storageService object support

The configuration value for storageService can now be any object that supports the specified API stated in the README.md. This removes the requirement on the provided storageService being an Angular service that is available through the $injector.

Bug fix for function checking on injected storage service

Fixed a bug where error messages were being produced in the console when an injected storage service had a required method as an inherited member of the object. The previous check was looking for own members only.

Extensions support

Support for implementors to add extensions (properties) to the $authentication service API that are application specific and should fall within the context of the $authentication service (e.g., functions to check if a profile has specific roles). All properties (own and inherited) of the extensions object are made available as native to the $authentication service API. The extensions object is applied using the _.defaults(...) method and cannot overwrite any of the existing API properties.

doNotRedirect support for logoutConfirmed

logoutConfirmed method can be provided a Boolean doNotRedirect flag to prevent it from performing any $location.url(...) change. This prevents changing the location when logoutConfirmed is called due to an expired or cookie missing authorization scenario, which prevents a miscellaneous redirect that ultimately bumps the user to the logoutRedirectUrl location.

Finally support lastAttemptedUrl properly on expired authentication

Correction of the permit function and adding fallback for
getLastAttemptedUrl behavior along with removal of the
clearLastAttemptedUrl method. Worked through all validations in an
application and finally proved out how this should behave to support
re-authentication processing and not lose the target URL as hops happen.

Fixed permit function with last attempted URL handling

Permit needed to set the last attempted URL value before calling the
allowed function when the user's profile has expired or the user ends up
being redirected to the logoutTarget page instead of the last attempted
URL.

Improved Last Attempted URL Support

lastAttemptedUrl is now handled similarly for both login and logout.
Observed behavior in an application with expiration support showed that
the logout logic would sometimes overwrite the lastAttemptedUrl value
due to the user getting bounced from target -> logoutTarget -> login ->
logoutTarget. If logoutTarget was a protected route then that route
replaces the lastAttemptedUrl value. Now the target is preserved during
the hops and lastAttemptedUrl is cleared whenever it is used so it
cannot create a side-effect.

Expiration, Last Attempted URL, and other major changes

Moving to 2.0.0 version as there are numerous breaking changes from the previous release.

• Feature: Event Hooks for Failed Authentication / Authorization
• Feature: Token Expiration
• Feature: Last Attempted Authorization Path
• Changed all usage of $location.path() to $location.url() so the search and hash components can be used (or captured in the case of the last attempted feature) in URLs. This change also modified a number of the configuration options (replace: 'Path' with 'Url').

Rename main file to ng-authentication-service

• Renamed the main file from: angular-authentication-service.js, to: ng-authentication-service.js. This matches the package name and is consistent with most packages in this space.
• Removed the getAttemptedPath function. The functionality provided is not consistent with the intent of the service and was not used by the service for any utility.
• Renamed the configuration.reauth* variables to configuration.reauthentication.fn, timeout, and timer.
• Renamed reauth function to reauthenticate.

Remove dependency on local.storage service

Removed the hard dependency on ngCookies and the angular-local-storage-service. Storage service is now dynamically injected when required for operation and is defined via a configuration setting.