keycloak-angular

import { HttpHeaders, HttpRequest } from '@angular/common/http'; import { Subject } from 'rxjs'; import { ExcludedUrlRegex, KeycloakOptions } from '../interfaces/keycloak-options'; import { KeycloakEventLegacy } from '../interfaces/keycloak-event'; import * as i0 from "@angular/core"; /** * Service to expose existent methods from the Keycloak JS adapter, adding new * functionalities to improve the use of keycloak in Angular v > 4.3 applications. * * This class should be injected in the application bootstrap, so the same instance will be used * along the web application. * * @deprecated This service is deprecated and will be removed in future versions. * Use the new `provideKeycloak` function to load Keycloak in an Angular application. * More info: https://github.com/mauriciovigolo/keycloak-angular/docs/migration-guides/v19.md */ export declare class KeycloakService { /** * Keycloak-js instance. */ private _instance; /** * User profile as KeycloakProfile interface. */ private _userProfile; /** * Flag to indicate if the bearer will not be added to the authorization header. */ private _enableBearerInterceptor; /** * When the implicit flow is choosen there must exist a silentRefresh, as there is * no refresh token. */ private _silentRefresh; /** * Indicates that the user profile should be loaded at the keycloak initialization, * just after the login. */ private _loadUserProfileAtStartUp; /** * The bearer prefix that will be appended to the Authorization Header. */ private _bearerPrefix; /** * Value that will be used as the Authorization Http Header name. */ private _authorizationHeaderName; /** * @deprecated * The excluded urls patterns that must skip the KeycloakBearerInterceptor. */ private _excludedUrls; /** * Observer for the keycloak events */ private _keycloakEvents$; /** * The amount of required time remaining before expiry of the token before the token will be refreshed. */ private _updateMinValidity; /** * Returns true if the request should have the token added to the headers by the KeycloakBearerInterceptor. */ shouldAddToken: (request: HttpRequest<unknown>) => boolean; /** * Returns true if the request being made should potentially update the token. */ shouldUpdateToken: (request: HttpRequest<unknown>) => boolean; /** * Binds the keycloak-js events to the keycloakEvents Subject * which is a good way to monitor for changes, if needed. * * The keycloakEvents returns the keycloak-js event type and any * argument if the source function provides any. */ private bindsKeycloakEvents; /** * Loads all bearerExcludedUrl content in a uniform type: ExcludedUrl, * so it becomes easier to handle. * * @param bearerExcludedUrls array of strings or ExcludedUrl that includes * the url and HttpMethod. */ private loadExcludedUrls; /** * Handles the class values initialization. * * @param options */ private initServiceValues; /** * Keycloak initialization. It should be called to initialize the adapter. * Options is an object with 2 main parameters: config and initOptions. The first one * will be used to create the Keycloak instance. The second one are options to initialize the * keycloak instance. * * @param options * Config: may be a string representing the keycloak URI or an object with the * following content: * - url: Keycloak json URL * - realm: realm name * - clientId: client id * * initOptions: * Options to initialize the Keycloak adapter, matches the options as provided by Keycloak itself. * * enableBearerInterceptor: * Flag to indicate if the bearer will added to the authorization header. * * loadUserProfileInStartUp: * Indicates that the user profile should be loaded at the keycloak initialization, * just after the login. * * bearerExcludedUrls: * String Array to exclude the urls that should not have the Authorization Header automatically * added. * * authorizationHeaderName: * This value will be used as the Authorization Http Header name. * * bearerPrefix: * This value will be included in the Authorization Http Header param. * * tokenUpdateExcludedHeaders: * Array of Http Header key/value maps that should not trigger the token to be updated. * * updateMinValidity: * This value determines if the token will be refreshed based on its expiration time. * * @returns * A Promise with a boolean indicating if the initialization was successful. */ init(options?: KeycloakOptions): Promise<boolean>; /** * Redirects to login form on (options is an optional object with redirectUri and/or * prompt fields). * * @param options * Object, where: * - redirectUri: Specifies the uri to redirect to after login. * - prompt:By default the login screen is displayed if the user is not logged-in to Keycloak. * To only authenticate to the application if the user is already logged-in and not display the * login page if the user is not logged-in, set this option to none. To always require * re-authentication and ignore SSO, set this option to login . * - maxAge: Used just if user is already authenticated. Specifies maximum time since the * authentication of user happened. If user is already authenticated for longer time than * maxAge, the SSO is ignored and he will need to re-authenticate again. * - loginHint: Used to pre-fill the username/email field on the login form. * - action: If value is 'register' then user is redirected to registration page, otherwise to * login page. * - locale: Specifies the desired locale for the UI. * @returns * A void Promise if the login is successful and after the user profile loading. */ login(options?: Keycloak.KeycloakLoginOptions): Promise<void>; /** * Redirects to logout. * * @param redirectUri * Specifies the uri to redirect to after logout. * @returns * A void Promise if the logout was successful, cleaning also the userProfile. */ logout(redirectUri?: string): Promise<void>; /** * Redirects to registration form. Shortcut for login with option * action = 'register'. Options are same as for the login method but 'action' is set to * 'register'. * * @param options * login options * @returns * A void Promise if the register flow was successful. */ register(options?: Keycloak.KeycloakLoginOptions): Promise<void>; /** * Check if the user has access to the specified role. It will look for roles in * realm and the given resource, but will not check if the user is logged in for better performance. * * @param role * role name * @param resource * resource name. If not specified, `clientId` is used * @returns * A boolean meaning if the user has the specified Role. */ isUserInRole(role: string, resource?: string): boolean; /** * Return the roles of the logged user. The realmRoles parameter, with default value * true, will return the resource roles and realm roles associated with the logged user. If set to false * it will only return the resource roles. The resource parameter, if specified, will return only resource roles * associated with the given resource. * * @param realmRoles * Set to false to exclude realm roles (only client roles) * @param resource * resource name If not specified, returns roles from all resources * @returns * Array of Roles associated with the logged user. */ getUserRoles(realmRoles?: boolean, resource?: string): string[]; /** * Check if user is logged in. * * @returns * A boolean that indicates if the user is logged in. */ isLoggedIn(): boolean; /** * Returns true if the token has less than minValidity seconds left before * it expires. * * @param minValidity * Seconds left. (minValidity) is optional. Default value is 0. * @returns * Boolean indicating if the token is expired. */ isTokenExpired(minValidity?: number): boolean; /** * If the token expires within _updateMinValidity seconds the token is refreshed. If the * session status iframe is enabled, the session status is also checked. * Returns a promise telling if the token was refreshed or not. If the session is not active * anymore, the promise is rejected. * * @param minValidity * Seconds left. (minValidity is optional, if not specified updateMinValidity - default 20 is used) * @returns * Promise with a boolean indicating if the token was succesfully updated. */ updateToken(minValidity?: number): Promise<boolean>; /** * Loads the user profile. * Returns promise to set functions to be invoked if the profile was loaded * successfully, or if the profile could not be loaded. * * @param forceReload * If true will force the loadUserProfile even if its already loaded. * @returns * A promise with the KeycloakProfile data loaded. */ loadUserProfile(forceReload?: boolean): Promise<import("keycloak-js").KeycloakProfile>; /** * Returns the authenticated token. */ getToken(): Promise<string>; /** * Returns the logged username. * * @returns * The logged username. */ getUsername(): string; /** * Clear authentication state, including tokens. This can be useful if application * has detected the session was expired, for example if updating token fails. * Invoking this results in onAuthLogout callback listener being invoked. */ clearToken(): void; /** * Adds a valid token in header. The key & value format is: * Authorization Bearer <token>. * If the headers param is undefined it will create the Angular headers object. * * @param headers * Updated header with Authorization and Keycloak token. * @returns * An observable with with the HTTP Authorization header and the current token. */ addTokenToHeader(headers?: HttpHeaders): import("rxjs").Observable<HttpHeaders>; /** * Returns the original Keycloak instance, if you need any customization that * this Angular service does not support yet. Use with caution. * * @returns * The KeycloakInstance from keycloak-js. */ getKeycloakInstance(): Keycloak.KeycloakInstance; /** * @deprecated * Returns the excluded URLs that should not be considered by * the http interceptor which automatically adds the authorization header in the Http Request. * * @returns * The excluded urls that must not be intercepted by the KeycloakBearerInterceptor. */ get excludedUrls(): ExcludedUrlRegex[]; /** * Flag to indicate if the bearer will be added to the authorization header. * * @returns * Returns if the bearer interceptor was set to be disabled. */ get enableBearerInterceptor(): boolean; /** * Keycloak subject to monitor the events triggered by keycloak-js. * The following events as available (as described at keycloak docs - * https://www.keycloak.org/docs/latest/securing_apps/index.html#callback-events): * - OnAuthError * - OnAuthLogout * - OnAuthRefreshError * - OnAuthRefreshSuccess * - OnAuthSuccess * - OnReady * - OnTokenExpire * In each occurrence of any of these, this subject will return the event type, * described at {@link KeycloakEventTypeLegacy} enum and the function args from the keycloak-js * if provided any. * * @returns * A subject with the {@link KeycloakEventLegacy} which describes the event type and attaches the * function args. */ get keycloakEvents$(): Subject<KeycloakEventLegacy>; static ɵfac: i0.ɵɵFactoryDeclaration<KeycloakService, never>; static ɵprov: i0.ɵɵInjectableDeclaration<KeycloakService>; }