Protected configProtected isPrivate isPrivate oktaPrivate oktaOptional domain?: stringReadonly typeProvider type identifier Must be implemented by concrete providers
Protected userProtected userStatic Readonly PROVIDER_Contains the initial path from window.location.pathname before any work was done by auth services
Contains the initial search/query string from window.location.search before any work was done by auth services
Classify an error into standard error type
Converts provider-specific errors into semantic categories. Eliminates need for consumers to check error.name or error types.
const authError = this.authBase.classifyError(err);
if (authError.type === AuthErrorType.TOKEN_EXPIRED) {
this.showMessage(authError.userMessage);
}
Protected classifyClassify Okta-specific errors into semantic types
Maps Okta error patterns to AuthErrorType enum
Protected extractProtected extractExtract complete token info from Okta
Maps Okta's token structure to StandardAuthToken
Protected extractExtract user info from Okta claims
Maps Okta's IDToken structure to StandardUserInfo
Get ID token string (primary token method)
This is the clean abstraction - no provider-specific logic needed!
Replaces the old pattern of: claims?.__raw || claims?.idToken
const token = await this.authBase.getIdToken();
if (token) {
setupGraphQLClient(token, apiUrl);
}
Get profile picture URL from auth provider
Returns the user's profile picture URL if available from the auth provider. This abstracts away provider-specific logic:
Promise resolving to image URL or null if not available
const pictureUrl = await this.authBase.getProfilePictureUrl();
if (pictureUrl) {
this.userAvatar = pictureUrl;
}
Protected getGet complete token information
Returns full token details including expiration and scopes. Use this when you need more than just the token string.
Get user info as Observable stream
Returns standardized user info, hiding provider-specific claim structures. No more need for consumers to merge claims or check provider-specific fields!
Protected handleProtected loginPrivate mapMap Okta IDToken to StandardUserInfo
Refresh authentication token
Attempts to obtain a fresh authentication token using the provider's refresh mechanism. If silent refresh fails due to session expiry, the provider will handle re-authentication automatically (which may involve redirecting to the auth provider's login page).
Returns StandardAuthToken on success, or throws on complete failure.
IMPORTANT: If the provider requires interactive re-authentication (redirect or popup), this method may never return. The app will reload after authentication completes and re-initialize with a fresh token.
Promise resolving to StandardAuthToken or throws on failure
const token = await this.authBase.refreshToken();
return token.idToken; // Always succeeds or throws
Protected refreshRefresh token using Okta's token renewal
Uses renewTokens() to get new tokens silently
Protected updateProtected updateUpdate user info
Subclasses should call this when user info is retrieved or updated. This automatically updates the email stream as well.
Static angularFactory function to provide Angular dependencies required by Okta Stored as a static property for the factory to access without instantiation
Okta authentication provider implementation - v3.0.0
Implements the abstract methods from MJAuthBase to hide Okta-specific details. The key abstraction is that Okta stores the JWT in IDToken.idToken, but consumers never need to know this detail.