@lcgroup.core/auth
Advanced tools
AuthModule allows to add authentication/authorization mechanism (based on security token service) to your project.
AuthModule works in pair with JwtModule.
Setup example:
export function jwtOptionsFactory(authTokenService: AuthTokenService) {
return {
tokenGetter: () => {
return authTokenService.getToken();
},
allowedDomains: environment.allowedDomains
};
}
// ...
JwtModule.forRoot({
jwtOptionsProvider: {
provide: JWT_OPTIONS,
useFactory: jwtOptionsFactory,
deps: [AuthTokenService]
}
}),
AuthModule.forRoot({
stsParams: {
client_id: 'your_client_id',
client_secret: 'some_secret',
scope: 'your scopes divided with space'
},
tokenEndpoint:
environment.identityServerUrl + AUTH_OPTIONS_DEFAULTS.tokenEndpoint
})
Options:
export interface AuthOptions<T> {
userType?: new() => T; // User class. default: User
tokenName?: string; // token storage name. default: 'access_token'
tokenEndpoint?: string; // token endpoint url. default: '/identity/connect/token'
stsParams?: OAuthParams;
}
export interface OAuthParams {
scope: string;
client_id: string;
client_secret: string;
}
It is possible to use custom user that extends class User:
export class CustomUser extends User {
public custom_claim: string;
}
To access the claim display mode, you need to pass the enableDevHotkey parameter:
AuthModule.forRoot({
...,
{ enableDevHotkey: true }
})
To enable the mode, press the key combination Ctrl+F7.
AuthService is the main part of authentication and authorization control.
@Inject(AUTH_SERVICE) private authService: AuthService<User>
login(login: string, password: string): Observable<T> // http call for login and update user
logout(): T // logout (clear store and update user$)
authorize(claim: string | string[] = null) // check user claims
getUser(): T // current user entity from store
user$: BehaviorSubject<T>; // automatically updating user entity
Checks user claims and removes inner html if user hasn't got specified claim:
<li routerLinkActive="active" *authorize="'app.debtors'">
content
</li>
You might want to hide content for anonymous users:
<li routerLinkActive="active" *authorize>
content
</li>
Checks user claims and set 'disabled' attribute for button/input/form, etc.
<button type="button" authorizeControl="users:roles_EDIT">
Button
</button>
Checks user claims and set 'disabled' attribute and styles (pointer-events, opacity) for span/i
<span authorizeControl="users:list_EDIT">
X
</span>
You must handle http statuses by your own. It's project specific. Implement HttpInterceptor and provide it.
reason: https://limezaim.atlassian.net/browse/KRNL-22
@Injectable()
export class AuthInterceptor implements HttpInterceptor {
constructor(
private injector: Injector // https://github.com/angular/angular/issues/18224
) { }
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
const authService = this.injector.get(AUTH_SERVICE);
const router = this.injector.get(Router);
return next.handle(req)
.catch(error => {
if (error && error.status === 401) {
authService.logout();
router.navigateByUrl('/');
}
return throwError(error);
});
}
}
{
provide: HTTP_INTERCEPTORS,
useClass: AuthInterceptor,
multi: true
}
class CustomAuthService<T extends User> extends AuthService<T> {
private logoutStatus = false;
constructor (
authApi: AuthApiService,
authTokenService: AuthTokenService,
jwtHelperService: JwtHelperService,
@Inject(AUTH_OPTIONS) options: AuthOptions<T>
) {
super(authApi, authTokenService, jwtHelperService, options);
}
get getLogoutStatus(): boolean {
return this.logoutStatus;
}
logout() {
const logoutResult = super.logout();
this.logoutStatus = true;
return logoutResult;
}
}
AuthModule.forRoot({ userType: User }, CustomAuthService)
npm install ngx-cookie@^4.1.2
Tests
npm run test npm run test:watch
Build
npm run build
Release
npm run release
FAQs
Authentication module
The npm package @lcgroup.core/auth receives a total of 0 weekly downloads. As such, @lcgroup.core/auth popularity was classified as not popular.
We found that @lcgroup.core/auth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A data handling bug in OSV.dev caused disputed CVEs to disappear from vulnerability feeds until a recent fix restored over 500 advisories.
Research
/Security News
175 malicious npm packages (26k+ downloads) used unpkg CDN to host redirect scripts for a credential-phishing campaign targeting 135+ organizations worldwide.
Security News
Python 3.14 adds template strings, deferred annotations, and subinterpreters, plus free-threaded mode, an experimental JIT, and Sigstore verification.