test(portal-self-service): DigiD-guarded registration submit page (refs #67)

Scaffold libs/ui (NL Design System via Utrecht components) and libs/auth (DigiD OIDC
over angular-auth-oidc-client: mockable AuthService, provider, token interceptor,
authenticated guard). Failing component + axe tests for the RegistrationPage: it must
show the signed-in BSN, submit to the BFF (mocked api-client) and confirm, with no
WCAG 2.1 AA violations. The page is a stub, so the behaviour tests fail; green follows.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-01 13:02:29 +02:00
parent 311aab0aba
commit 72c2bdfae7
27 changed files with 725 additions and 4 deletions

View File

@@ -0,0 +1,40 @@
import { EnvironmentProviders, makeEnvironmentProviders } from '@angular/core';
import { authInterceptor, LogLevel, provideAuth } from 'angular-auth-oidc-client';
import { AuthService } from './auth.service';
import { DigiadAuthService } from './digid-auth.service';
export interface DigiadAuthOptions {
/** The Keycloak `digid` realm issuer, as reachable from the browser. */
authority: string;
/** Where Keycloak redirects back to after login (usually the app origin). */
redirectUrl: string;
/** The BFF origin whose requests get the bearer token attached (secure route). */
secureApiOrigin: string;
}
/**
* Configure DigiD login (Keycloak `digid` realm, public client `big-portal`, auth-code + PKCE) and
* bind {@link AuthService} to the OIDC-backed implementation. Register {@link authInterceptor} in the
* app's HttpClient so BFF calls carry the token.
*/
export function provideDigiadAuth(options: DigiadAuthOptions): EnvironmentProviders {
return makeEnvironmentProviders([
provideAuth({
config: {
authority: options.authority,
redirectUrl: options.redirectUrl,
postLogoutRedirectUri: options.redirectUrl,
clientId: 'big-portal',
scope: 'openid profile',
responseType: 'code',
silentRenew: true,
useRefreshToken: true,
secureRoutes: [options.secureApiOrigin],
logLevel: LogLevel.Warn,
},
}),
{ provide: AuthService, useClass: DigiadAuthService },
]);
}
export { authInterceptor };