feat: support client_secret

package.json

@@ -1,6 +1,6 @@
 {
   "name": "oidc-client-rx",
-  "version": "0.1.0-alpha.4",
+  "version": "0.1.0-alpha.5",
   "homepage": "https://github.com/lonelyhentxi/oidc-client-rx",
   "author": "lonelyhentxi",
   "description": "ReactiveX enhanced OIDC and OAuth2 protocol support for browser-based JavaScript applications",

src/adapters/tanstack-router/index.ts

@@ -1,9 +1,9 @@
 import { InjectionToken, inject } from '@outposts/injection-js';
-import type { Router } from '@tanstack/react-router';
+import type { AnyRouter } from '@tanstack/react-router';
 import type { AuthFeature } from '../../features';
 import { AbstractRouter } from '../../router';
 
-export type TanStackRouter = Router<any, any, any, any, any, any>;
+export type TanStackRouter = AnyRouter;
 
 export const TANSTACK_ROUTER = new InjectionToken<TanStackRouter>(
   'TANSTACK_ROUTER'

src/auto-login/auto-login-partial-routes.guard.ts

@@ -1,6 +1,6 @@
 import { Injectable, inject } from '@outposts/injection-js';
-import type { Observable } from 'rxjs';
+import { type Observable, of } from 'rxjs';
-import { map } from 'rxjs/operators';
+import { map, switchMap } from 'rxjs/operators';
 import type { AuthOptions } from '../auth-options';
 import { AuthStateService } from '../auth-state/auth-state.service';
 import { ConfigurationService } from '../config/config.service';
@@ -126,7 +126,7 @@ function checkAuth(
   configId?: string
 ): Observable<boolean> {
   return configurationService.getOpenIDConfiguration(configId).pipe(
-    map((configuration) => {
+    switchMap((configuration) => {
       const isAuthenticated =
         authStateService.areAuthStorageTokensValid(configuration);
 
@@ -137,13 +137,16 @@ function checkAuth(
       if (!isAuthenticated) {
         autoLoginService.saveRedirectRoute(configuration, url);
         if (authOptions) {
-          loginService.login(configuration, authOptions);
+          return loginService
-        } else {
+            .login(configuration, authOptions)
-          loginService.login(configuration);
+            .pipe(switchMap(() => of(isAuthenticated)));
         }
+        return loginService
+          .login(configuration)
+          .pipe(switchMap(() => of(isAuthenticated)));
       }
 
-      return isAuthenticated;
+      return of(isAuthenticated);
     })
   );
 }

src/config/openid-configuration.ts

@@ -40,6 +40,12 @@ export interface OpenIdConfiguration {
    * or if it contains additional audiences not trusted by the Client.
    */
   clientId?: string;
+  /**
+   * @dangerous
+   * @see [client secret is missing](https://github.com/damienbod/angular-auth-oidc-client/issues/399)
+   * The client secret. For some oidc service the must provide this.
+   */
+  clientSecret?: string;
   /**
    * `code`, `id_token token` or `id_token`.
    * Name of the flow which can be configured.

src/login/login.service.ts

@@ -1,5 +1,6 @@
 import { Injectable, inject } from '@outposts/injection-js';
-import { type Observable, of, throwError } from 'rxjs';
+import { BehaviorSubject, type Observable, of, throwError } from 'rxjs';
+import { MockUtil } from 'src/utils/reflect';
 import type { AuthOptions } from '../auth-options';
 import type { OpenIdConfiguration } from '../config/openid-configuration';
 import { StoragePersistenceService } from '../storage/storage-persistence.service';
@@ -24,6 +25,7 @@ export class LoginService {
 
   private readonly popupService = inject(PopUpService);
 
+  @MockUtil({ implementation: () => new BehaviorSubject(undefined) })
   login(
     configuration: OpenIdConfiguration | null,
     authOptions?: AuthOptions

src/router/index.ts

@@ -30,7 +30,7 @@ export abstract class AbstractRouter<
   abstract getCurrentNavigation(): NAVIGATION;
 }
 
-export class VanillaLocationRouter extends AbstractRouter {
+export class VanillaLocationRouter extends AbstractRouter<string> {
   protected document = inject(DOCUMENT);
 
   private get location(): Location {

src/utils/url/url.service.ts

@@ -249,6 +249,7 @@ export class UrlService {
     configuration: OpenIdConfiguration
   ): string | null {
     const clientId = this.getClientId(configuration);
+    const clientSecret = this.getClientSecret(configuration);
 
     if (!clientId) {
       return null;
@@ -259,6 +260,9 @@ export class UrlService {
     params = params.set('client_id', clientId);
     params = params.set('token', token);
     params = params.set('token_type_hint', 'access_token');
+    if (clientSecret) {
+      params = params.set('client_secret', clientSecret);
+    }
 
     return params.toString();
   }
@@ -268,6 +272,7 @@ export class UrlService {
     configuration: OpenIdConfiguration
   ): string | null {
     const clientId = this.getClientId(configuration);
+    const clientSecret = this.getClientSecret(configuration);
 
     if (!clientId) {
       return null;
@@ -278,6 +283,9 @@ export class UrlService {
     params = params.set('client_id', clientId);
     params = params.set('token', token);
     params = params.set('token_type_hint', 'refresh_token');
+    if (clientSecret) {
+      params = params.set('client_secret', clientSecret);
+    }
 
     return params.toString();
   }
@@ -304,6 +312,7 @@ export class UrlService {
     customTokenParams?: { [p: string]: string | number | boolean }
   ): string | null {
     const clientId = this.getClientId(configuration);
+    const clientSecret = this.getClientSecret(configuration);
 
     if (!clientId) {
       return null;
@@ -313,6 +322,9 @@ export class UrlService {
 
     params = params.set('grant_type', 'authorization_code');
     params = params.set('client_id', clientId);
+    if (clientSecret) {
+      params = params.set('client_secret', clientSecret);
+    }
 
     if (!configuration.disablePkce) {
       const codeVerifier = this.flowsDataService.getCodeVerifier(configuration);
@@ -364,6 +376,7 @@ export class UrlService {
     customParamsRefresh?: { [key: string]: string | number | boolean }
   ): string | null {
     const clientId = this.getClientId(configuration);
+    const clientSecret = this.getClientSecret(configuration);
 
     if (!clientId) {
       return null;
@@ -374,6 +387,9 @@ export class UrlService {
     params = params.set('grant_type', 'refresh_token');
     params = params.set('client_id', clientId);
     params = params.set('refresh_token', refreshToken);
+    if (clientSecret) {
+      params = params.set('client_secret', clientSecret);
+    }
 
     if (customParamsRefresh) {
       params = this.appendCustomParams({ ...customParamsRefresh }, params);
@@ -851,6 +867,18 @@ export class UrlService {
     return clientId;
   }
 
+  private getClientSecret(configuration: OpenIdConfiguration): string | null {
+    const { clientSecret } = configuration;
+
+    if (!clientSecret) {
+      this.loggerService.logDebug(configuration, 'could not get clientSecret');
+
+      return null;
+    }
+
+    return clientSecret;
+  }
+
   private appendCustomParams(
     customParams: { [key: string]: string | number | boolean },
     params: HttpParams