Abstract Private _initialPrivate _initialProtected configProtected isAbstract Readonly typeProvider type identifier Must be implemented by concrete providers
Protected userProtected userContains the initial path from window.location.pathname before any work was done by auth services
Contains the initial search/query string from window.location.search before any work was done by auth services
Classify an error into standard error type
Converts provider-specific errors into semantic categories. Eliminates need for consumers to check error.name or error types.
const authError = this.authBase.classifyError(err);
if (authError.type === AuthErrorType.TOKEN_EXPIRED) {
this.showMessage(authError.userMessage);
}
Protected Abstract classifyClassify provider-specific error into standard error type
Maps provider-specific errors to semantic AuthErrorType values. Examines error objects, error codes, and messages to determine the appropriate category (TOKEN_EXPIRED, INTERACTION_REQUIRED, NETWORK_ERROR, etc.).
The error to classify
StandardAuthError with categorized type and user-friendly message
Protected Abstract extractExtract ID token from provider-specific storage
This is where providers hide their implementation details.
Promise resolving to token string or null if not authenticated
Protected Abstract extractExtract complete token info from provider-specific storage
Maps provider-specific token structure to StandardAuthToken.
Promise resolving to StandardAuthToken or null if not authenticated
Protected Abstract extractExtract user info from provider-specific claims
Maps provider-specific claim structure to StandardUserInfo. This is where providers translate their claims (sub, email, name, etc.) into the standard structure.
Promise resolving to StandardUserInfo or null if not authenticated
Get ID token string (primary token method)
This is the clean abstraction - no provider-specific logic needed!
Replaces the old pattern of: claims?.__raw || claims?.idToken
const token = await this.authBase.getIdToken();
if (token) {
setupGraphQLClient(token, apiUrl);
}
Get profile picture URL from auth provider
Returns the user's profile picture URL if available from the auth provider. This abstracts away provider-specific logic:
Promise resolving to image URL or null if not available
const pictureUrl = await this.authBase.getProfilePictureUrl();
if (pictureUrl) {
this.userAvatar = pictureUrl;
}
Protected Abstract getGet profile picture URL from auth provider
Retrieves the user's profile picture using provider-specific mechanisms. Some providers include the URL in user claims, others require API calls to fetch the image.
Promise resolving to image URL or null if not available
Get complete token information
Returns full token details including expiration and scopes. Use this when you need more than just the token string.
Get user info as Observable stream
Returns standardized user info, hiding provider-specific claim structures. No more need for consumers to merge claims or check provider-specific fields!
Abstract handleProtected Abstract handleHandle session expiry when silent refresh fails
Called internally when silent token refresh fails with TOKEN_EXPIRED or INTERACTION_REQUIRED errors. Providers that support refresh tokens can implement this as a no-op. Providers that require interactive re-authentication should initiate the appropriate flow (redirect, popup, etc.).
Note: If this method redirects the page, it may never return. The app will reload after authentication completes and re-initialize with a fresh token.
Promise that resolves if re-auth completed, or never returns if redirected
Abstract initializeProtected Abstract loginAbstract logoutRefresh authentication token
Attempts to obtain a fresh authentication token using the provider's refresh mechanism. If silent refresh fails due to session expiry, the provider will handle re-authentication automatically (which may involve redirecting to the auth provider's login page).
Returns StandardAuthToken on success, or throws on complete failure.
IMPORTANT: If the provider requires interactive re-authentication (redirect or popup), this method may never return. The app will reload after authentication completes and re-initialize with a fresh token.
Promise resolving to StandardAuthToken or throws on failure
const token = await this.authBase.refreshToken();
return token.idToken; // Always succeeds or throws
Protected Abstract refreshRefresh token using provider-specific mechanism
Implements the provider's token refresh logic using whatever mechanism is appropriate (silent refresh with refresh tokens, iframe-based token acquisition, etc.).
Should return success with token if refresh succeeds, or failure with appropriate error type (TOKEN_EXPIRED, INTERACTION_REQUIRED, etc.) if refresh fails.
Promise resolving to TokenRefreshResult indicating success/failure
Protected updateProtected updateUpdate user info
Subclasses should call this when user info is retrieved or updated. This automatically updates the email stream as well.
Base class for Angular authentication providers - v3.0.0
Provides common functionality and enforces the provider interface. All concrete providers (MSAL, Auth0, Okta) should extend this class.
Key Improvements in v3.0:
anytypes__raw || idTokenpatternsFor Provider Implementers:
Extend this class and implement the abstract methods:
extractIdTokenInternal()- Extract token from provider storageextractTokenInfoInternal()- Extract full token infoextractUserInfoInternal()- Map claims to StandardUserInforefreshTokenInternal()- Implement refresh mechanismclassifyErrorInternal()- Map errors to AuthErrorTypeVersion
3.0.0