UNPKG

keycloak-angular

Version:

Easy Keycloak integration for Angular applications.

github.com/mauriciovigolo/keycloak-angular

mauriciovigolo/keycloak-angular

76 lines (75 loc) 2.86 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/** * @license * Copyright Mauricio Gemelli Vigolo All Rights Reserved. * * Use of this source code is governed by a MIT-style license that can be * found in the LICENSE file at https://github.com/mauriciovigolo/keycloak-angular/blob/main/LICENSE.md */ import Keycloak from 'keycloak-js'; import { ActivatedRouteSnapshot, CanActivateChildFn, CanActivateFn, RouterStateSnapshot, UrlTree } from '@angular/router'; /** * Type representing the roles granted to a user, including both realm and resource-level roles. */ type Roles = { /** * Roles assigned at the realm level. */ realmRoles: string[]; /** * Roles assigned at the resource level, organized by resource name. */ resourceRoles: { [resource: string]: string[]; }; }; /** * Data structure passed to the custom authorization guard to determine access. */ export type AuthGuardData = { /** * Indicates whether the user is currently authenticated. */ authenticated: boolean; /** * A collection of roles granted to the user, including both realm and resource roles. */ grantedRoles: Roles; /** * The Keycloak instance managing the user's session and access. */ keycloak: Keycloak; }; /** * Creates a custom authorization guard for Angular routes, enabling fine-grained access control. * * This guard invokes the provided `isAccessAllowed` function to determine if access is permitted * based on the current route, router state, and user's authentication and roles data. * * @template T - The type of the guard function (`CanActivateFn` or `CanActivateChildFn`). * @param isAccessAllowed - A callback function that evaluates access conditions. The function receives: * - `route`: The current `ActivatedRouteSnapshot` for the route being accessed. * - `state`: The current `RouterStateSnapshot` representing the router's state. * - `authData`: An `AuthGuardData` object containing the user's authentication status, roles, and Keycloak instance. * @returns A guard function of type `T` that can be used as a route `canActivate` or `canActivateChild` guard. * * @example * ```ts * import { createAuthGuard } from './auth-guard'; * import { Routes } from '@angular/router'; * * const isUserAllowed = async (route, state, authData) => { * const { authenticated, grantedRoles } = authData; * return authenticated && grantedRoles.realmRoles.includes('admin'); * }; * * const routes: Routes = [ * { * path: 'admin', * canActivate: [createAuthGuard(isUserAllowed)], * component: AdminComponent, * }, * ]; * ``` */ export declare const createAuthGuard: <T extends CanActivateFn | CanActivateChildFn>(isAccessAllowed: (route: ActivatedRouteSnapshot, state: RouterStateSnapshot, authData: AuthGuardData) => Promise<boolean | UrlTree>) => T; export {};