projects/lib/src/types.ts
Additional options that can be passed to tryLogin.
Properties |
|
Optional customHashFragment |
Type : string
|
Defined in projects/lib/src/types.ts:40
|
A custom hash fragment to be used instead of the actual one. This is used for silent refreshes, to pass the iframes hash fragment to this method, and is also used by popup flows in the same manner. This can be used with code flow, where is must be set to a hash symbol followed by the querystring. The question mark is optional, but may be present following the hash symbol. |
Optional customRedirectUri |
Type : string
|
Defined in projects/lib/src/types.ts:74
|
Set this for code flow if you used a custom redirect Uri when retrieving the code. This is used internally for silent refresh and popup flows. |
Optional disableNonceCheck |
Default value : false
|
Defined in projects/lib/src/types.ts:59
|
Set this to true to disable the nonce check which is used to avoid replay attacks. This flag should never be true in production environments. |
Optional disableOAuth2StateCheck |
Type : boolean
|
Defined in projects/lib/src/types.ts:50
|
Set this to true to disable the oauth2 state check which is a best practice to avoid security attacks. As OIDC defines a nonce check that includes this, this can be set to true when only doing OIDC. |
Optional onLoginError |
Type : function
|
Defined in projects/lib/src/types.ts:28
|
Called when tryLogin detects that the auth server included an error message into the hash fragment. Deprecated: Use property |
Optional onTokenReceived |
Type : function
|
Defined in projects/lib/src/types.ts:13
|
Is called, after a token has been received and successfully validated. Deprecated: Use property |
Optional preventClearHashAfterLogin |
Default value : false
|
Defined in projects/lib/src/types.ts:67
|
Normally, you want to clear your hash fragment after the lib read the token(s) so that they are not displayed anymore in the url. If not, set this to true. For code flow this controls removing query string values. |
Optional validationHandler |
Type : function
|
Defined in projects/lib/src/types.ts:20
|
Hook, to validate the received tokens. Deprecated: Use property |
import { Injectable } from '@angular/core';
/**
* Additional options that can be passed to tryLogin.
*/
export class LoginOptions {
/**
* Is called, after a token has been received and
* successfully validated.
*
* Deprecated: Use property ``events`` on OAuthService instead.
*/
onTokenReceived?: (receivedTokens: ReceivedTokens) => void;
/**
* Hook, to validate the received tokens.
*
* Deprecated: Use property ``tokenValidationHandler`` on OAuthService instead.
*/
validationHandler?: (receivedTokens: ReceivedTokens) => Promise<any>;
/**
* Called when tryLogin detects that the auth server
* included an error message into the hash fragment.
*
* Deprecated: Use property ``events`` on OAuthService instead.
*/
onLoginError?: (params: object) => void;
/**
* A custom hash fragment to be used instead of the
* actual one. This is used for silent refreshes, to
* pass the iframes hash fragment to this method, and
* is also used by popup flows in the same manner.
* This can be used with code flow, where is must be set
* to a hash symbol followed by the querystring. The
* question mark is optional, but may be present following
* the hash symbol.
*/
customHashFragment?: string;
/**
* Set this to true to disable the oauth2 state
* check which is a best practice to avoid
* security attacks.
* As OIDC defines a nonce check that includes
* this, this can be set to true when only doing
* OIDC.
*/
disableOAuth2StateCheck?: boolean;
/**
* Set this to true to disable the nonce
* check which is used to avoid
* replay attacks.
* This flag should never be true in
* production environments.
*/
disableNonceCheck? = false;
/**
* Normally, you want to clear your hash fragment after
* the lib read the token(s) so that they are not displayed
* anymore in the url. If not, set this to true. For code flow
* this controls removing query string values.
*/
preventClearHashAfterLogin? = false;
/**
* Set this for code flow if you used a custom redirect Uri
* when retrieving the code. This is used internally for silent
* refresh and popup flows.
*/
customRedirectUri?: string;
}
/**
* Defines the logging interface the OAuthService uses
* internally. Is compatible with the `console` object,
* but you can provide your own implementation as well
* through dependency injection.
*/
export abstract class OAuthLogger {
abstract debug(message?: any, ...optionalParams: any[]): void;
abstract info(message?: any, ...optionalParams: any[]): void;
abstract log(message?: any, ...optionalParams: any[]): void;
abstract warn(message?: any, ...optionalParams: any[]): void;
abstract error(message?: any, ...optionalParams: any[]): void;
}
/**
* Defines a simple storage that can be used for
* storing the tokens at client side.
* Is compatible to localStorage and sessionStorage,
* but you can also create your own implementations.
*/
export abstract class OAuthStorage {
abstract getItem(key: string): string | null;
abstract removeItem(key: string): void;
abstract setItem(key: string, data: string): void;
}
@Injectable()
export class MemoryStorage implements OAuthStorage {
private data = new Map<string, string>();
getItem(key: string): string {
return this.data.get(key);
}
removeItem(key: string): void {
this.data.delete(key);
}
setItem(key: string, data: string): void {
this.data.set(key, data);
}
}
/**
* Represents the received tokens, the received state
* and the parsed claims from the id-token.
*/
export class ReceivedTokens {
idToken: string;
accessToken: string;
idClaims?: object;
state?: string;
}
/**
* Represents the parsed and validated id_token.
*/
export interface ParsedIdToken {
idToken: string;
idTokenClaims: object;
idTokenHeader: object;
idTokenClaimsJson: string;
idTokenHeaderJson: string;
idTokenExpiresAt: number;
}
/**
* Represents the response from the token endpoint
* http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
*/
export interface TokenResponse {
access_token: string;
id_token: string;
token_type: string;
expires_in: number;
refresh_token: string;
scope: string;
state?: string;
}
/**
* Represents the response from the user info endpoint
* http://openid.net/specs/openid-connect-core-1_0.html#UserInfo
*/
export interface UserInfo {
sub: string;
[key: string]: any;
}
/**
* Represents an OpenID Connect discovery document
*/
export interface OidcDiscoveryDoc {
issuer: string;
authorization_endpoint: string;
token_endpoint: string;
token_endpoint_auth_methods_supported: string[];
token_endpoint_auth_signing_alg_values_supported: string[];
userinfo_endpoint: string;
check_session_iframe: string;
end_session_endpoint: string;
jwks_uri: string;
registration_endpoint: string;
scopes_supported: string[];
response_types_supported: string[];
acr_values_supported: string[];
response_modes_supported: string[];
grant_types_supported: string[];
subject_types_supported: string[];
userinfo_signing_alg_values_supported: string[];
userinfo_encryption_alg_values_supported: string[];
userinfo_encryption_enc_values_supported: string[];
id_token_signing_alg_values_supported: string[];
id_token_encryption_alg_values_supported: string[];
id_token_encryption_enc_values_supported: string[];
request_object_signing_alg_values_supported: string[];
display_values_supported: string[];
claim_types_supported: string[];
claims_supported: string[];
claims_parameter_supported: boolean;
service_documentation: string;
ui_locales_supported: string[];
revocation_endpoint: string;
}