessToken","catchError","caught","isAuthError","hasResponseWWWAuthenthicateHeader","fromPromise","wasRefreshed","wwwAuthenticateHeader","get","ticket","params","split","param","substring","authorizationRequest","getNewRPT","authz","entitlement","RPTupdateEmitter","authorize","HttpErrorResponse","status","has","getAndApplyRPTToken","CoreModule","NgModule","imports","CommonModule","providers","provide","HTTP_INTERCEPTORS","useClass","multi","KeycloakAngularModule"],"mappings":"osBA6BO,IAAIA,EAAW,WAQlB,OAPAA,EAAWC,OAAOC,QAAU,SAAkBC,GAC1C,IAAK,IAAIC,EAAGC,EAAI,EAAGC,EAAIC,UAAUC,OAAQH,EAAIC,EAAGD,IAE5C,IAAK,IAAII,KADTL,EAAIG,UAAUF,GACOJ,OAAOS,UAAUC,eAAeC,KAAKR,EAAGK,KAAIN,EAAEM,GAAKL,EAAEK,IAE9E,OAAON,IAEKU,MAAMC,KAAMP,YA4BzB,SAASQ,EAAUC,EAASC,EAAYC,EAAGC,GAC9C,OAAO,IAAKD,IAAMA,EAAIE,UAAU,SAAUC,EAASC,GAC/C,SAASC,EAAUC,GAAS,IAAMC,EAAKN,EAAUO,KAAKF,IAAW,MAAOG,GAAKL,EAAOK,IACpF,SAASC,EAASJ,GAAS,IAAMC,EAAKN,EAAiB,SAAEK,IAAW,MAAOG,GAAKL,EAAOK,IACvF,SAASF,EAAKI,GAAUA,EAAOC,KAAOT,EAAQQ,EAAOL,OAAS,IAAIN,EAAE,SAAUG,GAAWA,EAAQQ,EAAOL,SAAWO,KAAKR,EAAWK,GACnIH,GAAMN,EAAYA,EAAUN,MAAMG,EAASC,GAAc,KAAKS,UAI/D,SAASM,EAAYhB,EAASiB,GACjC,IAAsGC,EAAGC,EAAGhC,EAAGiC,EAA3GC,EAAI,CAAEC,MAAO,EAAGC,KAAM,WAAa,GAAW,EAAPpC,EAAE,GAAQ,MAAMA,EAAE,GAAI,OAAOA,EAAE,IAAOqC,KAAM,GAAIC,IAAK,IAChG,OAAOL,EAAI,CAAEV,KAAMgB,EAAK,GAAIC,QAASD,EAAK,GAAIE,SAAUF,EAAK,IAAwB,mBAAXG,SAA0BT,EAAES,OAAOC,UAAY,WAAa,OAAOhC,OAAUsB,EACvJ,SAASM,EAAKpC,GAAK,OAAO,SAAUyC,GAAK,OACzC,SAAcC,GACV,GAAId,EAAG,MAAM,IAAIe,UAAU,mCAC3B,KAAOZ,GAAG,IACN,GAAIH,EAAI,EAAGC,IAAMhC,EAAY,EAAR6C,EAAG,GAASb,EAAU,UAAIa,EAAG,GAAKb,EAAS,YAAOhC,EAAIgC,EAAU,YAAMhC,EAAES,KAAKuB,GAAI,GAAKA,EAAET,SAAWvB,EAAIA,EAAES,KAAKuB,EAAGa,EAAG,KAAKlB,KAAM,OAAO3B,EAE3J,OADIgC,EAAI,EAAGhC,IAAG6C,EAAK,CAAS,EAARA,EAAG,GAAQ7C,EAAEqB,QACzBwB,EAAG,IACP,KAAK,EAAG,KAAK,EAAG7C,EAAI6C,EAAI,MACxB,KAAK,EAAc,OAAXX,EAAEC,QAAgB,CAAEd,MAAOwB,EAAG,GAAIlB,MAAM,GAChD,KAAK,EAAGO,EAAEC,QAASH,EAAIa,EAAG,GAAIA,EAAK,CAAC,GAAI,SACxC,KAAK,EAAGA,EAAKX,EAAEI,IAAIS,MAAOb,EAAEG,KAAKU,MAAO,SACxC,QACI,KAAkB/C,GAAZA,EAAIkC,EAAEG,MAAYhC,OAAS,GAAKL,EAAEA,EAAEK,OAAS,MAAkB,IAAVwC,EAAG,IAAsB,IAAVA,EAAG,IAAW,CAAEX,EAAI,EAAG,SACjG,GAAc,IAAVW,EAAG,MAAc7C,GAAM6C,EAAG,GAAK7C,EAAE,IAAM6C,EAAG,GAAK7C,EAAE,IAAM,CAAEkC,EAAEC,MAAQU,EAAG,GAAI,MAC9E,GAAc,IAAVA,EAAG,IAAYX,EAAEC,MAAQnC,EAAE,GAAI,CAAEkC,EAAEC,MAAQnC,EAAE,GAAIA,EAAI6C,EAAI,MAC7D,GAAI7C,GAAKkC,EAAEC,MAAQnC,EAAE,GAAI,CAAEkC,EAAEC,MAAQnC,EAAE,GAAIkC,EAAEI,IAAIU,KAAKH,GAAK,MACvD7C,EAAE,IAAIkC,EAAEI,IAAIS,MAChBb,EAAEG,KAAKU,MAAO,SAEtBF,EAAKf,EAAKrB,KAAKI,EAASqB,GAC1B,MAAOV,GAAKqB,EAAK,CAAC,EAAGrB,GAAIQ,EAAI,EAAI,QAAWD,EAAI/B,EAAI,EACtD,GAAY,EAAR6C,EAAG,GAAQ,MAAMA,EAAG,GAAI,MAAO,CAAExB,MAAOwB,EAAG,GAAKA,EAAG,QAAK,EAAQlB,MAAM,GArB9BL,CAAK,CAACnB,EAAGyC,MAwCtD,SAASK,EAAOC,EAAG/C,GACtB,IAAIgD,EAAsB,mBAAXT,QAAyBQ,EAAER,OAAOC,UACjD,IAAKQ,EAAG,OAAOD,EACf,IAAmBE,EAAY5B,EAA3BtB,EAAIiD,EAAE1C,KAAKyC,GAAOG,EAAK,GAC3B,IACI,WAAc,IAANlD,GAAgBA,KAAM,MAAQiD,EAAIlD,EAAEqB,QAAQI,MAAM0B,EAAGL,KAAKI,EAAE/B,OAExE,MAAOiC,GAAS9B,EAAI,CAAE8B,MAAOA,GACjC,QACQ,IACQF,IAAMA,EAAEzB,OAASwB,EAAIjD,EAAU,YAAIiD,EAAE1C,KAAKP,GAE1D,QAAkB,GAAIsB,EAAG,MAAMA,EAAE8B,OAE7B,OAAOD,SCnHTE,YAAA,EAKAC,aAAA,EAIAC,mBAAA,EAIAC,qBAAA,EAIAC,cAAA,EAIAC,QAAA,EAMAC,eAAA,iRCfA,SAAAC,EAAsBC,EAA0BC,GAA1BrD,KAAAoD,OAAAA,EAA0BpD,KAAAqD,gBAAAA,EAkClD,OAzBEF,EAAAvD,UAAA0D,YAAA,SAAYC,EAA+BC,GAA3C,IAAAC,EAAAzD,KACE,OAAO,IAAIM,QAAO,SAAQC,EAASC,GAAM,OAAAP,EAAAwD,OAAA,OAAA,EAAA,wEAEhB,6BAArBC,EAAA1D,KAAqB,CAAA,EAAMA,KAAKqD,gBAAgBM,qBACnC,OADbD,EAAKE,cAAgBC,EAAApC,OACrBqC,EAAA9D,KAAa,CAAA,EAAMA,KAAKqD,gBAAgBU,cAAa,WAEtC,OAFfD,EAAKE,MAAQH,EAAApC,OAEE,CAAA,EAAMzB,KAAKiE,gBAAgBV,EAAOC,kBAA3CzC,EAAS8C,EAAApC,OACflB,EAAQQ,kCAERP,EAAO,uDAAyD0D,kCAgBxEf,KC9CagB,EAAWC,EAEXC,EAAwBC,EAOrCC,EAAA,WA8FE,SAAAA,IAAA,IAAAd,EAAAzD,KAdQA,KAAAwE,kBAAsC,CAC5C5D,KAAI,aACJ+B,MAAK,aACL8B,SAAQ,cAKFzE,KAAA0E,aAAmCC,EAAAA,WAAWC,OAAM,SACnDC,GAA0B,OAAA5E,EAAAwD,OAAA,OAAA,EAAA,4CAC/BzD,KAAKwE,kBAAoBK,YAK3B7E,KAAK8E,iBAAmB,IAAIC,EAAAA,QA4rBhC,OA7qBUR,EAAA3E,UAAAoF,qBAAR,SAA6BC,GAE3B,OADwBA,GAAgB,UAAUC,OACpCC,OAAO,MAQfZ,EAAA3E,UAAAwF,kBAAR,SAA0B1E,OACpB2E,EAAuB3E,EAI3B,OAHI2E,IAAgBC,WAA6B,OAAhBD,IAC/BA,GAAc,GAETA,GAUDd,EAAA3E,UAAA2F,oBAAR,WAAA,IAAA9B,EAAAzD,KACOA,KAAKwF,WAOVxF,KAAKwF,UAAUC,YAAW,SAAGC,GAC3BjC,EAAKqB,iBAAiBlE,KAAK,CACzB+E,KAAMD,EACNE,KAAMC,EAAkBjD,eAI5B5C,KAAKwF,UAAUM,aAAY,WACzBrC,EAAKqB,iBAAiBlE,KAAK,CAAEgF,KAAMC,EAAkBhD,gBAGvD7C,KAAKwF,UAAUO,qBAAoB,WACjCtC,EAAKqB,iBAAiBlE,KAAK,CACzBgF,KAAMC,EAAkB9C,wBAI5B/C,KAAKwF,UAAUQ,mBAAkB,WAC/BvC,EAAKqB,iBAAiBlE,KAAK,CACzBgF,KAAMC,EAAkB/C,sBAI5B9C,KAAKwF,UAAUS,cAAa,WAC1BxC,EAAKqB,iBAAiBlE,KAAK,CAAEgF,KAAMC,EAAkB7C,iBAGvDhD,KAAKwF,UAAUU,eAAc,WAC3BzC,EAAKqB,iBAAiBlE,KAAK,CACzBgF,KAAMC,EAAkB3C,kBAI5BlD,KAAKwF,UAAUW,QAAO,SAAGvC,GACvBH,EAAKqB,iBAAiBlE,KAAK,CACzB+E,KAAM/B,EACNgC,KAAMC,EAAkB5C,YA1C1BmD,QAAQC,KACN,2FAqDE9B,EAAA3E,UAAA0G,iBAAR,SACEC,WAEMC,EAAmC,OACzC,IAAmB,IAAAC,EHlHhB,SAAkBlE,GACrB,IAAIC,EAAsB,mBAAXT,QAAyBQ,EAAER,OAAOC,UAAWzC,EAAI,EAChE,OAAIiD,EAAUA,EAAE1C,KAAKyC,GACd,CACH3B,KAAM,WAEF,OADI2B,GAAKhD,GAAKgD,EAAE7C,SAAQ6C,OAAI,GACrB,CAAE7B,MAAO6B,GAAKA,EAAEhD,KAAMyB,MAAOuB,KG4GzBmE,CAAAH,GAAkBI,EAAAF,EAAA7F,QAAA+F,EAAA3F,KAAA2F,EAAAF,EAAA7F,OAAE,CAAlC,IAAMgG,EAAID,EAAAjG,MACTmG,OAAW,EAEbA,EADkB,iBAATD,EACK,CAAEE,WAAY,IAAIC,OAAOH,EAAM,KAAMI,YAAa,IAElD,CACZF,WAAY,IAAIC,OAAOH,EAAKK,IAAK,KACjCD,YAAaJ,EAAKI,aAGtBR,EAAanE,KAAKwE,wGAEpB,OAAOL,GAQDjC,EAAA3E,UAAAsH,kBAAR,SAA0BxD,OACxBI,EAAAJ,EAAAyD,wBAAAA,OAAA,IAAArD,GAAAA,EACAD,EAAAH,EAAA0D,yBAAAA,OAAA,IAAAvD,GAAAA,EACAwD,EAAA3D,EAAA6C,mBAAAA,OAAA,IAAAc,EAAA,GAAAA,EACAC,EAAA5D,EAAA6D,gBAAAA,OAAA,IAAAD,EAAA,GAAAA,EACAE,EAAA9D,EAAA+D,qBAAAA,OAAA,IAAAD,GAAAA,EACAE,EAAAhE,EAAAiE,wBAAAA,OAAA,IAAAD,EAAA,gBAAAA,EACAE,EAAAlE,EAAAuB,aAAAA,OAAA,IAAA2C,EAAA,SAAAA,EACAC,EAAAnE,EAAAmE,YAEA7H,KAAK8H,yBAA2BX,EAChCnH,KAAK+H,0BAA4BX,EACjCpH,KAAKgI,yBAA2BL,EAChC3H,KAAKiI,cAAgBhD,EAAaC,OAAOC,OAAO,KAChDnF,KAAKkI,oBAAsBlI,KAAKsG,iBAAiBC,GACjDvG,KAAKmI,iBAAmBZ,EACxBvH,KAAKoI,wBAA0BX,EAC/BzH,KAAKqI,iBAAiBR,GAAmC,aAArBA,EAAYS,MAqDlD/D,EAAA3E,UAAA2I,KAAA,SAAKC,GAAL,IAAA/E,EAAAzD,KACE,YADG,IAAAwI,IAAAA,EAAA,IACI,IAAIlI,QAAO,SAAEC,EAASC,GAC3BiD,EAAKyD,kBAAkBsB,GACf,IAAAC,EAAAD,EAAAC,OAAQZ,EAAAW,EAAAX,YAEhBpE,EAAK+B,UAAYrB,EAASsE,GAC1BhF,EAAK8B,sBACL9B,EAAK+B,UACF+C,KAAKV,GACLa,QAAO,SAAO9E,GAAa,OAAA3D,EAAAwD,OAAA,OAAA,EAAA,mEAGtBzD,KAAKoI,0BACPpI,KAAK2I,eAAiBtE,EAAsBrE,KAAKwF,WACjDxF,KAAK4I,8BAAgCJ,EAAQK,8BAAgC,GAC7E7I,KAAK8I,iCACHN,EAAQO,iCAAmC,MAC7C/I,KAAK8I,iCAAmC9I,KAAK8I,iCAAiCE,cAElC,QAA1ChJ,KAAK8I,kCACqC,gBAA1C9I,KAAK8I,mCAELN,EAAQO,gCAAkC,OAE5C/I,KAAKiJ,kBAAoBT,EAAQU,kBAAoB,IAEnDtF,GAAiB5D,KAAK+H,0BACxB,CAAA,EAAM/H,KAAKmJ,mBADT,CAAA,EAAA,UACFzF,EAAAjC,+BAEFlB,EAAQqD,cAETjB,MAAK,SAACyG,OACDC,EAAM,oDACV,GAAID,EAAS,CACH,IAAAzG,EAAAyG,EAAAzG,MAAO2G,EAAAF,EAAAE,kBACfD,EAAMA,EAAIlE,OACR,oCAAoCxC,EAAK,kBAAkB2G,GAG/D9I,EAAO6I,QA0Bf9E,EAAA3E,UAAA2J,MAAA,SAAMf,GAAN,IAAA/E,EAAAzD,KACE,YADI,IAAAwI,IAAAA,EAAA,IACG,IAAIlI,QAAO,SAAEC,EAASC,GAC3BiD,EAAK+B,UACF+D,MAAMf,GACNE,QAAO,WAAC,OAAAzI,EAAAwD,OAAA,OAAA,EAAA,mEACHzD,KAAK+H,0BACP,CAAA,EAAM/H,KAAKmJ,mBADT,CAAA,EAAA,UACFzF,EAAAjC,+BAEFlB,eAEDoC,MAAK,WAAO,OAAAnC,EAAO,4CAY1B+D,EAAA3E,UAAA4J,OAAA,SAAOC,GAAP,IAAAhG,EAAAzD,KACE,OAAO,IAAIM,QAAO,SAAEC,EAASC,OACrBgI,EAAe,CACnBiB,YAAWA,GAGbhG,EAAK+B,UACFgE,OAAOhB,GACPE,QAAO,WACNjF,EAAKiG,aAAepE,UACpB/E,MAEDoC,MAAK,WAAO,OAAAnC,EAAO,yCAc1B+D,EAAA3E,UAAA+J,SAAA,SACEnB,GADF,IAAA/E,EAAAzD,KAGE,YAFA,IAAAwI,IAAAA,EAAA,CAA2CoB,OAAQ,aAE5C,IAAItJ,QAAO,SAAEC,EAASC,GAC3BiD,EAAK+B,UACFmE,SAASnB,GACTE,QAAO,WACNnI,MAEDoC,MAAK,WACJ,OAAAnC,EAAO,yDAgBf+D,EAAA3E,UAAAiK,aAAA,SAAaC,EAAcC,OACrBC,EAKJ,OAJAA,EAAUhK,KAAKwF,UAAUyE,gBAAgBH,EAAMC,MAE7CC,EAAUhK,KAAKwF,UAAU0E,aAAaJ,IAEjCE,GAaTzF,EAAA3E,UAAAmE,aAAA,SAAaoG,QAAA,IAAAA,IAAAA,GAAA,OACPnG,EAAkB,GACtB,GAAIhE,KAAKwF,UAAU4E,eACjB,IAAK,IAAMC,KAAOrK,KAAKwF,UAAU4E,eAC/B,GAAIpK,KAAKwF,UAAU4E,eAAevK,eAAewK,GAAM,KAE/CC,EADsBtK,KAAKwF,UAAU4E,eAAeC,GAChB,OAAK,GAC/CrG,EAAQA,EAAMmB,OAAOmF,GAI3B,GAAIH,GAAYnK,KAAKwF,UAAU+E,YAAa,KACpCC,EAAaxK,KAAKwF,UAAU+E,YAAmB,OAAK,GAC1DvG,EAAM3B,KAAItC,MAAViE,EH3VC,WACH,IAAK,IAAItB,EAAK,GAAInD,EAAI,EAAGA,EAAIE,UAAUC,OAAQH,IAC3CmD,EAAKA,EAAGyC,OAAO7C,EAAO7C,UAAUF,KACpC,OAAOmD,EGwVA+H,CAASD,IAEhB,OAAOxG,GASHO,EAAA3E,UAAA+D,WAAN,mGAEI,6BAAK3D,KAAKwF,UAAU5B,cAGpB,CAAA,EAAM5D,KAAK0K,YAAY,KAFrB,CAAA,GAAO,UAGT,OADAhH,EAAAjC,OACA,CAAA,GAAO,UAEP,gBAAA,CAAA,GAAO,0BAaX8C,EAAA3E,UAAA+K,eAAA,SAAeC,GACb,YADa,IAAAA,IAAAA,EAAA,GACN5K,KAAKwF,UAAUmF,eAAeC,IAcvCrG,EAAA3E,UAAA8K,YAAA,SAAYE,GAAZ,IAAAnH,EAAAzD,KACE,YADU,IAAA4K,IAAAA,EAAA,GACH,IAAItK,QAAO,SAAQC,EAASC,GAAM,OAAAP,EAAAwD,OAAA,OAAA,EAAA,qCAGvC,OAAIzD,KAAKqI,gBACHrI,KAAK2K,iBACPnK,EAAO,0DAEPD,GAAQ,GAEV,CAAA,IAGGP,KAAKwF,WAKVxF,KAAKwF,UACFkF,YAAYE,GACZlC,QAAO,SAACmC,GACPtK,EAAQsK,KAETlI,MAAK,WACJ,OAAAnC,EAAO,kEAVTA,EAAO,gDACP,CAAA,WAwBN+D,EAAA3E,UAAAuJ,gBAAA,SACE2B,GADF,IAAArH,EAAAzD,KAGE,YAFA,IAAA8K,IAAAA,GAAA,GAEO,IAAIxK,QAAO,SAAQC,EAASC,GAAM,OAAAP,EAAAwD,OAAA,OAAA,EAAA,uEACvC,OAAIzD,KAAK0J,eAAiBoB,GACxBvK,EAAQP,KAAK0J,cACb,CAAA,IAGI,CAAA,EAAM1J,KAAK2D,qBAAjB,OAAMD,EAAAjC,QAKNzB,KAAKwF,UACF2D,kBACAT,QAAO,SAAC3H,GACP0C,EAAKiG,aAAY,EACjBnJ,EAAQkD,EAAKiG,gBAEd/G,MAAK,WAAO,OAAAnC,EAAO,iDAVpBA,EAAO,iEACP,CAAA,YAoBN+D,EAAA3E,UAAAmL,SAAA,WAAA,IAAAtH,EAAAzD,KACE,OAAO,IAAIM,QAAO,SAAQC,EAASC,GAAM,OAAAP,EAAAwD,OAAA,OAAA,EAAA,4DAErC,6BAAA,CAAA,EAAMzD,KAAK0K,YAAY,mBAAvBhH,EAAAjC,OACAlB,EAAQP,KAAKwF,UAAUwF,oCAEvBhL,KAAKuJ,uCAWXhF,EAAA3E,UAAAqL,YAAA,WACE,IAAKjL,KAAK0J,aACR,MAAM,IAAIwB,MAAM,sDAGlB,OAAOlL,KAAK0J,aAAayB,UAQ3B5G,EAAA3E,UAAAwL,WAAA,WACEpL,KAAKwF,UAAU4F,cAajB7G,EAAA3E,UAAAyL,iBAAA,SAAiBC,GAAjB,IAAA7H,EAAAzD,KACE,OAAO2E,EAAAA,WAAWC,OAAM,SAAQC,GAAuB,OAAA5E,EAAAwD,OAAA,OAAA,EAAA,uEACjD8H,EAAUD,KAEZC,EAAU,IAAIC,EAAAA,8BAGQ,6BAAA,CAAA,EAAMxL,KAAK+K,0BAA3BC,EAAgBtH,EAAAjC,OACtB8J,EAAUA,EAAQE,IAChBzL,KAAKgI,yBACLhI,KAAKiI,cAAgB+C,GAEvBnG,EAASjE,KAAK2K,GACd1G,EAASJ,0CAETI,EAASlC,MAAM+I,kCAYrBnH,EAAA3E,UAAA+L,oBAAA,WACE,OAAO3L,KAAKwF,WAUdrG,OAAAyM,eAAIrH,EAAA3E,UAAA,qBAAkB,KAAtB,WACE,OAAOI,KAAKkI,qDAUd/I,OAAAyM,eAAIrH,EAAA3E,UAAA,kBAAe,KAAnB,WACE,OAAOI,KAAKmI,kDASdhJ,OAAAyM,eAAIrH,EAAA3E,UAAA,yBAAsB,KAA1B,WACE,OAAOI,KAAKoI,yDAQdjJ,OAAAyM,eAAIrH,EAAA3E,UAAA,gCAA6B,KAAjC,WACE,OAAOI,KAAK2I,gDAQdxJ,OAAAyM,eAAIrH,EAAA3E,UAAA,MAAG,KAAP,WACE,OAAOI,KAAK6L,8BAA8BC,qCAU5CvH,EAAA3E,UAAAmM,eAAA,SAAeT,OACTC,EAAUD,EACTC,IACHA,EAAU,IAAIC,EAAAA,aAEhB,QACQR,EAAgBhL,KAAK6L,8BAA8BC,KAAO,GAGhE,OAFAP,EAAUA,EAAQE,IAAI,gBAAiB,UAAYT,GAGnD,MAAOrI,GAEP,MADAyD,QAAQ4F,IAAIrJ,GACNA,IAQVxD,OAAAyM,eAAIrH,EAAA3E,UAAA,kCAA+B,KAAnC,WACE,OAAOI,KAAK8I,kEAOd3J,OAAAyM,eAAIrH,EAAA3E,UAAA,+BAA4B,KAAhC,WACE,OAAOI,KAAK4I,+DAOdzJ,OAAAyM,eAAIrH,EAAA3E,UAAA,mBAAgB,KAApB,WACE,OAAOI,KAAKiJ,mDAOd9J,OAAAyM,eAAIrH,EAAA3E,UAAA,mBAAgB,KAApB,WACE,OAAOI,KAAKwE,mDASdrF,OAAAyM,eAAIrH,EAAA3E,UAAA,aAAU,KAAd,WACE,OAAOI,KAAK0E,8CASdvF,OAAAyM,eAAIrH,EAAA3E,UAAA,0BAAuB,KAA3B,WACE,OAAOI,KAAK8H,0DAsBd3I,OAAAyM,eAAIrH,EAAA3E,UAAA,kBAAe,KAAnB,WACE,OAAOI,KAAK8E,sEAhxBfmH,EAAAA,mDAkxBD1H,EA3xBA,gBCKE,SAAA2H,EAAoBC,GAAAnM,KAAAmM,SAAAA,EAoDtB,OA1CUD,EAAAtM,UAAAwM,cAAR,SACE1I,EACAI,OADEuI,EAAA3I,EAAA2I,OAAQpF,EAAAvD,EAAAuD,IACRH,EAAAhD,EAAAgD,WAAYE,EAAAlD,EAAAkD,YAERsF,EACmB,IAAvBtF,EAAYtH,QACZsH,EAAYuF,OAAOC,QAAQH,EAAOI,gBAAkB,EAEhDC,EAAU5F,EAAW6F,KAAK1F,GAEhC,OAAOqF,GAAYI,GAUdR,EAAAtM,UAAAgN,UAAP,SACEC,EACAjM,GAFF,IAAA6C,EAAAzD,KAIQ0D,EAAA1D,KAAAmM,SAAEhF,EAAAzD,EAAAyD,wBAAyBZ,EAAA7C,EAAA6C,mBACjC,OAAKY,EAKHZ,EAAmBuG,UAAS,SAAClG,GAAQ,OAAAnD,EAAK2I,cAAcS,EAAKjG,MAAU,EAEhEhG,EAAKmM,OAAOF,GAGd7M,KAAKmM,SAASd,iBAAiBwB,EAAItB,SAASyB,KACjDC,EAAAA,SAAQ,SAACC,OACDC,EAAQN,EAAIO,MAAM,CAAE7B,QAAS2B,IACnC,OAAOtM,EAAKmM,OAAOI,MAZdvM,EAAKmM,OAAOF,wBAtCxBZ,EAAAA,sDATQ1H,KA+DT2H,kBC3CE,SAAAmB,EAAoBlB,GAAAnM,KAAAmM,SAAAA,EA4LtB,OA1LUkB,EAAAzN,UAAA0N,sBAAR,eACQ9G,EAAyBxG,KAAKmM,SAAS5E,gBAC7CvH,KAAKuN,kBAAoB/G,EAAagH,IAAG,SAAC1G,GAAc,OAAA,IAAIC,OAAOD,EAAY,QAAS,IAUnFuG,EAAAzN,UAAAgN,UAAP,SAAiBC,EAAuBjM,GAAxC,IAAA6C,EAAAzD,KAEE,IAAKA,KAAKmM,WAAanM,KAAKmM,SAASsB,yBAA2BzN,KAAKmM,SAAS5E,gBAC5E,OAAO3G,EAAKmM,OAAOF,OAajBa,EAVEC,EAAad,EAAI5F,IAMvB,GALKjH,KAAKuN,mBACRvN,KAAKsN,0BAGsBtN,KAAKuN,kBAAkBK,KAAI,SAACC,GAAS,OAAAA,EAAMlB,KAAKgB,KAE3E,OAAO/M,EAAKmM,OAAOF,GAMrB,GACE7M,KAAKmM,SAASsB,wBACdzN,KAAKmM,SAASN,+BACd7L,KAAKmM,SAAS2B,IACd,KAEMC,EAA8B/N,KAAKmM,SAASJ,eAAec,EAAItB,SAKrEmC,EAA+BM,EAAAA,GAAGD,QAGlCL,EAA+B1N,KAAKmM,SAASd,iBAAiBwB,EAAItB,SAGpE,OAAOmC,EAA6BV,KAClCiB,EAAAA,UAAS,SAACC,OAEFf,EAAQN,EAAIO,MAAM,CAAE7B,QAAS2C,IACnC,OAAOtN,EAAKmM,OAAOI,KAErBgB,EAAAA,WAAU,SAAExL,EAAOyL,GAKjB,GACE3K,EAAK4K,YAAY1L,IACjBc,EAAK6K,kCAAkC3L,IACW,QAAlDc,EAAK0I,SAASpD,gCAId,OAD8BwF,EAAAA,KAAY9K,EAAK0I,SAASzB,YAAY,KACvCsC,KAC3BiB,EAAAA,UAAS,SAACO,OACFC,EAAwB9L,EAAM4I,QAAQmD,IAAI,oBAC5CC,EAAS,KAGb,IAA8C,IAA1CF,EAAsBjC,QAAQ,OAGhC,QADMoC,EAASH,EAAsBI,MAAM,KAClCtP,EAAI,EAAGA,EAAIqP,EAAOlP,OAAQH,IAAK,KAChCuP,EAAQF,EAAOrP,GAAGsP,MAAM,KACb,WAAbC,EAAM,KACRH,EAASG,EAAM,GAAGC,UAAU,EAAGD,EAAM,GAAGpP,OAAS,GAAGwF,QAK1D,GAAc,MAAVyJ,EACF,OAAOhK,EAAAA,WAAW9C,SAAMc,OAGpBqM,EAAoB9P,EAAA,GACrBuE,EAAK0I,SAAStD,6BAA4B,CAC7C8F,OAAMA,IAER,OAAOlL,EAAKwL,UAAUD,GAAsBhC,KAC1CmB,EAAAA,WAAU,SAACtN,GACT,OAAO8D,EAAAA,WAAW9C,SAAMc,KAE1BsL,EAAAA,UAAS,SAACnC,OACFiC,EAA8BtK,EAAK0I,SAASJ,eAAec,EAAItB,SAC/D4B,EAA0BN,EAAIO,MAAM,CAAE7B,QAASwC,IACrD,OAAOnN,EAAKmM,OAAOI,SAMtB,GAAsD,gBAAlD1J,EAAK0I,SAASpD,gCAAmD,KAEpEiG,EAAmEvL,EAAK0I,SAC3EtD,6BACH,OAAOpF,EAAKwL,UAAUD,GAAsBhC,KAC1CmB,EAAAA,WAAU,SAACtN,GACT,OAAO8D,EAAAA,WAAW9C,SAAMc,KAE1BsL,EAAAA,UAAS,SAACnC,OACFiC,EAA8BtK,EAAK0I,SAASJ,eAAec,EAAItB,SAC/D4B,EAA0BN,EAAIO,MAAM,CAAE7B,QAASwC,IACrD,OAAOnN,EAAKmM,OAAOI,MAIvB,OAAOxI,EAAAA,WAAW9C,SAAMc,OAYxB0K,EAAAzN,UAAAqP,UAAR,SACED,GADF,IAAAvL,EAAAzD,KAGQkP,EAAQlP,KAAKmM,SAASN,8BAE5B,OAAOlH,EAAAA,WAAWC,OAAM,SAAQC,GAAuB,OAAA5E,EAAAwD,OAAA,OAAA,EAAA,gDACrD,IACwD,gBAAlDzD,KAAKmM,SAASpD,gCAChBmG,EAAMC,YAAYnP,KAAKmM,SAASjD,iBAAkB8F,GAAsB/N,KAAI,SAC1E6K,GACErI,EAAK0I,SAASiD,iBAAiBxO,KAAKkL,GACpCjH,EAASjE,KAAKkL,GACdjH,EAASJ,YACV,WAECI,EAASlC,MAAM,oDAChB,WAECkC,EAASlC,MAAM,sDAImC,QAAlD3C,KAAKmM,SAASpD,iCAChBmG,EAAMG,UAAUL,GAAsB/N,KAAI,SACxC6K,GACErI,EAAK0I,SAASiD,iBAAiBxO,KAAKkL,GACpCjH,EAASjE,KAAKkL,GACdjH,EAASJ,YACV,WAECI,EAASlC,MAAM,oDAChB,WAECkC,EAASlC,MAAM,sDAKvB,MAAOA,GACPkC,EAASlC,MAAMA,oBAKb0K,EAAAzN,UAAAyO,YAAR,SAAoB1L,GAClB,OAAOA,aAAiB2M,EAAAA,mBAAsC,MAAjB3M,EAAM4M,QAG7ClC,EAAAzN,UAAA0O,kCAAR,SAA0C3L,GACxC,OAAOA,aAAiB2M,EAAAA,mBAAqB3M,EAAM4I,QAAQiE,IAAI,qBAGzDnC,EAAAzN,UAAA6P,oBAAR,SAA4B9M,GAC1B,OAAOA,aAAiB2M,EAAAA,mBAAsC,MAAjB3M,EAAM4M,4BAnMtDtD,EAAAA,sDARQ1H,KA6MT8I,kBCnNA,SAAAqC,KAgByB,2BAhBxBC,EAAAA,SAAQhK,KAAA,CAAC,CACRiK,QAAS,CAACC,EAAAA,cACVC,UAAW,CACTvL,EACA,CACEwL,QAASC,EAAAA,kBACTC,SAAU/D,EACVgE,OAAO,GAET,CACEH,QAASC,EAAAA,kBACTC,SAAU5C,EACV6C,OAAO,QAIYR,kBCpBzB,SAAAS,KAGoC,2BAHnCR,EAAAA,SAAQhK,KAAA,CAAC,CACRiK,QAAS,CAACF,OAEwBS","sourcesContent":["/*! *****************************************************************************\r\nCopyright (c) Microsoft Corporation. All rights reserved.\r\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use\r\nthis file except in compliance with the License. You may obtain a copy of the\r\nLicense at http://www.apache.org/licenses/LICENSE-2.0\r\n\r\nTHIS CODE IS PROVIDED ON AN *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\r\nKIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED\r\nWARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE,\r\nMERCHANTABLITY OR NON-INFRINGEMENT.\r\n\r\nSee the Apache Version 2.0 License for specific language governing permissions\r\nand limitations under the License.\r\n***************************************************************************** */\r\n/* global Reflect, Promise */\r\n\r\nvar extendStatics = function(d, b) {\r\n extendStatics = Object.setPrototypeOf ||\r\n ({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||\r\n function (d, b) { for (var p in b) if (b.hasOwnProperty(p)) d[p] = b[p]; };\r\n return extendStatics(d, b);\r\n};\r\n\r\nexport function __extends(d, b) {\r\n extendStatics(d, b);\r\n function __() { this.constructor = d; }\r\n d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());\r\n}\r\n\r\nexport var __assign = function() {\r\n __assign = Object.assign || function __assign(t) {\r\n for (var s, i = 1, n = arguments.length; i < n; i++) {\r\n s = arguments[i];\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p)) t[p] = s[p];\r\n }\r\n return t;\r\n }\r\n return __assign.apply(this, arguments);\r\n}\r\n\r\nexport function __rest(s, e) {\r\n var t = {};\r\n for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0)\r\n t[p] = s[p];\r\n if (s != null && typeof Object.getOwnPropertySymbols === \"function\")\r\n for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) if (e.indexOf(p[i]) < 0)\r\n t[p[i]] = s[p[i]];\r\n return t;\r\n}\r\n\r\nexport function __decorate(decorators, target, key, desc) {\r\n var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;\r\n if (typeof Reflect === \"object\" && typeof Reflect.decorate === \"function\") r = Reflect.decorate(decorators, target, key, desc);\r\n else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;\r\n return c > 3 && r && Object.defineProperty(target, key, r), r;\r\n}\r\n\r\nexport function __param(paramIndex, decorator) {\r\n return function (target, key) { decorator(target, key, paramIndex); }\r\n}\r\n\r\nexport function __metadata(metadataKey, metadataValue) {\r\n if (typeof Reflect === \"object\" && typeof Reflect.metadata === \"function\") return Reflect.metadata(metadataKey, metadataValue);\r\n}\r\n\r\nexport function __awaiter(thisArg, _arguments, P, generator) {\r\n return new (P || (P = Promise))(function (resolve, reject) {\r\n function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }\r\n function rejected(value) { try { step(generator[\"throw\"](value)); } catch (e) { reject(e); } }\r\n function step(result) { result.done ? resolve(result.value) : new P(function (resolve) { resolve(result.value); }).then(fulfilled, rejected); }\r\n step((generator = generator.apply(thisArg, _arguments || [])).next());\r\n });\r\n}\r\n\r\nexport function __generator(thisArg, body) {\r\n var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;\r\n return g = { next: verb(0), \"throw\": verb(1), \"return\": verb(2) }, typeof Symbol === \"function\" && (g[Symbol.iterator] = function() { return this; }), g;\r\n function verb(n) { return function (v) { return step([n, v]); }; }\r\n function step(op) {\r\n if (f) throw new TypeError(\"Generator is already executing.\");\r\n while (_) try {\r\n if (f = 1, y && (t = op[0] & 2 ? y[\"return\"] : op[0] ? y[\"throw\"] || ((t = y[\"return\"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;\r\n if (y = 0, t) op = [op[0] & 2, t.value];\r\n switch (op[0]) {\r\n case 0: case 1: t = op; break;\r\n case 4: _.label++; return { value: op[1], done: false };\r\n case 5: _.label++; y = op[1]; op = [0]; continue;\r\n case 7: op = _.ops.pop(); _.trys.pop(); continue;\r\n default:\r\n if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }\r\n if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }\r\n if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }\r\n if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }\r\n if (t[2]) _.ops.pop();\r\n _.trys.pop(); continue;\r\n }\r\n op = body.call(thisArg, _);\r\n } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }\r\n if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };\r\n }\r\n}\r\n\r\nexport function __exportStar(m, exports) {\r\n for (var p in m) if (!exports.hasOwnProperty(p)) exports[p] = m[p];\r\n}\r\n\r\nexport function __values(o) {\r\n var m = typeof Symbol === \"function\" && o[Symbol.iterator], i = 0;\r\n if (m) return m.call(o);\r\n return {\r\n next: function () {\r\n if (o && i >= o.length) o = void 0;\r\n return { value: o && o[i++], done: !o };\r\n }\r\n };\r\n}\r\n\r\nexport function __read(o, n) {\r\n var m = typeof Symbol === \"function\" && o[Symbol.iterator];\r\n if (!m) return o;\r\n var i = m.call(o), r, ar = [], e;\r\n try {\r\n while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);\r\n }\r\n catch (error) { e = { error: error }; }\r\n finally {\r\n try {\r\n if (r && !r.done && (m = i[\"return\"])) m.call(i);\r\n }\r\n finally { if (e) throw e.error; }\r\n }\r\n return ar;\r\n}\r\n\r\nexport function __spread() {\r\n for (var ar = [], i = 0; i < arguments.length; i++)\r\n ar = ar.concat(__read(arguments[i]));\r\n return ar;\r\n}\r\n\r\nexport function __await(v) {\r\n return this instanceof __await ? (this.v = v, this) : new __await(v);\r\n}\r\n\r\nexport function __asyncGenerator(thisArg, _arguments, generator) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var g = generator.apply(thisArg, _arguments || []), i, q = [];\r\n return i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i;\r\n function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }\r\n function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }\r\n function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }\r\n function fulfill(value) { resume(\"next\", value); }\r\n function reject(value) { resume(\"throw\", value); }\r\n function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }\r\n}\r\n\r\nexport function __asyncDelegator(o) {\r\n var i, p;\r\n return i = {}, verb(\"next\"), verb(\"throw\", function (e) { throw e; }), verb(\"return\"), i[Symbol.iterator] = function () { return this; }, i;\r\n function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: n === \"return\" } : f ? f(v) : v; } : f; }\r\n}\r\n\r\nexport function __asyncValues(o) {\r\n if (!Symbol.asyncIterator) throw new TypeError(\"Symbol.asyncIterator is not defined.\");\r\n var m = o[Symbol.asyncIterator], i;\r\n return m ? m.call(o) : (o = typeof __values === \"function\" ? __values(o) : o[Symbol.iterator](), i = {}, verb(\"next\"), verb(\"throw\"), verb(\"return\"), i[Symbol.asyncIterator] = function () { return this; }, i);\r\n function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; }\r\n function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); }\r\n}\r\n\r\nexport function __makeTemplateObject(cooked, raw) {\r\n if (Object.defineProperty) { Object.defineProperty(cooked, \"raw\", { value: raw }); } else { cooked.raw = raw; }\r\n return cooked;\r\n};\r\n\r\nexport function __importStar(mod) {\r\n if (mod && mod.__esModule) return mod;\r\n var result = {};\r\n if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];\r\n result.default = mod;\r\n return result;\r\n}\r\n\r\nexport function __importDefault(mod) {\r\n return (mod && mod.__esModule) ? mod : { default: mod };\r\n}\r\n","/**\r\n * @license\r\n * Copyright Mauricio Gemelli Vigolo and contributors.\r\n *\r\n * Use of this source code is governed by a MIT-style license that can be\r\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/LICENSE\r\n */\r\n\r\n/**\r\n * Keycloak event types, as described at the keycloak-js documentation:\r\n * https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-events\r\n */\r\nexport enum KeycloakEventType {\r\n /**\r\n * Called if there was an error during authentication.\r\n */\r\n OnAuthError,\r\n /**\r\n * Called if the user is logged out\r\n * (will only be called if the session status iframe is enabled, or in Cordova mode).\r\n */\r\n OnAuthLogout,\r\n /**\r\n * Called if there was an error while trying to refresh the token.\r\n */\r\n OnAuthRefreshError,\r\n /**\r\n * Called when the token is refreshed.\r\n */\r\n OnAuthRefreshSuccess,\r\n /**\r\n * Called when a user is successfully authenticated.\r\n */\r\n OnAuthSuccess,\r\n /**\r\n * Called when the adapter is initialized.\r\n */\r\n OnReady,\r\n /**\r\n * Called when the access token is expired. If a refresh token is available the token\r\n * can be refreshed with updateToken, or in cases where it is not (that is, with implicit flow)\r\n * you can redirect to login screen to obtain a new access token.\r\n */\r\n OnTokenExpired\r\n}\r\n\r\n/**\r\n * Structure of an event triggered by Keycloak, contains it's type\r\n * and arguments (if any).\r\n */\r\nexport interface KeycloakEvent {\r\n /**\r\n * Event type as described at {@link KeycloakEventType}.\r\n */\r\n type: KeycloakEventType;\r\n /**\r\n * Arguments from the keycloak-js event function.\r\n */\r\n args?: any;\r\n}\r\n","/**\r\n * @license\r\n * Copyright Mauricio Gemelli Vigolo and contributors.\r\n *\r\n * Use of this source code is governed by a MIT-style license that can be\r\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/LICENSE\r\n */\r\n\r\nimport { CanActivate, Router, ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router';\r\n\r\nimport { KeycloakService } from './keycloak.service';\r\n\r\n/**\r\n * A simple guard implementation out of the box. This class should be inherited and\r\n * implemented by the application. The only method that should be implemented is #isAccessAllowed.\r\n * The reason for this is that the authorization flow is usually not unique, so in this way you will\r\n * have more freedom to customize your authorization flow.\r\n */\r\nexport abstract class KeycloakAuthGuard implements CanActivate {\r\n /**\r\n * Indicates if the user is authenticated or not.\r\n */\r\n protected authenticated: boolean;\r\n /**\r\n * Roles of the logged user. It contains the clientId and realm user roles.\r\n */\r\n protected roles: string[];\r\n\r\n constructor(protected router: Router, protected keycloakAngular: KeycloakService) {}\r\n\r\n /**\r\n * CanActivate checks if the user is logged in and get the full list of roles (REALM + CLIENT)\r\n * of the logged user. This values are set to authenticated and roles params.\r\n *\r\n * @param route\r\n * @param state\r\n */\r\n canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> {\r\n return new Promise(async (resolve, reject) => {\r\n try {\r\n this.authenticated = await this.keycloakAngular.isLoggedIn();\r\n this.roles = await this.keycloakAngular.getUserRoles(true);\r\n\r\n const result = await this.isAccessAllowed(route, state);\r\n resolve(result);\r\n } catch (error) {\r\n reject('An error happened during access validation. Details:' + error);\r\n }\r\n });\r\n }\r\n\r\n /**\r\n * Create your own customized authorization flow in this method. From here you already known\r\n * if the user is authenticated (this.authenticated) and the user roles (this.roles).\r\n *\r\n * @param route\r\n * @param state\r\n */\r\n abstract isAccessAllowed(\r\n route: ActivatedRouteSnapshot,\r\n state: RouterStateSnapshot\r\n ): Promise<boolean>;\r\n}\r\n","/**\r\n * @license\r\n * Copyright Mauricio Gemelli Vigolo and contributors.\r\n *\r\n * Use of this source code is governed by a MIT-style license that can be\r\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/LICENSE\r\n */\r\n\r\nimport { Injectable } from '@angular/core';\r\n\r\nimport { HttpHeaders } from '@angular/common/http';\r\n\r\nimport { Observable, Observer, Subject } from 'rxjs';\r\n\r\n// Workaround for rollup library behaviour, as pointed out on issue #1267 (https://github.com/rollup/rollup/issues/1267).\r\nimport * as Keycloak_ from 'keycloak-js';\r\nexport const Keycloak = Keycloak_;\r\nimport * as KeycloakAuthorization_ from 'keycloak-js/dist/keycloak-authz';\r\nexport const KeycloakAuthorization = KeycloakAuthorization_;\r\n\r\nimport {\r\n KeycloakOptions,\r\n ExcludedUrlRegex,\r\n ExcludedUrl\r\n} from '../interfaces/keycloak-options';\r\nimport { KeycloakEvent, KeycloakEventType } from '../interfaces/keycloak-event';\r\n\r\n/**\r\n * Service to expose existent methods from the Keycloak JS adapter, adding new\r\n * functionalities to improve the use of keycloak in Angular v > 4.3 applications.\r\n *\r\n * This class should be injected in the application bootstrap, so the same instance will be used\r\n * along the web application.\r\n */\r\n@Injectable()\r\nexport class KeycloakService {\r\n /**\r\n * Keycloak-js instance.\r\n */\r\n private _instance: Keycloak.KeycloakInstance;\r\n /**\r\n * User profile as KeycloakProfile interface.\r\n */\r\n private _userProfile: Keycloak.KeycloakProfile;\r\n /**\r\n * Flag to indicate if the bearer will not be added to the authorization header.\r\n */\r\n private _enableBearerInterceptor: boolean;\r\n /**\r\n * When the implicit flow is choosen there must exist a silentRefresh, as there is\r\n * no refresh token.\r\n */\r\n private _silentRefresh: boolean;\r\n /**\r\n * Indicates that the user profile should be loaded at the keycloak initialization,\r\n * just after the login.\r\n */\r\n private _loadUserProfileAtStartUp: boolean;\r\n /**\r\n * The bearer prefix that will be appended to the Authorization Header.\r\n */\r\n private _bearerPrefix: string;\r\n /**\r\n * Value that will be used as the Authorization Http Header name.\r\n */\r\n private _authorizationHeaderName: string;\r\n /**\r\n * The excluded urls patterns that must skip the KeycloakBearerInterceptor.\r\n */\r\n private _bearerExcludedUrls: ExcludedUrlRegex[];\r\n /**\r\n * Observer for the keycloak events\r\n */\r\n private _keycloakEvents$: Subject<KeycloakEvent>;\r\n /**\r\n * The excluded urls patterns that must skip the KeycloakRptInterceptor.\r\n */\r\n private _rptExcludedUrls: string[];\r\n /**\r\n * Determines whether RPT interceptor should be activated\r\n * (keycloak-authz-js is initiated and RPT interceptor is enabled if true).\r\n */\r\n private _isEnableRPTInterceptor: boolean;\r\n /**\r\n * Keycloak-authz-js instance.\r\n */\r\n private _authzInstance: KeycloakAuthorization.KeycloakAuthorizationInstance;\r\n /**\r\n * String \"uma\" or \"entitlement\" specifies, which function of the two functions\r\n * KeycloakAuthorizationInstance.authorize() or KeycloakAuthorizationInstance.entitlement()\r\n * will be used to obtain RPT. When not set, UMA is used.\r\n */\r\n private _resourceServerAuthorizationType: string;\r\n /**\r\n * Resource server ID, only needed when resourceServerAuthorizationType is set to \"entitlement\";\r\n */\r\n private _resourceServerID: string;\r\n /**\r\n * Serves as a template for an Authroization Request consumed by functions\r\n * KeycloakAuthorizationInstance.authorize() and KeycloakAuthorizationInstance.entitlement().\r\n */\r\n private _authorizationRequestTemplate: KeycloakAuthorization.AuthorizationRequest;\r\n /**\r\n * This emitter is used by RPT Interceptor to notify that when new RPT was obtained.\r\n */\r\n private _RPTupdateEmitter: Observer<string> = {\r\n next() {},\r\n error() {},\r\n complete() {}\r\n };\r\n /**\r\n * Observable that emits new RPT when it was updated by RPT interceptor.\r\n */\r\n private _RPTupdated$: Observable<string> = Observable.create(\r\n async (observer: Observer<string>) => {\r\n this._RPTupdateEmitter = observer;\r\n }\r\n );\r\n\r\n constructor() {\r\n this._keycloakEvents$ = new Subject<KeycloakEvent>();\r\n }\r\n\r\n /**\r\n * Sanitizes the bearer prefix, preparing it to be appended to\r\n * the token.\r\n *\r\n * @param bearerPrefix\r\n * Prefix to be appended to the authorization header as\r\n * Authorization: <bearer-prefix> <token>.\r\n * @returns\r\n * The bearer prefix sanitized, meaning that it will follow the bearerPrefix\r\n * param as described in the library initilization or the default value bearer,\r\n * with a space append in the end for the token concatenation.\r\n */\r\n private sanitizeBearerPrefix(bearerPrefix: string | undefined): string {\r\n const prefix: string = (bearerPrefix || 'bearer').trim();\r\n return prefix.concat(' ');\r\n }\r\n\r\n /**\r\n * Sets default value to true if it is undefined or null.\r\n *\r\n * @param value - boolean value to be checked\r\n */\r\n private ifUndefinedIsTrue(value: boolean): boolean {\r\n let returnValue: boolean = value;\r\n if (returnValue === undefined || returnValue === null) {\r\n returnValue = true;\r\n }\r\n return returnValue;\r\n }\r\n\r\n /**\r\n * Binds the keycloak-js events to the keycloakEvents Subject\r\n * which is a good way to monitor for changes, if needed.\r\n *\r\n * The keycloakEvents returns the keycloak-js event type and any\r\n * argument if the source function provides any.\r\n */\r\n private bindsKeycloakEvents(): void {\r\n if (!this._instance) {\r\n console.warn(\r\n 'Keycloak Angular events could not be registered as the keycloak instance is undefined.'\r\n );\r\n return;\r\n }\r\n\r\n this._instance.onAuthError = errorData => {\r\n this._keycloakEvents$.next({\r\n args: errorData,\r\n type: KeycloakEventType.OnAuthError\r\n });\r\n };\r\n\r\n this._instance.onAuthLogout = () => {\r\n this._keycloakEvents$.next({ type: KeycloakEventType.OnAuthLogout });\r\n };\r\n\r\n this._instance.onAuthRefreshSuccess = () => {\r\n this._keycloakEvents$.next({\r\n type: KeycloakEventType.OnAuthRefreshSuccess\r\n });\r\n };\r\n\r\n this._instance.onAuthRefreshError = () => {\r\n this._keycloakEvents$.next({\r\n type: KeycloakEventType.OnAuthRefreshError\r\n });\r\n };\r\n\r\n this._instance.onAuthSuccess = () => {\r\n this._keycloakEvents$.next({ type: KeycloakEventType.OnAuthSuccess });\r\n };\r\n\r\n this._instance.onTokenExpired = () => {\r\n this._keycloakEvents$.next({\r\n type: KeycloakEventType.OnTokenExpired\r\n });\r\n };\r\n\r\n this._instance.onReady = authenticated => {\r\n this._keycloakEvents$.next({\r\n args: authenticated,\r\n type: KeycloakEventType.OnReady\r\n });\r\n };\r\n }\r\n\r\n /**\r\n * Loads all bearerExcludedUrl content in a uniform type: ExcludedUrl,\r\n * so it becomes easier to handle.\r\n *\r\n * @param bearerExcludedUrls array of strings or ExcludedUrl that includes\r\n * the url and HttpMethod.\r\n */\r\n private loadExcludedUrls(\r\n bearerExcludedUrls: (string | ExcludedUrl)[]\r\n ): ExcludedUrlRegex[] {\r\n const excludedUrls: ExcludedUrlRegex[] = [];\r\n for (const item of bearerExcludedUrls) {\r\n let excludedUrl: ExcludedUrlRegex;\r\n if (typeof item === 'string') {\r\n excludedUrl = { urlPattern: new RegExp(item, 'i'), httpMethods: [] };\r\n } else {\r\n excludedUrl = {\r\n urlPattern: new RegExp(item.url, 'i'),\r\n httpMethods: item.httpMethods\r\n };\r\n }\r\n excludedUrls.push(excludedUrl);\r\n }\r\n return excludedUrls;\r\n }\r\n\r\n /**\r\n * Handles the class values initialization.\r\n *\r\n * @param options\r\n */\r\n private initServiceValues({\r\n enableBearerInterceptor = true,\r\n loadUserProfileAtStartUp = true,\r\n bearerExcludedUrls = [],\r\n rptExcludedUrls = [],\r\n enableRPTInterceptor = false,\r\n authorizationHeaderName = 'Authorization',\r\n bearerPrefix = 'bearer',\r\n initOptions\r\n }: KeycloakOptions): void {\r\n this._enableBearerInterceptor = enableBearerInterceptor;\r\n this._loadUserProfileAtStartUp = loadUserProfileAtStartUp;\r\n this._authorizationHeaderName = authorizationHeaderName;\r\n this._bearerPrefix = bearerPrefix.trim().concat(' ');\r\n this._bearerExcludedUrls = this.loadExcludedUrls(bearerExcludedUrls);\r\n this._rptExcludedUrls = rptExcludedUrls,\r\n this._isEnableRPTInterceptor = enableRPTInterceptor,\r\n this._silentRefresh = initOptions ? initOptions.flow === 'implicit' : false;\r\n }\r\n\r\n /**\r\n * Keycloak initialization. It should be called to initialize the adapter.\r\n * Options is a object with 2 main parameters: config and initOptions. The first one\r\n * will be used to create the Keycloak instance. The second one are options to initialize the\r\n * keycloak instance.\r\n *\r\n * @param options\r\n * Config: may be a string representing the keycloak URI or an object with the\r\n * following content:\r\n * - url: Keycloak json URL\r\n * - realm: realm name\r\n * - clientId: client id\r\n *\r\n * initOptions:\r\n * - onLoad: Specifies an action to do on load. Supported values are 'login-required' or\r\n * 'check-sso'.\r\n * - token: Set an initial value for the token.\r\n * - refreshToken: Set an initial value for the refresh token.\r\n * - idToken: Set an initial value for the id token (only together with token or refreshToken).\r\n * - timeSkew: Set an initial value for skew between local time and Keycloak server in seconds\r\n * (only together with token or refreshToken).\r\n * - checkLoginIframe: Set to enable/disable monitoring login state (default is true).\r\n * - checkLoginIframeInterval: Set the interval to check login state (default is 5 seconds).\r\n * - responseMode: Set the OpenID Connect response mode send to Keycloak server at login\r\n * request. Valid values are query or fragment . Default value is fragment, which means\r\n * that after successful authentication will Keycloak redirect to javascript application\r\n * with OpenID Connect parameters added in URL fragment. This is generally safer and\r\n * recommended over query.\r\n * - flow: Set the OpenID Connect flow. Valid values are standard, implicit or hybrid.\r\n *\r\n * enableBearerInterceptor:\r\n * Flag to indicate if the bearer will added to the authorization header.\r\n *\r\n * loadUserProfileInStartUp:\r\n * Indicates that the user profile should be loaded at the keycloak initialization,\r\n * just after the login.\r\n *\r\n * bearerExcludedUrls:\r\n * String Array to exclude the urls that should not have the Authorization Header automatically\r\n * added.\r\n *\r\n * authorizationHeaderName:\r\n * This value will be used as the Authorization Http Header name.\r\n *\r\n * bearerPrefix:\r\n * This value will be included in the Authorization Http Header param.\r\n *\r\n * @returns\r\n * A Promise with a boolean indicating if the initialization was successful.\r\n */\r\n init(options: KeycloakOptions = {}): Promise<boolean> {\r\n return new Promise((resolve, reject) => {\r\n this.initServiceValues(options);\r\n const { config, initOptions } = options;\r\n\r\n this._instance = Keycloak(config);\r\n this.bindsKeycloakEvents();\r\n this._instance\r\n .init(initOptions)\r\n .success(async authenticated => {\r\n // the KeycloakAuthorization is initialized only when\r\n // enableRPTInterceptor from KeycloakOptions is set to true\r\n if (this._isEnableRPTInterceptor) {\r\n this._authzInstance = KeycloakAuthorization(this._instance);\r\n this._authorizationRequestTemplate = options.authorizationRequestTemplate || {};\r\n this._resourceServerAuthorizationType =\r\n options.resourceServerAuthorizationType || 'uma';\r\n this._resourceServerAuthorizationType = this._resourceServerAuthorizationType.toLowerCase();\r\n if (\r\n this._resourceServerAuthorizationType !== 'uma' &&\r\n this._resourceServerAuthorizationType !== 'entitlement'\r\n ) {\r\n options.resourceServerAuthorizationType = 'uma';\r\n }\r\n this._resourceServerID = options.resourceServerID || '';\r\n }\r\n if (authenticated && this._loadUserProfileAtStartUp) {\r\n await this.loadUserProfile();\r\n }\r\n resolve(authenticated);\r\n })\r\n .error(kcError => {\r\n let msg = 'An error happened during Keycloak initialization.';\r\n if (kcError) {\r\n const { error, error_description } = kcError;\r\n msg = msg.concat(\r\n `\\nAdapter error details:\\nError: ${error}\\nDescription: ${error_description}`\r\n );\r\n }\r\n reject(msg);\r\n });\r\n });\r\n }\r\n\r\n /**\r\n * Redirects to login form on (options is an optional object with redirectUri and/or\r\n * prompt fields).\r\n *\r\n * @param options\r\n * Object, where:\r\n * - redirectUri: Specifies the uri to redirect to after login.\r\n * - prompt:By default the login screen is displayed if the user is not logged-in to Keycloak.\r\n * To only authenticate to the application if the user is already logged-in and not display the\r\n * login page if the user is not logged-in, set this option to none. To always require\r\n * re-authentication and ignore SSO, set this option to login .\r\n * - maxAge: Used just if user is already authenticated. Specifies maximum time since the\r\n * authentication of user happened. If user is already authenticated for longer time than\r\n * maxAge, the SSO is ignored and he will need to re-authenticate again.\r\n * - loginHint: Used to pre-fill the username/email field on the login form.\r\n * - action: If value is 'register' then user is redirected to registration page, otherwise to\r\n * login page.\r\n * - locale: Specifies the desired locale for the UI.\r\n * @returns\r\n * A void Promise if the login is successful and after the user profile loading.\r\n */\r\n login(options: Keycloak.KeycloakLoginOptions = {}): Promise<void> {\r\n return new Promise((resolve, reject) => {\r\n this._instance\r\n .login(options)\r\n .success(async () => {\r\n if (this._loadUserProfileAtStartUp) {\r\n await this.loadUserProfile();\r\n }\r\n resolve();\r\n })\r\n .error(() => reject(`An error happened during the login.`));\r\n });\r\n }\r\n\r\n /**\r\n * Redirects to logout.\r\n *\r\n * @param redirectUri\r\n * Specifies the uri to redirect to after logout.\r\n * @returns\r\n * A void Promise if the logout was successful, cleaning also the userProfile.\r\n */\r\n logout(redirectUri?: string): Promise<void> {\r\n return new Promise((resolve, reject) => {\r\n const options: any = {\r\n redirectUri\r\n };\r\n\r\n this._instance\r\n .logout(options)\r\n .success(() => {\r\n this._userProfile = undefined;\r\n resolve();\r\n })\r\n .error(() => reject('An error happened during logout.'));\r\n });\r\n }\r\n\r\n /**\r\n * Redirects to registration form. Shortcut for login with option\r\n * action = 'register'. Options are same as for the login method but 'action' is set to\r\n * 'register'.\r\n *\r\n * @param options\r\n * login options\r\n * @returns\r\n * A void Promise if the register flow was successful.\r\n */\r\n register(\r\n options: Keycloak.KeycloakLoginOptions = { action: 'register' }\r\n ): Promise<void> {\r\n return new Promise((resolve, reject) => {\r\n this._instance\r\n .register(options)\r\n .success(() => {\r\n resolve();\r\n })\r\n .error(() =>\r\n reject('An error happened during the register execution.')\r\n );\r\n });\r\n }\r\n\r\n /**\r\n * Check if the user has access to the specified role. It will look for roles in\r\n * realm and clientId, but will not check if the user is logged in for better performance.\r\n *\r\n * @param role\r\n * role name\r\n * @param resource\r\n * resource name If not specified, `clientId` is used\r\n * @returns\r\n * A boolean meaning if the user has the specified Role.\r\n */\r\n isUserInRole(role: string, resource?: string): boolean {\r\n let hasRole: boolean;\r\n hasRole = this._instance.hasResourceRole(role, resource);\r\n if (!hasRole) {\r\n hasRole = this._instance.hasRealmRole(role);\r\n }\r\n return hasRole;\r\n }\r\n\r\n /**\r\n * Return the roles of the logged user. The allRoles parameter, with default value\r\n * true, will return the clientId and realm roles associated with the logged user. If set to false\r\n * it will only return the user roles associated with the clientId.\r\n *\r\n * @param allRoles\r\n * Flag to set if all roles should be returned.(Optional: default value is true)\r\n * @returns\r\n * Array of Roles associated with the logged user.\r\n */\r\n getUserRoles(allRoles: boolean = true): string[] {\r\n let roles: string[] = [];\r\n if (this._instance.resourceAccess) {\r\n for (const key in this._instance.resourceAccess) {\r\n if (this._instance.resourceAccess.hasOwnProperty(key)) {\r\n const resourceAccess: any = this._instance.resourceAccess[key];\r\n const clientRoles = resourceAccess['roles'] || [];\r\n roles = roles.concat(clientRoles);\r\n }\r\n }\r\n }\r\n if (allRoles && this._instance.realmAccess) {\r\n const realmRoles = this._instance.realmAccess['roles'] || [];\r\n roles.push(...realmRoles);\r\n }\r\n return roles;\r\n }\r\n\r\n /**\r\n * Check if user is logged in.\r\n *\r\n * @returns\r\n * A boolean that indicates if the user is logged in.\r\n */\r\n async isLoggedIn(): Promise<boolean> {\r\n try {\r\n if (!this._instance.authenticated) {\r\n return false;\r\n }\r\n await this.updateToken(20);\r\n return true;\r\n } catch (error) {\r\n return false;\r\n }\r\n }\r\n\r\n /**\r\n * Returns true if the token has less than minValidity seconds left before\r\n * it expires.\r\n *\r\n * @param minValidity\r\n * Seconds left. (minValidity) is optional. Default value is 0.\r\n * @returns\r\n * Boolean indicating if the token is expired.\r\n */\r\n isTokenExpired(minValidity: number = 0): boolean {\r\n return this._instance.isTokenExpired(minValidity);\r\n }\r\n\r\n /**\r\n * If the token expires within minValidity seconds the token is refreshed. If the\r\n * session status iframe is enabled, the session status is also checked.\r\n * Returns a promise telling if the token was refreshed or not. If the session is not active\r\n * anymore, the promise is rejected.\r\n *\r\n * @param minValidity\r\n * Seconds left. (minValidity is optional, if not specified 5 is used)\r\n * @returns\r\n * Promise with a boolean indicating if the token was succesfully updated.\r\n */\r\n updateToken(minValidity: number = 5): Promise<boolean> {\r\n return new Promise(async (resolve, reject) => {\r\n // TODO: this is a workaround until the silent refresh (issue #43)\r\n // is not implemented, avoiding the redirect loop.\r\n if (this._silentRefresh) {\r\n if (this.isTokenExpired()) {\r\n reject('Failed to refresh the token, or the session is expired');\r\n } else {\r\n resolve(true);\r\n }\r\n return;\r\n }\r\n\r\n if (!this._instance) {\r\n reject('Keycloak Angular library is not initialized.');\r\n return;\r\n }\r\n\r\n this._instance\r\n .updateToken(minValidity)\r\n .success(refreshed => {\r\n resolve(refreshed);\r\n })\r\n .error(() =>\r\n reject('Failed to refresh the token, or the session is expired')\r\n );\r\n });\r\n }\r\n\r\n /**\r\n * Loads the user profile.\r\n * Returns promise to set functions to be invoked if the profile was loaded\r\n * successfully, or if the profile could not be loaded.\r\n *\r\n * @param forceReload\r\n * If true will force the loadUserProfile even if its already loaded.\r\n * @returns\r\n * A promise with the KeycloakProfile data loaded.\r\n */\r\n loadUserProfile(\r\n forceReload: boolean = false\r\n ): Promise<Keycloak.KeycloakProfile> {\r\n return new Promise(async (resolve, reject) => {\r\n if (this._userProfile && !forceReload) {\r\n resolve(this._userProfile);\r\n return;\r\n }\r\n\r\n if (!(await this.isLoggedIn())) {\r\n reject('The user profile was not loaded as the user is not logged in.');\r\n return;\r\n }\r\n\r\n this._instance\r\n .loadUserProfile()\r\n .success(result => {\r\n this._userProfile = result as Keycloak.KeycloakProfile;\r\n resolve(this._userProfile);\r\n })\r\n .error(() => reject('The user profile could not be loaded.'));\r\n });\r\n }\r\n\r\n /**\r\n * Returns the authenticated token, calling updateToken to get a refreshed one if\r\n * necessary. If the session is expired this method calls the login method for a new login.\r\n *\r\n * @returns\r\n * Promise with the generated token.\r\n */\r\n getToken(): Promise<string> {\r\n return new Promise(async (resolve, reject) => {\r\n try {\r\n await this.updateToken(10);\r\n resolve(this._instance.token);\r\n } catch (error) {\r\n this.login();\r\n }\r\n });\r\n }\r\n\r\n /**\r\n * Returns the logged username.\r\n *\r\n * @returns\r\n * The logged username.\r\n */\r\n getUsername(): string {\r\n if (!this._userProfile) {\r\n throw new Error('User not logged in or user profile was not loaded.');\r\n }\r\n\r\n return this._userProfile.username;\r\n }\r\n\r\n /**\r\n * Clear authentication state, including tokens. This can be useful if application\r\n * has detected the session was expired, for example if updating token fails.\r\n * Invoking this results in onAuthLogout callback listener being invoked.\r\n */\r\n clearToken(): void {\r\n this._instance.clearToken();\r\n }\r\n\r\n /**\r\n * Adds a valid token in header. The key & value format is:\r\n * Authorization Bearer <token>.\r\n * If the headers param is undefined it will create the Angular headers object.\r\n *\r\n * @param headers\r\n * Updated header with Authorization and Keycloak token.\r\n * @returns\r\n * An observable with with the HTTP Authorization header and the current token.\r\n */\r\n addTokenToHeader(headersArg?: HttpHeaders): Observable<HttpHeaders> {\r\n return Observable.create(async (observer: Observer<any>) => {\r\n let headers = headersArg;\r\n if (!headers) {\r\n headers = new HttpHeaders();\r\n }\r\n try {\r\n const token: string = await this.getToken();\r\n headers = headers.set(\r\n this._authorizationHeaderName,\r\n this._bearerPrefix + token\r\n );\r\n observer.next(headers);\r\n observer.complete();\r\n } catch (error) {\r\n observer.error(error);\r\n }\r\n });\r\n }\r\n\r\n /**\r\n * Returns the original Keycloak instance, if you need any customization that\r\n * this Angular service does not support yet. Use with caution.\r\n *\r\n * @returns\r\n * The KeycloakInstance from keycloak-js.\r\n */\r\n getKeycloakInstance(): Keycloak.KeycloakInstance {\r\n return this._instance;\r\n }\r\n\r\n /**\r\n * Returns the excluded URLs that should not be considered by\r\n * the http interceptor which automatically adds the authorization header in the Http Request.\r\n *\r\n * @returns\r\n * The excluded urls that must not be intercepted by the KeycloakBearerInterceptor.\r\n */\r\n get bearerExcludedUrls(): ExcludedUrlRegex[] {\r\n return this._bearerExcludedUrls;\r\n }\r\n\r\n /**\r\n * Returns the excluded URLs that should not be considered by\r\n * the RPT http interceptor which automatically adds the authorization header in the Http Request.\r\n *\r\n * @returns\r\n * The excluded urls that must not be intercepted by the KeycloakRptInterceptor.\r\n */\r\n get rptExcludedUrls(): string[] {\r\n return this._rptExcludedUrls;\r\n }\r\n\r\n /**\r\n * Returns true if authorization is enabled, false otherwise.\r\n *\r\n * @returns\r\n * true if authorization is enabled, false otherwise.\r\n */\r\n get isEnableRPTInterceptor(): boolean {\r\n return this._isEnableRPTInterceptor;\r\n }\r\n\r\n /**\r\n * Returns the original Keycloak Authorization instance from the official keycloak-js library.\r\n *\r\n * @returns\r\n */\r\n get keycloakAuthorizationInstance(): KeycloakAuthorization.KeycloakAuthorizationInstance {\r\n return this._authzInstance;\r\n }\r\n\r\n /**\r\n * Returns the RPT (Requesting Party Token) if it exists.\r\n *\r\n * @return\r\n */\r\n get RPT(): any {\r\n return this.keycloakAuthorizationInstance.rpt;\r\n }\r\n\r\n /**\r\n * Adds a requesting party token (RPT) token to header. The key: value format is:\r\n * Authorization: Bearer <token>.\r\n * If the headers param is undefined it will create the Angular headers object.\r\n *\r\n * @param headersArg updated header with Authorization and Keycloak token.\r\n */\r\n addRPTToHeader(headersArg?: HttpHeaders): HttpHeaders {\r\n let headers = headersArg;\r\n if (!headers) {\r\n headers = new HttpHeaders();\r\n }\r\n try {\r\n const token: string = this.keycloakAuthorizationInstance.rpt || '';\r\n headers = headers.set('Authorization', 'bearer ' + token);\r\n\r\n return headers;\r\n } catch (error) {\r\n console.log(error);\r\n throw error;\r\n }\r\n }\r\n\r\n /**\r\n * @return\r\n * resourceServerAuthorizationType that was set in KeycloakOptions, \"uma\" or \"entitlement\"\r\n */\r\n get resourceServerAuthorizationType(): string {\r\n return this._resourceServerAuthorizationType;\r\n }\r\n\r\n /**\r\n * @return\r\n * authorizationRequestTemplate that was set in KeycloakOptions\r\n */\r\n get authorizationRequestTemplate(): KeycloakAuthorization.AuthorizationRequest {\r\n return this._authorizationRequestTemplate;\r\n }\r\n\r\n /**\r\n * @return\r\n * resourceServerID that was set in KeycloakOptions\r\n */\r\n get resourceServerID(): string {\r\n return this._resourceServerID;\r\n }\r\n\r\n /**\r\n * @return\r\n * emitter which shoudl used to emit new RPT when it is obtained.\r\n */\r\n get RPTupdateEmitter(): Observer<string> {\r\n return this._RPTupdateEmitter;\r\n }\r\n\r\n /**\r\n * Observable that emits new RPT when it was updated by RPT interceptor.\r\n *\r\n * @returns\r\n * Observable that emits new RPT when it was updated by RPT interceptor\r\n */\r\n get RPTupdated(): Observable<string> {\r\n return this._RPTupdated$;\r\n }\r\n\r\n /**\r\n * Flag to indicate if the bearer will be added to the authorization header.\r\n *\r\n * @returns\r\n * Returns if the bearer interceptor was set to be disabled.\r\n */\r\n get enableBearerInterceptor(): boolean {\r\n return this._enableBearerInterceptor;\r\n }\r\n\r\n /**\r\n * Keycloak subject to monitor the events triggered by keycloak-js.\r\n * The following events as available (as described at keycloak docs -\r\n * https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-events):\r\n * - OnAuthError\r\n * - OnAuthLogout\r\n * - OnAuthRefreshError\r\n * - OnAuthRefreshSuccess\r\n * - OnAuthSuccess\r\n * - OnReady\r\n * - OnTokenExpire\r\n * In each occurrence of any of these, this subject will return the event type,\r\n * described at {@link KeycloakEventType} enum and the function args from the keycloak-js\r\n * if provided any.\r\n *\r\n * @returns\r\n * A subject with the {@link KeycloakEvent} which describes the event type and attaches the\r\n * function args.\r\n */\r\n get keycloakEvents$(): Subject<KeycloakEvent> {\r\n return this._keycloakEvents$;\r\n }\r\n}\r\n","/**\r\n * @license\r\n * Copyright Mauricio Gemelli Vigolo and contributors.\r\n *\r\n * Use of this source code is governed by a MIT-style license that can be\r\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/LICENSE\r\n */\r\n\r\nimport { Injectable } from '@angular/core';\r\nimport {\r\n HttpInterceptor,\r\n HttpRequest,\r\n HttpHandler,\r\n HttpEvent\r\n} from '@angular/common/http';\r\n\r\nimport { Observable } from 'rxjs';\r\nimport { mergeMap } from 'rxjs/operators';\r\n\r\nimport { KeycloakService } from '../services/keycloak.service';\r\nimport { ExcludedUrlRegex } from '../interfaces/keycloak-options';\r\n\r\n/**\r\n * This interceptor includes the bearer by default in all HttpClient requests.\r\n *\r\n * If you need to exclude some URLs from adding the bearer, please, take a look\r\n * at the {@link KeycloakOptions} bearerExcludedUrls property.\r\n */\r\n@Injectable()\r\nexport class KeycloakBearerInterceptor implements HttpInterceptor {\r\n constructor(private keycloak: KeycloakService) {}\r\n\r\n /**\r\n * Checks if the url is excluded from having the Bearer Authorization\r\n * header added.\r\n *\r\n * @param req http request from @angular http module.\r\n * @param excludedUrlRegex contains the url pattern and the http methods,\r\n * excluded from adding the bearer at the Http Request.\r\n */\r\n private isUrlExcluded(\r\n { method, url }: HttpRequest<any>,\r\n { urlPattern, httpMethods }: ExcludedUrlRegex\r\n ): boolean {\r\n const httpTest =\r\n httpMethods.length === 0 ||\r\n httpMethods.join().indexOf(method.toUpperCase()) > -1;\r\n\r\n const urlTest = urlPattern.test(url);\r\n\r\n return httpTest && urlTest;\r\n }\r\n\r\n /**\r\n * Intercept implementation that checks if the request url matches the excludedUrls.\r\n * If not, adds the Authorization header to the request.\r\n *\r\n * @param req\r\n * @param next\r\n */\r\n public intercept(\r\n req: HttpRequest<any>,\r\n next: HttpHandler\r\n ): Observable<HttpEvent<any>> {\r\n const { enableBearerInterceptor, bearerExcludedUrls } = this.keycloak;\r\n if (!enableBearerInterceptor) {\r\n return next.handle(req);\r\n }\r\n\r\n const shallPass: boolean =\r\n bearerExcludedUrls.findIndex(item => this.isUrlExcluded(req, item)) > -1;\r\n if (shallPass) {\r\n return next.handle(req);\r\n }\r\n\r\n return this.keycloak.addTokenToHeader(req.headers).pipe(\r\n mergeMap(headersWithBearer => {\r\n const kcReq = req.clone({ headers: headersWithBearer });\r\n return next.handle(kcReq);\r\n })\r\n );\r\n }\r\n}\r\n","/**\r\n * @license\r\n * Copyright Swisscom (Schweiz) AG and contributors.\r\n *\r\n * Use of this source code is governed by a MIT-style license that can be\r\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/LICENSE\r\n */\r\n\r\nimport { Injectable } from '@angular/core';\r\nimport {\r\n HttpInterceptor,\r\n HttpRequest,\r\n HttpHandler,\r\n HttpEvent,\r\n HttpHeaders,\r\n HttpErrorResponse\r\n} from '@angular/common/http';\r\n\r\nimport { Observable, from as fromPromise, Observer, of } from 'rxjs';\r\nimport { switchMap, catchError } from 'rxjs/operators';\r\n\r\nimport { ExcludedUrlRegex } from '../interfaces/keycloak-options';\r\nimport { KeycloakService } from '../services/keycloak.service';\r\n\r\n/**\r\n * This interceptor includes the bearer by default in all HttpClient requests.\r\n *\r\n * If you need to exclude some URLs from adding the bearer, please, take a look\r\n * at the {@link KeycloakOptions} bearerExcludedUrls property.\r\n */\r\n@Injectable()\r\nexport class KeycloakRptInterceptor implements HttpInterceptor {\r\n private excludedUrlsRegex: RegExp[];\r\n\r\n /**\r\n * KeycloakBearerInterceptor constructor.\r\n *\r\n * @param keycloak - Injected KeycloakService instance.\r\n */\r\n constructor(private keycloak: KeycloakService) {}\r\n\r\n private loadExcludedUrlsRegex() {\r\n const excludedUrls: string[] = this.keycloak.rptExcludedUrls;\r\n this.excludedUrlsRegex = excludedUrls.map(urlPattern => new RegExp(urlPattern, 'i')) || [];\r\n }\r\n\r\n /**\r\n * Intercept implementation that checks if the request url matches the excludedUrls.\r\n * If not, adds the Authorization header to the request.\r\n *\r\n * @param req\r\n * @param next\r\n */\r\n public intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {\r\n // If keycloak service is not initialized yet, or if authorization is not enabled or exclude URLs are not set\r\n if (!this.keycloak || !this.keycloak.isEnableRPTInterceptor || !this.keycloak.rptExcludedUrls) {\r\n return next.handle(req);\r\n }\r\n\r\n const urlRequest = req.url;\r\n if (!this.excludedUrlsRegex) {\r\n this.loadExcludedUrlsRegex();\r\n }\r\n\r\n const shallPass: boolean = !!this.excludedUrlsRegex.find(regex => regex.test(urlRequest));\r\n if (shallPass) {\r\n return next.handle(req);\r\n }\r\n\r\n let headersWithRPTorAccessToken$: Observable<HttpHeaders>;\r\n\r\n // requests which have not been excluded will get RPT added or if no RPT was obtained until now, then the Access token is added\r\n if (\r\n this.keycloak.isEnableRPTInterceptor &&\r\n this.keycloak.keycloakAuthorizationInstance &&\r\n this.keycloak.RPT\r\n ) {\r\n // if RPT already was loaded, then add RPT\r\n const headersWithRpt: HttpHeaders = this.keycloak.addRPTToHeader(req.headers);\r\n // make an observable out of headersWithRpt, this is just for convenience:\r\n // addTokenToHeader() returns observable but addRPTToHeader() is a simple function,\r\n // making result of addRPTToHeader() to an observable allows me to have the same flow\r\n // after this if-else regardless if RPT or access token was added to headers\r\n headersWithRPTorAccessToken$ = of(headersWithRpt);\r\n } else {\r\n // if there is no RPT yet, then add the access token\r\n headersWithRPTorAccessToken$ = this.keycloak.addTokenToHeader(req.headers);\r\n }\r\n\r\n return headersWithRPTorAccessToken$.pipe(\r\n switchMap(headersWithRPTorAccessToken => {\r\n // send out the request with added RPT or Access Token\r\n const kcReq = req.clone({ headers: headersWithRPTorAccessToken });\r\n return next.handle(kcReq);\r\n }),\r\n catchError((error, caught) => {\r\n // if error is with code 401 (Authorization error), the www-authenticate is present, and\r\n // resourceServerAuthorizationType is 'uma'\r\n // we can try to get valid RPT based on the authorization ticket which we received in the\r\n // response (it is inside www-authenticate response header)\r\n if (\r\n this.isAuthError(error) &&\r\n this.hasResponseWWWAuthenthicateHeader(error) &&\r\n this.keycloak.resourceServerAuthorizationType === 'uma'\r\n ) {\r\n // make sure that the access token is fresh, a valid access token is needed to obtain an RPT\r\n const updateTokenObservable = fromPromise(this.keycloak.updateToken(10));\r\n return updateTokenObservable.pipe(\r\n switchMap(wasRefreshed => {\r\n const wwwAuthenticateHeader = error.headers.get('www-authenticate');\r\n let ticket = null;\r\n\r\n // Handle Authorization Responses from a UMA-Protected Resource Server\r\n if (wwwAuthenticateHeader.indexOf('UMA') !== -1) {\r\n // extract ticket parameter from www-authenticate header\r\n const params = wwwAuthenticateHeader.split(',');\r\n for (let i = 0; i < params.length; i++) {\r\n const param = params[i].split('=');\r\n if (param[0] === 'ticket') {\r\n ticket = param[1].substring(1, param[1].length - 1).trim();\r\n }\r\n }\r\n }\r\n // if failed to extract the ticket string\r\n if (ticket == null) {\r\n return Observable.throw(error);\r\n }\r\n // construct authorization request\r\n const authorizationRequest: KeycloakAuthorization.AuthorizationRequest = {\r\n ...this.keycloak.authorizationRequestTemplate,\r\n ticket\r\n };\r\n return this.getNewRPT(authorizationRequest).pipe(\r\n catchError(e => {\r\n return Observable.throw(error);\r\n }),\r\n switchMap(rpt => {\r\n const headersWithRpt: HttpHeaders = this.keycloak.addRPTToHeader(req.headers);\r\n const kcReq: HttpRequest<any> = req.clone({ headers: headersWithRpt });\r\n return next.handle(kcReq);\r\n })\r\n );\r\n })\r\n );\r\n // when entitlement API is to be used try to get valid RPT\r\n } else if (this.keycloak.resourceServerAuthorizationType === 'entitlement') {\r\n // construct authorization request\r\n const authorizationRequest: KeycloakAuthorization.AuthorizationRequest = this.keycloak\r\n .authorizationRequestTemplate;\r\n return this.getNewRPT(authorizationRequest).pipe(\r\n catchError(e => {\r\n return Observable.throw(error);\r\n }),\r\n switchMap(rpt => {\r\n const headersWithRpt: HttpHeaders = this.keycloak.addRPTToHeader(req.headers);\r\n const kcReq: HttpRequest<any> = req.clone({ headers: headersWithRpt });\r\n return next.handle(kcReq);\r\n })\r\n );\r\n } else {\r\n return Observable.throw(error);\r\n }\r\n })\r\n );\r\n }\r\n\r\n /**\r\n * Wrapper for KeycloakAuhtorization.authrize() fucntion. Handles UMA and entitlement API authorization.\r\n *\r\n * @param req\r\n * @param next\r\n */\r\n private getNewRPT(\r\n authorizationRequest: KeycloakAuthorization.AuthorizationRequest\r\n ): Observable<string> {\r\n const authz = this.keycloak.keycloakAuthorizationInstance;\r\n\r\n return Observable.create(async (observer: Observer<any>) => {\r\n try {\r\n if (this.keycloak.resourceServerAuthorizationType === 'entitlement') {\r\n authz.entitlement(this.keycloak.resourceServerID, authorizationRequest).then(\r\n rpt => {\r\n this.keycloak.RPTupdateEmitter.next(rpt);\r\n observer.next(rpt);\r\n observer.complete();\r\n },\r\n () => {\r\n observer.error('Authorization request was denied by the server.');\r\n },\r\n () => {\r\n observer.error('Could not obtain authorization data from server.');\r\n }\r\n );\r\n } else {\r\n if (this.keycloak.resourceServerAuthorizationType === 'uma') {\r\n authz.authorize(authorizationRequest).then(\r\n rpt => {\r\n this.keycloak.RPTupdateEmitter.next(rpt);\r\n observer.next(rpt);\r\n observer.complete();\r\n },\r\n () => {\r\n observer.error('Authorization request was denied by the server.');\r\n },\r\n () => {\r\n observer.error('Could not obtain authorization data from server.');\r\n }\r\n );\r\n }\r\n }\r\n } catch (error) {\r\n observer.error(error);\r\n }\r\n });\r\n }\r\n\r\n private isAuthError(error: any): boolean {\r\n return error instanceof HttpErrorResponse && error.status === 401;\r\n }\r\n\r\n private hasResponseWWWAuthenthicateHeader(error: any): boolean {\r\n return error instanceof HttpErrorResponse && error.headers.has('www-authenticate');\r\n }\r\n\r\n private getAndApplyRPTToken(error: any): boolean {\r\n return error instanceof HttpErrorResponse && error.status === 401;\r\n }\r\n}\r\n","/**\r\n * @license\r\n * Copyright Mauricio Gemelli Vigolo and contributors.\r\n *\r\n * Use of this source code is governed by a MIT-style license that can be\r\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/LICENSE\r\n */\r\n\r\nimport { NgModule } from '@angular/core';\r\nimport { CommonModule } from '@angular/common';\r\nimport { HTTP_INTERCEPTORS } from '@angular/common/http';\r\n\r\nimport { KeycloakService } from './services/keycloak.service';\r\nimport { KeycloakBearerInterceptor } from './interceptors/keycloak-bearer.interceptor';\r\nimport { KeycloakRptInterceptor } from './interceptors/keycloak-rpt.interceptor';\r\n\r\n@NgModule({\r\n imports: [CommonModule],\r\n providers: [\r\n KeycloakService,\r\n {\r\n provide: HTTP_INTERCEPTORS,\r\n useClass: KeycloakBearerInterceptor,\r\n multi: true\r\n },\r\n {\r\n provide: HTTP_INTERCEPTORS,\r\n useClass: KeycloakRptInterceptor,\r\n multi: true\r\n }\r\n ]\r\n})\r\nexport class CoreModule {}\r\n","/**\r\n * @license\r\n * Copyright Mauricio Gemelli Vigolo and contributors.\r\n *\r\n * Use of this source code is governed by a MIT-style license that can be\r\n * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/LICENSE\r\n */\r\n\r\nimport { NgModule } from '@angular/core';\r\n\r\nimport { CoreModule } from './core/core.module';\r\n\r\n@NgModule({\r\n imports: [CoreModule]\r\n})\r\nexport class KeycloakAngularModule {}\r\n"]} |