== MODULE == const routeConfigResolver = { storesAreReady: StoresResolver, userIsAuthenticated: Auth0AuthorizationResolver, }; const routeAuthenticateConfig: Routes = [ { path: 'page/', data: { animation: 'PhotosSelectPage' }, loadChildren: () => import('./page/page.module').then(module => module.PageModule), resolve: routeConfigResolver, // Adding resolver and check if is authenticated } ]; @NgModule({ imports: [RouterModule.forChild(routeAuthenticateConfig), Auth0Module.forChild()], //IMPORT Auth0 module - npm version "@auth0/auth0-angular": "^1.3.1", exports: [RouterModule], }) export class UiAuth0RoutingModule {} == RESOLVER - Auth0AuthorizationResolver == @Injectable() export class Auth0AuthorizationResolver implements Resolve { constructor(private authService: AuthService) {} resolve(): Observable { return this.authService.getAccessTokenSilently().pipe( // This code failed and return 'login required' mapTo(true), catchError(() => { return of(null); }), filter(isAuthenticated => isAuthenticated), first(), ); } } == RESOLVER - StoresResolver == @Injectable() export class StoresResolver implements Resolve { private claimRolesList = 'http://schemas.microsoft.com/ws/2008/06/identity/claims/role'; constructor( private store: Store, private authService: AuthService, ) {} resolve({ params, queryParams }: ActivatedRouteSnapshot): Observable { const storeHasAlreadyBeenLoaded = this.store.selectSnapshot(AggregatesService.storesAreReady); return storeHasAlreadyBeenLoaded ? of(true) : this.loadAllStores$().pipe( delayWhen(() => this.checkUserAuthorization()), mapTo(true), ); } private checkUserAuthorization() { return this.authService.isAuthenticated$.pipe( filter(isAuthenticated => isAuthenticated), // the user is never authenticated catchError(() => { this.navigateToHomePage(); return of(null); }), mergeMap(_ => this.authService.user$), filter(userData => !!userData), tap(auth0User => { const user = { currentUserMail: this.store.selectSnapshot(UserState.getUser).email, auth0UserMail: auth0User.email, }; const userIsNotCustomerAgent = () => !auth0User[this.claimRolesList]?.some(role => role === Auth0Roles.customerAgent); if (userIsNotCustomerAgent() && user.auth0UserMail !== user.currentUserMail) { this.navigateToHomePage(); throw new Error('forbidden access'); } }), ); } }