test(portal-self-service): DigiD-guarded registration submit page (refs #67)
Scaffold libs/ui (NL Design System via Utrecht components) and libs/auth (DigiD OIDC over angular-auth-oidc-client: mockable AuthService, provider, token interceptor, authenticated guard). Failing component + axe tests for the RegistrationPage: it must show the signed-in BSN, submit to the BFF (mocked api-client) and confirm, with no WCAG 2.1 AA violations. The page is a stub, so the behaviour tests fail; green follows. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
40
libs/auth/src/lib/digid-auth.providers.ts
Normal file
40
libs/auth/src/lib/digid-auth.providers.ts
Normal file
@@ -0,0 +1,40 @@
|
||||
import { EnvironmentProviders, makeEnvironmentProviders } from '@angular/core';
|
||||
import { authInterceptor, LogLevel, provideAuth } from 'angular-auth-oidc-client';
|
||||
import { AuthService } from './auth.service';
|
||||
import { DigiadAuthService } from './digid-auth.service';
|
||||
|
||||
export interface DigiadAuthOptions {
|
||||
/** The Keycloak `digid` realm issuer, as reachable from the browser. */
|
||||
authority: string;
|
||||
/** Where Keycloak redirects back to after login (usually the app origin). */
|
||||
redirectUrl: string;
|
||||
/** The BFF origin whose requests get the bearer token attached (secure route). */
|
||||
secureApiOrigin: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Configure DigiD login (Keycloak `digid` realm, public client `big-portal`, auth-code + PKCE) and
|
||||
* bind {@link AuthService} to the OIDC-backed implementation. Register {@link authInterceptor} in the
|
||||
* app's HttpClient so BFF calls carry the token.
|
||||
*/
|
||||
export function provideDigiadAuth(options: DigiadAuthOptions): EnvironmentProviders {
|
||||
return makeEnvironmentProviders([
|
||||
provideAuth({
|
||||
config: {
|
||||
authority: options.authority,
|
||||
redirectUrl: options.redirectUrl,
|
||||
postLogoutRedirectUri: options.redirectUrl,
|
||||
clientId: 'big-portal',
|
||||
scope: 'openid profile',
|
||||
responseType: 'code',
|
||||
silentRenew: true,
|
||||
useRefreshToken: true,
|
||||
secureRoutes: [options.secureApiOrigin],
|
||||
logLevel: LogLevel.Warn,
|
||||
},
|
||||
}),
|
||||
{ provide: AuthService, useClass: DigiadAuthService },
|
||||
]);
|
||||
}
|
||||
|
||||
export { authInterceptor };
|
||||
Reference in New Issue
Block a user