Digital Medarbeider Authentication Module
========================================
This library is an angular module providing authentication for Digital Medarbeider projects
Quick start
Install this package
npm install @dime/authentication
Prepare the configuration
import { AuthenticationModule, AuthenticationService, DimeAuthConfig} from '@dimeauthentication';
const config: DimeAuthConfig = {
service_code: "school",
app_code: "schooladmin",
login_configs: [
{
id: "idporten",
issuer_url: environment.identity_server_url,
client_id: environment.client_id,
app_url: "http://localhost:4200",
scopes: ["openid", "profile", environment.app_scope],
intercept_domains: [environment.school_api_base_url, environment.core_api_url],
label: "Login with ID Porten"
},
{
id: "aad",
issuer_url: environment.identity_server_url,
client_id: environment.client_id,
app_url: environment.app_url,
scopes: ["openid", "profile", environment.app_scope],
intercept_domains: [environment.school_api_base_url, environment.core_api_url],
label: "Login with AAD"
}
],
tenant_configs: [
{
id: 'idporten',
key: 'tenantId',
intercept_domains: [environment.school_api_base_url, environment.core_api_url],
exclude_domains: [environment.core_api_url+'/api/Tenants'], // List URLs to exclude from interception
tenantResolveURL: environment.core_api_url+'/api/Tenants'
},
{
id: 'aad',
key: 'tenantId',
intercept_domains: [environment.school_api_base_url, environment.core_api_url],
exclude_domains: [environment.core_api_url+'/api/Tenants'], // List URLs to exclude from interception
tenantResolveURL: environment.core_api_url+'/api/Tenants'
subunitKey: null, // Optional (default:null) : if set subunit selection is enabled (e.g., subunitId)
departmentKey:null, // Optional (default:null) : if set department selection is enabled (e.g., departmentId)
subunitResolveURL:null, // Optional (default:null) : if set subunit names are resloved from here, by default the id used as the subunit name
departmentResolveURL: // Optional (default:null) : if set department names are resloved from here, by default the id used as the department name
hideSingleTenant:boolean = true; // Optional (default:true) : if set to false the tenant selector is showen for users with permission to a single tenant
}
]
};
Add the module to the imports, supply the comnfig to the module
import:[
...
AuthenticationModule.forRoot(authenticationConfig)
...
]
Add AuthenticationService and MultiTenantService (if used) to the providers list of the module
providers: [
....
AuthenticationService,
MultiTenantService
.....
]
To get the login component you can add
<dime-login><dime-login>
The following parameters exist for the component
- welcome : Text that will appear as header for the login
- description : Secondary level text to be desplayed below the header and above the login button
To get the tenant selector component you can add (Subunit and Department Selectors are included if the configuration is set to show them)
<dime-tenant-selector><dime-tenant-selector>
Authentication Service Utility Methods
To get information about the current user, the list of roles s/he has and/or check if the current user has a particular role you can use one of the following utility methods
getEmail():string ; // Not recommended for use for inhabitant apps since it's often null use the core api instead
getName(): string; // Not recommended for use for inhabitant apps since it's often null use the core api instead
getMunicipalityId(): string; // For inhabitant logins this is the municipality number of the user (where s/he lives)
getNationalId(): string;
getServicePermissions(): any ; // returns raw object: Not Recommended
getServicePermissionByServiceCode(serviceCode: string): any ; // returns raw object: Not Recommended
getGlobalPermissions(): : string[];
getMunicipalityIds(): string[];
getMunicipalityIdsByService(serviceCode): string[];
getServices(): string[];
getRolesInService(serviceCode) : string[];
getRolesInServiceForTenant(serviceCode, tenantId) : string[];
getRolesInServiceForSubunit(serviceCode, tenantId, subunitId): string[];
hasRoleInService(serviceCode: string, role: string): boolean ;
hasRoleInServiceForTenant(serviceCode: string, tenantId: string, role: string): boolean ;
hasRoleInServiceForSubunit(serviceCode: string, tenantId: string, subunitId: string, role: string): boolean ;
Multitenant Service Utility Methods
To get information about the multitenant status you can use one of the following utility methods
getCurrentTenant():string ;
getCurrentTenantName():string ;
getCurrentSubunit():string ;
getCurrentSubunitName():string ;
getCurrentDepartment():string ;
getCurrentDepartmentName():string ;
Role Directive
To require a specific role be present in the current user's permission to be able to see a component you can add the attribute as follows
<button dime-role="admin">This button will be hidden unless the user has the admin role (any tenant)</button>
<button dime-role="admin" dime-scope="global">This is similar to omitting dime-scope, will be visible if the admin role is present in any tenant for the current user</button>
<button dime-role="admin" dime-scope="tenant">This button will be hidden unless the user has the admin role in the current tenant</button>
<button dime-role="admin" dime-scope="subunit">This button will be hidden unless the user has the admin role in the current tenant and subunit</button>
<button dime-role="admin" dime-scope="department">This button will be hidden unless the user has the admin role in the current tenant, subunit and department</button>
Multiple roles can be specified with | separator You can specify visibility ('block', 'inline', ...) using the dime-visibility default is 'block'