angular-auth-oidc-client

import * as i0 from '@angular/core'; import { Provider, ModuleWithProviders, EnvironmentProviders } from '@angular/core'; import * as i1 from '@angular/common'; import { ActivatedRouteSnapshot, RouterStateSnapshot, UrlTree } from '@angular/router'; import { Observable } from 'rxjs'; import { HttpInterceptor, HttpRequest, HttpHandler, HttpEvent, HttpInterceptorFn } from '@angular/common/http'; declare enum LogLevel { None = 0, Debug = 1, Warn = 2, Error = 3 } interface AuthWellKnownEndpoints { issuer?: string; jwksUri?: string; authorizationEndpoint?: string; tokenEndpoint?: string; userInfoEndpoint?: string; endSessionEndpoint?: string; checkSessionIframe?: string; revocationEndpoint?: string; introspectionEndpoint?: string; parEndpoint?: string; } interface OpenIdConfiguration { /** * To identify a configuration the `configId` parameter was introduced. * If you do not explicitly set this value, the library will generate * and assign the value for you. If set, the configured value is used. * The value is optional. */ configId?: string; /** * The url to the Security Token Service (STS). The authority issues tokens. * This field is required. */ authority?: string; /** Override the default Security Token Service wellknown endpoint postfix. */ authWellknownEndpointUrl?: string; authWellknownEndpoints?: AuthWellKnownEndpoints; /** * Override the default Security Token Service wellknown endpoint postfix. * * @default /.well-known/openid-configuration */ authWellknownUrlSuffix?: string; /** The redirect URL defined on the Security Token Service. */ redirectUrl?: string; /** * Whether to check if current URL matches the redirect URI when determining * if current URL is in fact the redirect URI. * Default: true */ checkRedirectUrlWhenCheckingIfIsCallback?: boolean; /** * The Client MUST validate that the aud (audience) Claim contains its `client_id` value * registered at the Issuer identified by the iss (issuer) Claim as an audience. * The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, * or if it contains additional audiences not trusted by the Client. */ clientId?: string; /** * `code`, `id_token token` or `id_token`. * Name of the flow which can be configured. * You must use the `id_token token` flow, if you want to access an API * or get user data from the server. The `access_token` is required for this, * and only returned with this flow. */ responseType?: string; /** * List of scopes which are requested from the server from this client. * This must match the Security Token Service configuration for the client you use. * The `openid` scope is required. The `offline_access` scope can be requested when using refresh tokens * but this is optional and some Security Token Service do not support this or recommend not requesting this even when using * refresh tokens in the browser. */ scope?: string; /** * Optional hd parameter for Google Auth with particular G Suite domain, * see https://developers.google.com/identity/protocols/OpenIDConnect#hd-param */ hdParam?: string; /** URL to redirect to after a server logout if using the end session API. */ postLogoutRedirectUri?: string; /** Starts the OpenID session management for this client. */ startCheckSession?: boolean; /** Renews the client tokens, once the id_token expires. Can use iframes or refresh tokens. */ silentRenew?: boolean; /** An optional URL to handle silent renew callbacks */ silentRenewUrl?: string; /** * Sets the maximum waiting time for silent renew process. If this time is exceeded, the silent renew state will * be reset. Default = 20. * */ silentRenewTimeoutInSeconds?: number; /** * Makes it possible to add an offset to the silent renew check in seconds. * By entering a value, you can renew the tokens before the tokens expire. */ renewTimeBeforeTokenExpiresInSeconds?: number; /** * Allows for a custom domain to be used with Auth0. * With this flag set the 'authority' does not have to end with * 'auth0.com' to trigger the auth0 special handling of logouts. */ useCustomAuth0Domain?: boolean; /** * When set to true, refresh tokens are used to renew the user session. * When set to false, standard silent renew is used. * Default value is false. */ useRefreshToken?: boolean; /** * Activates Pushed Authorisation Requests for login and popup login. * Not compatible with iframe renew. */ usePushedAuthorisationRequests?: boolean; /** * A token obtained by using a refresh token normally doesn't contain a nonce value. * The library checks it is not there. However, some OIDC endpoint implementations do send one. * Setting `ignoreNonceAfterRefresh` to `true` disables the check if a nonce is present. * Please note that the nonce value, if present, will not be verified. Default is `false`. */ ignoreNonceAfterRefresh?: boolean; /** * The default Angular route which is used after a successful login, if not using the * `triggerAuthorizationResultEvent` */ postLoginRoute?: string; /** Route to redirect to if the server returns a 403 error. This has to be an Angular route. HTTP 403. */ forbiddenRoute?: string; /** Route to redirect to if the server returns a 401 error. This has to be an Angular route. HTTP 401. */ unauthorizedRoute?: string; /** When set to true, the library automatically gets user info after authentication */ autoUserInfo?: boolean; /** When set to true, the library automatically gets user info after token renew */ renewUserInfoAfterTokenRenew?: boolean; /** Used for custom state logic handling. The state is not automatically reset when set to false */ autoCleanStateAfterAuthentication?: boolean; /** * This can be set to true which emits an event instead of an Angular route change. * Instead of forcing the application consuming this library to automatically redirect to one of the 3 * hard-configured routes (start, unauthorized, forbidden), this modification will add an extra * configuration option to override such behavior and trigger an event that will allow to subscribe to * it and let the application perform other actions. This would be useful to allow the application to * save an initial return URL so that the user is redirected to it after a successful login on the Security Token Service * (i.e. saving the return URL previously on sessionStorage and then retrieving it during the triggering of the event). */ triggerAuthorizationResultEvent?: boolean; /** 0, 1, 2 can be used to set the log level displayed in the console. */ logLevel?: LogLevel; /** Make it possible to turn off the iss validation per configuration. **You should not turn this off!** */ issValidationOff?: boolean; /** Skip validation of issuer against well-known url */ strictIssuerValidationOnWellKnownRetrievalOff?: boolean; /** * If this is active, the history is not cleaned up on an authorize callback. * This can be used when the application needs to preserve the history. */ historyCleanupOff?: boolean; /** * Amount of offset allowed between the server creating the token and the client app receiving the id_token. * The diff in time between the server time and client time is also important in validating this value. * All times are in UTC. */ maxIdTokenIatOffsetAllowedInSeconds?: number; /** * This allows the application to disable the iat offset validation check. * The iat Claim can be used to reject tokens that were issued too far away from the current time, * limiting the amount of time that nonces need to be stored to prevent attacks. * The acceptable range is client specific. */ disableIatOffsetValidation?: boolean; /** Extra parameters to add to the authorization URL request */ customParamsAuthRequest?: { [key: string]: string | number | boolean; }; /** Extra parameters to add to the refresh token request body */ customParamsRefreshTokenRequest?: { [key: string]: string | number | boolean; }; /** Extra parameters to add to the authorization EndSession request */ customParamsEndSessionRequest?: { [key: string]: string | number | boolean; }; /** Extra parameters to add to the token URL request */ customParamsCodeRequest?: { [key: string]: string | number | boolean; }; /** Disables the auth_time validation for id_tokens in a refresh due to Azure's incorrect implementation. */ disableRefreshIdTokenAuthTimeValidation?: boolean; /** * Enables the id_token validation, default value is `true`. * You can disable this validation if you like to ignore the expired value in the renew process or not check this in the expiry check. Only the access token is used to trigger a renew. * If no id_token is returned in using refresh tokens, set this to `false`. */ triggerRefreshWhenIdTokenExpired?: boolean; /** Controls the periodic check time interval in sections. * Default value is 3. */ tokenRefreshInSeconds?: number; /** * Array of secure URLs on which the token should be sent if the interceptor is added to the `HTTP_INTERCEPTORS`. */ secureRoutes?: string[]; /** * Controls the periodic retry time interval for retrieving new tokens in seconds. * `silentRenewTimeoutInSeconds` and `tokenRefreshInSeconds` are upper bounds for this value. * Default value is 3 */ refreshTokenRetryInSeconds?: number; /** Adds the ngsw-bypass param to all requests */ ngswBypass?: boolean; /** Allow refresh token reuse (refresh without rotation), default value is false. * The refresh token rotation is optional (rfc6749) but is more safe and hence encouraged. */ allowUnsafeReuseRefreshToken?: boolean; /** Disable validation for id_token * This is not recommended! You should always validate the id_token if returned. */ disableIdTokenValidation?: boolean; /** Disables PKCE support. * Authorize request will be sent without code challenge. */ disablePkce?: boolean; /** * Disable cleaning up the popup when receiving invalid messages */ disableCleaningPopupOnInvalidMessage?: boolean; } declare class OpenIdConfigLoader { loader?: Provider; } declare abstract class StsConfigLoader { abstract loadConfigs(): Observable<OpenIdConfiguration[]>; } declare class StsConfigStaticLoader implements StsConfigLoader { private readonly passedConfigs; constructor(passedConfigs: OpenIdConfiguration | OpenIdConfiguration[]); loadConfigs(): Observable<OpenIdConfiguration[]>; } declare class StsConfigHttpLoader implements StsConfigLoader { private readonly configs$; constructor(configs$: Observable<OpenIdConfiguration> | Observable<OpenIdConfiguration>[] | Observable<OpenIdConfiguration[]>); loadConfigs(): Observable<OpenIdConfiguration[]>; } interface PassedInitialConfig { config?: OpenIdConfiguration | OpenIdConfiguration[]; loader?: Provider; } interface AuthOptions { customParams?: { [key: string]: string | number | boolean; }; urlHandler?(url: string): void; /** overrides redirectUrl from configuration */ redirectUrl?: string; } interface LogoutAuthOptions { customParams?: { [key: string]: string | number | boolean; }; urlHandler?(url: string): void; logoffMethod?: 'GET' | 'POST'; } interface AuthenticatedResult { isAuthenticated: boolean; allConfigsAuthenticated: ConfigAuthenticatedResult[]; } interface ConfigAuthenticatedResult { configId: string; isAuthenticated: boolean; } declare enum ValidationResult { NotSet = "NotSet", StatesDoNotMatch = "StatesDoNotMatch", SignatureFailed = "SignatureFailed", IncorrectNonce = "IncorrectNonce", RequiredPropertyMissing = "RequiredPropertyMissing", MaxOffsetExpired = "MaxOffsetExpired", IssDoesNotMatchIssuer = "IssDoesNotMatchIssuer", NoAuthWellKnownEndPoints = "NoAuthWellKnownEndPoints", IncorrectAud = "IncorrectAud", IncorrectIdTokenClaimsAfterRefresh = "IncorrectIdTokenClaimsAfterRefresh", IncorrectAzp = "IncorrectAzp", TokenExpired = "TokenExpired", IncorrectAtHash = "IncorrectAtHash", Ok = "Ok", LoginRequired = "LoginRequired", SecureTokenServerError = "SecureTokenServerError" } interface AuthStateResult { isAuthenticated: boolean; validationResult: ValidationResult; isRenewProcess: boolean; configId?: string; } declare class AuthModule { static forRoot(passedConfig: PassedInitialConfig): ModuleWithProviders<AuthModule>; static ɵfac: i0.ɵɵFactoryDeclaration<AuthModule, never>; static ɵmod: i0.ɵɵNgModuleDeclaration<AuthModule, never, [typeof i1.CommonModule], never>; static ɵinj: i0.ɵɵInjectorDeclaration<AuthModule>; } /** * @deprecated Please do not use the `AutoLoginAllRoutesGuard` anymore as it is not recommended anymore, deprecated and will be removed in future versions of this library. More information [Why is AutoLoginAllRoutesGuard not recommended?](https://github.com/damienbod/angular-auth-oidc-client/issues/1549) */ declare class AutoLoginAllRoutesGuard { private readonly autoLoginService; private readonly checkAuthService; private readonly loginService; private readonly configurationService; private readonly router; canLoad(): Observable<boolean>; canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean | UrlTree>; canActivateChild(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean | UrlTree>; static ɵfac: i0.ɵɵFactoryDeclaration<AutoLoginAllRoutesGuard, never>; static ɵprov: i0.ɵɵInjectableDeclaration<AutoLoginAllRoutesGuard>; } declare class AutoLoginPartialRoutesGuard { private readonly autoLoginService; private readonly authStateService; private readonly loginService; private readonly configurationService; private readonly router; canLoad(): Observable<boolean>; canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean>; canActivateChild(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean>; static ɵfac: i0.ɵɵFactoryDeclaration<AutoLoginPartialRoutesGuard, never>; static ɵprov: i0.ɵɵInjectableDeclaration<AutoLoginPartialRoutesGuard>; } declare function autoLoginPartialRoutesGuard(route?: ActivatedRouteSnapshot, state?: RouterStateSnapshot, configId?: string): Observable<boolean>; declare function autoLoginPartialRoutesGuardWithConfig(configId: string): (route?: ActivatedRouteSnapshot, state?: RouterStateSnapshot) => Observable<boolean>; declare class ConfigurationService { private configsInternal; private readonly loggerService; private readonly publicEventsService; private readonly storagePersistenceService; private readonly platformProvider; private readonly authWellKnownService; private readonly loader; private readonly configValidationService; hasManyConfigs(): boolean; getAllConfigurations(): OpenIdConfiguration[]; getOpenIDConfiguration(configId?: string): Observable<OpenIdConfiguration | null>; getOpenIDConfigurations(configId?: string): Observable<{ allConfigs: OpenIdConfiguration[]; currentConfig: OpenIdConfiguration | null; }>; hasAtLeastOneConfig(): boolean; private saveConfig; private loadConfigs; private configsAlreadySaved; private getConfig; private prepareAndSaveConfigs; private createUniqueIds; private handleConfig; private enhanceConfigWithWellKnownEndpoint; private prepareConfig; private setSpecialCases; static ɵfac: i0.ɵɵFactoryDeclaration<ConfigurationService, never>; static ɵprov: i0.ɵɵInjectableDeclaration<ConfigurationService>; } interface JwtKeys { keys: JwtKey[]; } interface JwtKey { kty: string; use: string; kid: string; x5t: string; e: string; n: string; x5c: any[]; } declare class StateValidationResult { accessToken: string; idToken: string; authResponseIsValid: boolean; decodedIdToken: any; state: ValidationResult; constructor(accessToken?: string, idToken?: string, authResponseIsValid?: boolean, decodedIdToken?: any, state?: ValidationResult); } interface AuthResult { id_token?: string; access_token?: string; refresh_token?: string; error?: any; session_state?: any; state?: any; scope?: string; expires_in?: number; token_type?: string; } declare class AuthInterceptor implements HttpInterceptor { private readonly authStateService; private readonly configurationService; private readonly loggerService; private readonly closestMatchingRouteService; intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>>; static ɵfac: i0.ɵɵFactoryDeclaration<AuthInterceptor, never>; static ɵprov: i0.ɵɵInjectableDeclaration<AuthInterceptor>; } declare function authInterceptor(): HttpInterceptorFn; /** * Implement this class-interface to create a custom logger service. */ declare abstract class AbstractLoggerService { abstract logError(message: string | object, ...args: any[]): void; abstract logWarning(message: string | object, ...args: any[]): void; abstract logDebug(message: string | object, ...args: any[]): void; static ɵfac: i0.ɵɵFactoryDeclaration<AbstractLoggerService, never>; static ɵprov: i0.ɵɵInjectableDeclaration<AbstractLoggerService>; } interface LoginResponse { isAuthenticated: boolean; userData: any; accessToken: string; idToken: string; configId?: string; errorMessage?: string; } interface PopupOptions { width?: number; height?: number; left?: number; top?: number; } interface PopupResult { userClosed: boolean; receivedUrl: string; } declare class PopUpService { private popUp; private handle; private readonly loggerService; private readonly storagePersistenceService; private readonly document; private readonly STORAGE_IDENTIFIER; private readonly resultInternal$; get result$(): Observable<PopupResult>; private get windowInternal(); isCurrentlyInPopup(config: OpenIdConfiguration): boolean; openPopUp(url: string | null, popupOptions: PopupOptions | undefined, config: OpenIdConfiguration): void; sendMessageToMainWindow(url: string, config: OpenIdConfiguration): void; private cleanUp; private sendMessage; private getOptions; private canAccessSessionStorage; static ɵfac: i0.ɵɵFactoryDeclaration<PopUpService, never>; static ɵprov: i0.ɵɵInjectableDeclaration<PopUpService>; } interface UserDataResult { userData: any; allUserData: ConfigUserDataResult[]; } interface ConfigUserDataResult { configId: string; userData: any; } declare class OidcSecurityService { private readonly checkSessionService; private readonly checkAuthService; private readonly userService; private readonly tokenHelperService; private readonly configurationService; private readonly authStateService; private readonly flowsDataService; private readonly callbackService; private readonly logoffRevocationService; private readonly loginService; private readonly refreshSessionService; private readonly urlService; private readonly authWellKnownService; /** * Provides information about the user after they have logged in. * * @returns Returns an object containing either the user data directly (single config) or * the user data per config in case you are running with multiple configs */ get userData$(): Observable<UserDataResult>; /** * Provides information about the user after they have logged in. * * @returns Returns an object containing either the user data directly (single config) or * the user data per config in case you are running with multiple configs */ userData: i0.Signal<UserDataResult>; /** * Emits each time an authorization event occurs. * * @returns Returns an object containing if you are authenticated or not. * Single Config: true if config is authenticated, false if not. * Multiple Configs: true is all configs are authenticated, false if only one of them is not * * The `allConfigsAuthenticated` property contains the auth information _per config_. */ get isAuthenticated$(): Observable<AuthenticatedResult>; /** * Emits each time an authorization event occurs. * * @returns Returns an object containing if you are authenticated or not. * Single Config: true if config is authenticated, false if not. * Multiple Configs: true is all configs are authenticated, false if only one of them is not * * The `allConfigsAuthenticated` property contains the auth information _per config_. */ authenticated: i0.Signal<AuthenticatedResult>; /** * Emits each time the server sends a CheckSession event and the value changed. This property will always return * true. */ get checkSessionChanged$(): Observable<boolean>; /** * Emits on a Security Token Service callback. The observable will never contain a value. */ get stsCallback$(): Observable<void>; preloadAuthWellKnownDocument(configId?: string): Observable<AuthWellKnownEndpoints>; /** * Returns the currently active OpenID configurations. * * @returns an array of OpenIdConfigurations. */ getConfigurations(): OpenIdConfiguration[]; /** * Returns a single active OpenIdConfiguration. * * @param configId The configId to identify the config. If not passed, the first one is being returned */ getConfiguration(configId?: string): Observable<OpenIdConfiguration | null>; /** * Returns the userData for a configuration * * @param configId The configId to identify the config. If not passed, the first one is being used */ getUserData(configId?: string): Observable<any>; /** * Starts the complete setup flow for one configuration. Calling will start the entire authentication flow, and the returned observable * will denote whether the user was successfully authenticated including the user data, the access token, the configId and * an error message in case an error happened * * @param url The URL to perform the authorization on the behalf of. * @param configId The configId to perform the authorization on the behalf of. If not passed, the first configs will be taken * * @returns An object `LoginResponse` containing all information about the login */ checkAuth(url?: string, configId?: string): Observable<LoginResponse>; /** * Starts the complete setup flow for multiple configurations. * Calling will start the entire authentication flow, and the returned observable * will denote whether the user was successfully authenticated including the user data, the access token, the configId and * an error message in case an error happened in an array for each config which was provided * * @param url The URL to perform the authorization on the behalf of. * * @returns An array of `LoginResponse` objects containing all information about the logins */ checkAuthMultiple(url?: string): Observable<LoginResponse[]>; /** * Provides information about the current authenticated state * * @param configId The configId to check the information for. If not passed, the first configs will be taken * * @returns A boolean whether the config is authenticated or not. */ isAuthenticated(configId?: string): Observable<boolean>; /** * Checks the server for an authenticated session using the iframe silent renew if not locally authenticated. */ checkAuthIncludingServer(configId?: string): Observable<LoginResponse>; /** * Returns the access token for the login scenario. * * @param configId The configId to check the information for. If not passed, the first configs will be taken * * @returns A string with the access token. */ getAccessToken(configId?: string): Observable<string>; /** * Returns the ID token for the sign-in. * * @param configId The configId to check the information for. If not passed, the first configs will be taken * * @returns A string with the id token. */ getIdToken(configId?: string): Observable<string>; /** * Returns the refresh token, if present, for the sign-in. * * @param configId The configId to check the information for. If not passed, the first configs will be taken * * @returns A string with the refresh token. */ getRefreshToken(configId?: string): Observable<string>; /** * Returns the authentication result, if present, for the sign-in. * * @param configId The configId to check the information for. If not passed, the first configs will be taken * * @returns A object with the authentication result */ getAuthenticationResult(configId?: string): Observable<AuthResult | null>; /** * Returns the payload from the ID token. * * @param encode Set to true if the payload is base64 encoded * @param configId The configId to check the information for. If not passed, the first configs will be taken * * @returns The payload from the id token. */ getPayloadFromIdToken(encode?: boolean, configId?: string): Observable<any>; /** * Returns the payload from the access token. * * @param encode Set to true if the payload is base64 encoded * @param configId The configId to check the information for. If not passed, the first configs will be taken * * @returns The payload from the access token. */ getPayloadFromAccessToken(encode?: boolean, configId?: string): Observable<any>; /** * Sets a custom state for the authorize request. * * @param state The state to set. * @param configId The configId to check the information for. If not passed, the first configs will be taken */ setState(state: string, configId?: string): Observable<boolean>; /** * Gets the state value used for the authorize request. * * @param configId The configId to check the information for. If not passed, the first configs will be taken * * @returns The state value used for the authorize request. */ getState(configId?: string): Observable<string>; /** * Redirects the user to the Security Token Service to begin the authentication process. * * @param configId The configId to perform the action in behalf of. If not passed, the first configs will be taken * @param authOptions The custom options for the the authentication request. */ authorize(configId?: string, authOptions?: AuthOptions): void; /** * Opens the Security Token Service in a new window to begin the authentication process. * * @param authOptions The custom options for the authentication request. * @param popupOptions The configuration for the popup window. * @param configId The configId to perform the action in behalf of. If not passed, the first configs will be taken * * @returns An `Observable<LoginResponse>` containing all information about the login */ authorizeWithPopUp(authOptions?: AuthOptions, popupOptions?: PopupOptions, configId?: string): Observable<LoginResponse>; /** * Manually refreshes the session. * * @param customParams Custom parameters to pass to the refresh request. * @param configId The configId to perform the action in behalf of. If not passed, the first configs will be taken * * @returns An `Observable<LoginResponse>` containing all information about the login */ forceRefreshSession(customParams?: { [key: string]: string | number | boolean; }, configId?: string): Observable<LoginResponse>; /** * Revokes the refresh token (if present) and the access token on the server and then performs the logoff operation. * The refresh token and and the access token are revoked on the server. If the refresh token does not exist * only the access token is revoked. Then the logout run. * * @param configId The configId to perform the action in behalf of. If not passed, the first configs will be taken * @param logoutAuthOptions The custom options for the request. * * @returns An observable when the action is finished */ logoffAndRevokeTokens(configId?: string, logoutAuthOptions?: LogoutAuthOptions): Observable<any>; /** * Logs out on the server and the local client. If the server state has changed, confirmed via check session, * then only a local logout is performed. * * @param configId The configId to perform the action in behalf of. If not passed, the first configs will be taken * @param logoutAuthOptions with custom parameters and/or an custom url handler */ logoff(configId?: string, logoutAuthOptions?: LogoutAuthOptions): Observable<unknown>; /** * Logs the user out of the application without logging them out of the server. * Use this method if you have _one_ config enabled. * * @param configId The configId to perform the action in behalf of. If not passed, the first configs will be taken */ logoffLocal(configId?: string): void; /** * Logs the user out of the application for all configs without logging them out of the server. * Use this method if you have _multiple_ configs enabled. */ logoffLocalMultiple(): void; /** * Revokes an access token on the Security Token Service. This is only required in the code flow with refresh tokens. If no token is * provided, then the token from the storage is revoked. You can pass any token to revoke. * https://tools.ietf.org/html/rfc7009 * * @param accessToken The access token to revoke. * @param configId The configId to perform the action in behalf of. If not passed, the first configs will be taken * * @returns An observable when the action is finished */ revokeAccessToken(accessToken?: any, configId?: string): Observable<any>; /** * Revokes a refresh token on the Security Token Service. This is only required in the code flow with refresh tokens. If no token is * provided, then the token from the storage is revoked. You can pass any token to revoke. * https://tools.ietf.org/html/rfc7009 * * @param refreshToken The access token to revoke. * @param configId The configId to perform the action in behalf of. If not passed, the first configs will be taken * * @returns An observable when the action is finished */ revokeRefreshToken(refreshToken?: any, configId?: string): Observable<any>; /** * Creates the end session URL which can be used to implement an alternate server logout. * * @param customParams * @param configId The configId to perform the action in behalf of. If not passed, the first configs will be taken * * @returns A string with the end session url or null */ getEndSessionUrl(customParams?: { [p: string]: string | number | boolean; }, configId?: string): Observable<string | null>; /** * Creates the authorize URL based on your flow * * @param customParams * @param configId The configId to perform the action in behalf of. If not passed, the first configs will be taken * * @returns A string with the authorize URL or null */ getAuthorizeUrl(customParams?: { [p: string]: string | number | boolean; }, configId?: string): Observable<string | null>; static ɵfac: i0.ɵɵFactoryDeclaration<OidcSecurityService, never>; static ɵprov: i0.ɵɵInjectableDeclaration<OidcSecurityService>; } /** * A feature to be used with `provideAuth`. */ interface AuthFeature { ɵproviders: Provider[]; } declare function provideAuth(passedConfig: PassedInitialConfig, ...features: AuthFeature[]): EnvironmentProviders; declare function _provideAuth(passedConfig: PassedInitialConfig): Provider[]; /** * Configures an app initializer, which is called before the app starts, and * resolves any OAuth callback variables. * When used, it replaces the need to manually call * `OidcSecurityService.checkAuth(...)` or * `OidcSecurityService.checkAuthMultiple(...)`. * * @see https://angular.dev/api/core/APP_INITIALIZER */ declare function withAppInitializerAuthCheck(): AuthFeature; declare enum EventTypes { /** * This only works in the AppModule Constructor */ ConfigLoaded = 0, CheckingAuth = 1, CheckingAuthFinished = 2, CheckingAuthFinishedWithError = 3, ConfigLoadingFailed = 4, CheckSessionReceived = 5, UserDataChanged = 6, NewAuthenticationResult = 7, TokenExpired = 8, IdTokenExpired = 9, SilentRenewStarted = 10, SilentRenewFailed = 11 } interface OidcClientNotification<T> { type: EventTypes; value?: T; } declare class PublicEventsService { private readonly notify; /** * Fires a new event. * * @param type The event type. * @param value The event value. */ fireEvent<T>(type: EventTypes, value?: T): void; /** * Wires up the event notification observable. */ registerForEvents(): Observable<OidcClientNotification<any>>; static ɵfac: i0.ɵɵFactoryDeclaration<PublicEventsService, never>; static ɵprov: i0.ɵɵInjectableDeclaration<PublicEventsService>; } /** * Implement this class-interface to create a custom storage. */ declare abstract class AbstractSecurityStorage { /** * This method must contain the logic to read the storage. * * @return The value of the given key */ abstract read(key: string): string | null; /** * This method must contain the logic to write the storage. * * @param key The key to write a value for * @param value The value for the given key */ abstract write(key: string, value: string): void; /** * This method must contain the logic to remove an item from the storage. * * @param key The value for the key to be removed */ abstract remove(key: string): void; /** * This method must contain the logic to remove all items from the storage. */ abstract clear(): void; static ɵfac: i0.ɵɵFactoryDeclaration<AbstractSecurityStorage, never>; static ɵprov: i0.ɵɵInjectableDeclaration<AbstractSecurityStorage>; } declare class DefaultLocalStorageService implements AbstractSecurityStorage { read(key: string): string | null; write(key: string, value: string): void; remove(key: string): void; clear(): void; static ɵfac: i0.ɵɵFactoryDeclaration<DefaultLocalStorageService, never>; static ɵprov: i0.ɵɵInjectableDeclaration<DefaultLocalStorageService>; } declare class DefaultSessionStorageService implements AbstractSecurityStorage { read(key: string): string | null; write(key: string, value: string): void; remove(key: string): void; clear(): void; static ɵfac: i0.ɵɵFactoryDeclaration<DefaultSessionStorageService, never>; static ɵprov: i0.ɵɵInjectableDeclaration<DefaultSessionStorageService>; } export { AbstractLoggerService, AbstractSecurityStorage, AuthInterceptor, AuthModule, AutoLoginAllRoutesGuard, AutoLoginPartialRoutesGuard, ConfigurationService, DefaultLocalStorageService, DefaultSessionStorageService, EventTypes, LogLevel, OidcSecurityService, OpenIdConfigLoader, PopUpService, PublicEventsService, StateValidationResult, StsConfigHttpLoader, StsConfigLoader, StsConfigStaticLoader, ValidationResult, _provideAuth, authInterceptor, autoLoginPartialRoutesGuard, autoLoginPartialRoutesGuardWithConfig, provideAuth, withAppInitializerAuthCheck }; export type { AuthFeature, AuthOptions, AuthResult, AuthStateResult, AuthWellKnownEndpoints, AuthenticatedResult, ConfigAuthenticatedResult, ConfigUserDataResult, JwtKey, JwtKeys, LoginResponse, LogoutAuthOptions, OidcClientNotification, OpenIdConfiguration, PassedInitialConfig, PopupOptions, UserDataResult };