angular-oauth2-oidc/oauth-service.d.ts

import { NgZone, OnDestroy } from '@angular/core';
import { HttpClient, HttpHeaders } from '@angular/common/http';
import { Observable, Subject, Subscription } from 'rxjs';
import { DateTimeProvider } from './date-time-provider';
import { ValidationHandler, ValidationParams } from './token-validation/validation-handler';
import { UrlHelperService } from './url-helper.service';
import { OAuthEvent, OAuthSuccessEvent } from './events';
import { OAuthLogger, OAuthStorage, LoginOptions, ParsedIdToken, OidcDiscoveryDoc, TokenResponse } from './types';
import { AuthConfig } from './auth.config';
import { HashHandler } from './token-validation/hash-handler';
import * as i0 from "@angular/core";
/**
 * Service for logging in and logging out with
 * OIDC and OAuth2. Supports implicit flow and
 * password flow.
 */
export declare class OAuthService extends AuthConfig implements OnDestroy {
    protected ngZone: NgZone;
    protected http: HttpClient;
    protected config: AuthConfig;
    protected urlHelper: UrlHelperService;
    protected logger: OAuthLogger;
    protected crypto: HashHandler;
    protected dateTimeService: DateTimeProvider;
    /**
     * The ValidationHandler used to validate received
     * id_tokens.
     */
    tokenValidationHandler: ValidationHandler;
    /**
     * @internal
     * Deprecated:  use property events instead
     */
    discoveryDocumentLoaded: boolean;
    /**
     * @internal
     * Deprecated:  use property events instead
     */
    discoveryDocumentLoaded$: Observable<OidcDiscoveryDoc>;
    /**
     * Informs about events, like token_received or token_expires.
     * See the string enum EventType for a full list of event types.
     */
    events: Observable<OAuthEvent>;
    /**
     * The received (passed around) state, when logging
     * in with implicit flow.
     */
    state?: string;
    protected eventsSubject: Subject<OAuthEvent>;
    protected discoveryDocumentLoadedSubject: Subject<OidcDiscoveryDoc>;
    protected silentRefreshPostMessageEventListener: EventListener;
    protected grantTypesSupported: Array<string>;
    protected _storage: OAuthStorage;
    protected accessTokenTimeoutSubscription: Subscription;
    protected idTokenTimeoutSubscription: Subscription;
    protected tokenReceivedSubscription: Subscription;
    protected automaticRefreshSubscription: Subscription;
    protected sessionCheckEventListener: EventListener;
    protected jwksUri: string;
    protected sessionCheckTimer: any;
    protected silentRefreshSubject: string;
    protected inImplicitFlow: boolean;
    protected saveNoncesInLocalStorage: boolean;
    private document;
    constructor(ngZone: NgZone, http: HttpClient, storage: OAuthStorage, tokenValidationHandler: ValidationHandler, config: AuthConfig, urlHelper: UrlHelperService, logger: OAuthLogger, crypto: HashHandler, document: Document, dateTimeService: DateTimeProvider);
    private checkLocalStorageAccessable;
    /**
     * Use this method to configure the service
     * @param config the configuration
     */
    configure(config: AuthConfig): void;
    protected configChanged(): void;
    restartSessionChecksIfStillLoggedIn(): void;
    protected restartRefreshTimerIfStillLoggedIn(): void;
    protected setupSessionCheck(): void;
    /**
     * Will setup up silent refreshing for when the token is
     * about to expire. When the user is logged out via this.logOut method, the
     * silent refreshing will pause and not refresh the tokens until the user is
     * logged back in via receiving a new token.
     * @param params Additional parameter to pass
     * @param listenTo Setup automatic refresh of a specific token type
     */
    setupAutomaticSilentRefresh(params?: object, listenTo?: 'access_token' | 'id_token' | 'any', noPrompt?: boolean): void;
    protected refreshInternal(params: any, noPrompt: any): Promise<TokenResponse | OAuthEvent>;
    /**
     * Convenience method that first calls `loadDiscoveryDocument(...)` and
     * directly chains using the `then(...)` part of the promise to call
     * the `tryLogin(...)` method.
     *
     * @param options LoginOptions to pass through to `tryLogin(...)`
     */
    loadDiscoveryDocumentAndTryLogin(options?: LoginOptions): Promise<boolean>;
    /**
     * Convenience method that first calls `loadDiscoveryDocumentAndTryLogin(...)`
     * and if then chains to `initLoginFlow()`, but only if there is no valid
     * IdToken or no valid AccessToken.
     *
     * @param options LoginOptions to pass through to `tryLogin(...)`
     */
    loadDiscoveryDocumentAndLogin(options?: LoginOptions & {
        state?: string;
    }): Promise<boolean>;
    protected debug(...args: any[]): void;
    protected validateUrlFromDiscoveryDocument(url: string): string[];
    protected validateUrlForHttps(url: string): boolean;
    protected assertUrlNotNullAndCorrectProtocol(url: string | undefined, description: string): void;
    protected validateUrlAgainstIssuer(url: string): boolean;
    protected setupRefreshTimer(): void;
    protected setupExpirationTimers(): void;
    protected setupAccessTokenTimer(): void;
    protected setupIdTokenTimer(): void;
    /**
     * Stops timers for automatic refresh.
     * To restart it, call setupAutomaticSilentRefresh again.
     */
    stopAutomaticRefresh(): void;
    protected clearAccessTokenTimer(): void;
    protected clearIdTokenTimer(): void;
    protected clearAutomaticRefreshTimer(): void;
    protected calcTimeout(storedAt: number, expiration: number): number;
    /**
     * DEPRECATED. Use a provider for OAuthStorage instead:
     *
     * { provide: OAuthStorage, useFactory: oAuthStorageFactory }
     * export function oAuthStorageFactory(): OAuthStorage { return localStorage; }
     * Sets a custom storage used to store the received
     * tokens on client side. By default, the browser's
     * sessionStorage is used.
     * @ignore
     *
     * @param storage
     */
    setStorage(storage: OAuthStorage): void;
    /**
     * Loads the discovery document to configure most
     * properties of this service. The url of the discovery
     * document is infered from the issuer's url according
     * to the OpenId Connect spec. To use another url you
     * can pass it to to optional parameter fullUrl.
     *
     * @param fullUrl
     */
    loadDiscoveryDocument(fullUrl?: string): Promise<OAuthSuccessEvent>;
    protected loadJwks(): Promise<object>;
    protected validateDiscoveryDocument(doc: OidcDiscoveryDoc): boolean;
    /**
     * Uses password flow to exchange userName and password for an
     * access_token. After receiving the access_token, this method
     * uses it to query the userinfo endpoint in order to get information
     * about the user in question.
     *
     * When using this, make sure that the property oidc is set to false.
     * Otherwise stricter validations take place that make this operation
     * fail.
     *
     * @param userName
     * @param password
     * @param headers Optional additional http-headers.
     */
    fetchTokenUsingPasswordFlowAndLoadUserProfile(userName: string, password: string, headers?: HttpHeaders): Promise<object>;
    /**
     * Loads the user profile by accessing the user info endpoint defined by OpenId Connect.
     *
     * When using this with OAuth2 password flow, make sure that the property oidc is set to false.
     * Otherwise stricter validations take place that make this operation fail.
     */
    loadUserProfile(): Promise<object>;
    /**
     * Uses password flow to exchange userName and password for an access_token.
     * @param userName
     * @param password
     * @param headers Optional additional http-headers.
     */
    fetchTokenUsingPasswordFlow(userName: string, password: string, headers?: HttpHeaders): Promise<TokenResponse>;
    /**
     * Uses a custom grant type to retrieve tokens.
     * @param grantType Grant type.
     * @param parameters Parameters to pass.
     * @param headers Optional additional HTTP headers.
     */
    fetchTokenUsingGrant(grantType: string, parameters: object, headers?: HttpHeaders): Promise<TokenResponse>;
    /**
     * Refreshes the token using a refresh_token.
     * This does not work for implicit flow, b/c
     * there is no refresh_token in this flow.
     * A solution for this is provided by the
     * method silentRefresh.
     */
    refreshToken(): Promise<TokenResponse>;
    protected removeSilentRefreshEventListener(): void;
    protected setupSilentRefreshEventListener(): void;
    /**
     * Performs a silent refresh for implicit flow.
     * Use this method to get new tokens when/before
     * the existing tokens expire.
     */
    silentRefresh(params?: object, noPrompt?: boolean): Promise<OAuthEvent>;
    /**
     * This method exists for backwards compatibility.
     * {@link OAuthService#initLoginFlowInPopup} handles both code
     * and implicit flows.
     */
    initImplicitFlowInPopup(options?: {
        height?: number;
        width?: number;
        windowRef?: Window;
    }): Promise<unknown>;
    initLoginFlowInPopup(options?: {
        height?: number;
        width?: number;
        windowRef?: Window;
    }): Promise<unknown>;
    protected calculatePopupFeatures(options: {
        height?: number;
        width?: number;
    }): string;
    protected processMessageEventMessage(e: MessageEvent): string;
    protected canPerformSessionCheck(): boolean;
    protected setupSessionCheckEventListener(): void;
    protected handleSessionUnchanged(): void;
    protected handleSessionChange(): void;
    protected waitForSilentRefreshAfterSessionChange(): void;
    protected handleSessionError(): void;
    protected removeSessionCheckEventListener(): void;
    protected initSessionCheck(): void;
    protected startSessionCheckTimer(): void;
    protected stopSessionCheckTimer(): void;
    checkSession(): void;
    protected createLoginUrl(state?: string, loginHint?: string, customRedirectUri?: string, noPrompt?: boolean, params?: object): Promise<string>;
    initImplicitFlowInternal(additionalState?: string, params?: string | object): void;
    /**
     * Starts the implicit flow and redirects to user to
     * the auth servers' login url.
     *
     * @param additionalState Optional state that is passed around.
     *  You'll find this state in the property `state` after `tryLogin` logged in the user.
     * @param params Hash with additional parameter. If it is a string, it is used for the
     *               parameter loginHint (for the sake of compatibility with former versions)
     */
    initImplicitFlow(additionalState?: string, params?: string | object): void;
    /**
     * Reset current implicit flow
     *
     * @description This method allows resetting the current implict flow in order to be initialized again.
     */
    resetImplicitFlow(): void;
    protected callOnTokenReceivedIfExists(options: LoginOptions): void;
    protected storeAccessTokenResponse(accessToken: string, refreshToken: string, expiresIn: number, grantedScopes: string, customParameters?: Map<string, string>): void;
    /**
     * Delegates to tryLoginImplicitFlow for the sake of competability
     * @param options Optional options.
     */
    tryLogin(options?: LoginOptions): Promise<boolean>;
    private parseQueryString;
    tryLoginCodeFlow(options?: LoginOptions): Promise<void>;
    private saveRequestedRoute;
    private restoreRequestedRoute;
    /**
     * Retrieve the returned auth code from the redirect uri that has been called.
     * If required also check hash, as we could use hash location strategy.
     */
    private getCodePartsFromUrl;
    /**
     * Get token using an intermediate code. Works for the Authorization Code flow.
     */
    private getTokenFromCode;
    private fetchAndProcessToken;
    /**
     * Checks whether there are tokens in the hash fragment
     * as a result of the implicit flow. These tokens are
     * parsed, validated and used to sign the user in to the
     * current client.
     *
     * @param options Optional options.
     */
    tryLoginImplicitFlow(options?: LoginOptions): Promise<boolean>;
    private parseState;
    protected validateNonce(nonceInState: string): boolean;
    protected storeIdToken(idToken: ParsedIdToken): void;
    protected storeSessionState(sessionState: string): void;
    protected getSessionState(): string;
    protected handleLoginError(options: LoginOptions, parts: object): void;
    private getClockSkewInMsec;
    /**
     * @ignore
     */
    processIdToken(idToken: string, accessToken: string, skipNonceCheck?: boolean): Promise<ParsedIdToken>;
    /**
     * Returns the received claims about the user.
     */
    getIdentityClaims(): Record<string, any>;
    /**
     * Returns the granted scopes from the server.
     */
    getGrantedScopes(): object;
    /**
     * Returns the current id_token.
     */
    getIdToken(): string;
    protected padBase64(base64data: any): string;
    /**
     * Returns the current access_token.
     */
    getAccessToken(): string;
    getRefreshToken(): string;
    /**
     * Returns the expiration date of the access_token
     * as milliseconds since 1970.
     */
    getAccessTokenExpiration(): number;
    protected getAccessTokenStoredAt(): number;
    protected getIdTokenStoredAt(): number;
    /**
     * Returns the expiration date of the id_token
     * as milliseconds since 1970.
     */
    getIdTokenExpiration(): number;
    /**
     * Checkes, whether there is a valid access_token.
     */
    hasValidAccessToken(): boolean;
    /**
     * Checks whether there is a valid id_token.
     */
    hasValidIdToken(): boolean;
    /**
     * Retrieve a saved custom property of the TokenReponse object. Only if predefined in authconfig.
     */
    getCustomTokenResponseProperty(requestedProperty: string): any;
    /**
     * Returns the auth-header that can be used
     * to transmit the access_token to a service
     */
    authorizationHeader(): string;
    /**
     * Removes all tokens and logs the user out.
     * If a logout url is configured, the user is
     * redirected to it with optional state parameter.
     * @param noRedirectToLogoutUrl
     * @param state
     */
    logOut(): void;
    logOut(customParameters: boolean | object): void;
    logOut(noRedirectToLogoutUrl: boolean): void;
    logOut(noRedirectToLogoutUrl: boolean, state: string): void;
    /**
     * @ignore
     */
    createAndSaveNonce(): Promise<string>;
    /**
     * @ignore
     */
    ngOnDestroy(): void;
    protected createNonce(): Promise<string>;
    protected checkAtHash(params: ValidationParams): Promise<boolean>;
    protected checkSignature(params: ValidationParams): Promise<any>;
    /**
     * Start the implicit flow or the code flow,
     * depending on your configuration.
     */
    initLoginFlow(additionalState?: string, params?: {}): void;
    /**
     * Starts the authorization code flow and redirects to user to
     * the auth servers login url.
     */
    initCodeFlow(additionalState?: string, params?: {}): void;
    private initCodeFlowInternal;
    protected createChallangeVerifierPairForPKCE(): Promise<[
        string,
        string
    ]>;
    private extractRecognizedCustomParameters;
    /**
     * Revokes the auth token to secure the vulnarability
     * of the token issued allowing the authorization server to clean
     * up any security credentials associated with the authorization
     */
    revokeTokenAndLogout(customParameters?: boolean | object, ignoreCorsIssues?: boolean): Promise<any>;
    /**
     * Clear location.hash if it's present
     */
    private clearLocationHash;
    static ɵfac: i0.ɵɵFactoryDeclaration<OAuthService, [null, null, { optional: true; }, { optional: true; }, { optional: true; }, null, null, { optional: true; }, null, null]>;
    static ɵprov: i0.ɵɵInjectableDeclaration<OAuthService>;
}