common-ui/src/lib/users/guards/iqser-auth-guard.service.ts

import { Injectable } from '@angular/core';
import { ActivatedRouteSnapshot, Router } from '@angular/router';
import { KeycloakAuthGuard, KeycloakService } from 'keycloak-angular';
import { getConfig } from '../../services';
import { KeycloakLoginOptions } from 'keycloak-js';

@Injectable()
export class IqserAuthGuard extends KeycloakAuthGuard {
    readonly #config = getConfig();

    constructor(
        protected readonly _router: Router,
        protected readonly _keycloak: KeycloakService,
    ) {
        super(_router, _keycloak);
    }

    async isAccessAllowed(route: ActivatedRouteSnapshot): Promise<boolean> {
        if (this.authenticated) {
            return true;
        }

        const kcIdpHint = route.queryParamMap.get('kc_idp_hint');
        const options: KeycloakLoginOptions = {
            redirectUri: window.location.href,
        };

        if (kcIdpHint ?? this.#config.OAUTH_IDP_HINT) {
            options.idpHint = kcIdpHint ?? this.#config.OAUTH_IDP_HINT;
        }
        await this._keycloak.login(options);
        return false;
    }
}