While this shouldn't make a difference because the callback should
only be called when the token is about to be expiring there
is no reason to keep the old token around.

Just force a refresh always

This makes sure the library version works with the server version.

Ideally we'd also want to check the version so we can error out if a too
old keycloak server is on the other side, but I don't see any public API changes
that would allow us to know if the library is too old.

Fixes #32

In some cases we want to set the path via a html attribute where we can't easily
compute a URL relative to the bundle or page. Convert a path to an URL
if parsing it as an URL doesn't work instead.

These scopes get used for the keycloak login and in case they are registered
as optional scopes for that client get added to the access token.

See #7

With keycloak 9.0 the kcLocale option is gone and the locale selection has been reworked.
If I understand things correctly using the "locale" option should start working with 9.0,
so pass both for now.

See https://www.keycloak.org/docs/latest/server_admin/#_user_locale_selection

Fixes #8

See https://gitlab.tugraz.at/VPU/Apps/Library/issues/41

Not sure if this helps, but worth a try.

See https://tools.ietf.org/html/rfc7636
Supported in Keycloak since 7.0

We always need it to check if th user is logged in already, so doing
a dynamic import doesn't give us anything and just slows things down.

In case the login happens through a login iframe and the iframe src either doesn't
exist or it doesn't respond with a message then keycloak will block in init() forever.

Add a timeout so that after 5 seconds we abort the init and emit a changed event.

With the new ability to log in without redirecting to keycloak and reloading the page
we can now try to login on start every time.

Instead of remembering the login state in the session storage we just ask keycloak in an iframe
on start. To better describe this new behaviour rename the attribute from remember-login to try-login.

The newest keycloak library supporst a mode for doing the redirect in an iframe
with a separate page that needs to be whitelisted in keycloak.

The newer version also finally fixes the native promise bugs so we might as well
use the one from npm instead of fetching it from the keycloak server at runtime.

Move the keycloak code into its own class and try to abstract away as much as possible.

We now also react to all keycloak related events so logout, re-login etc are handled as well.