bugfix(auth): enhance authentication flow and error handling

- Ensure access token is present during initialization.
- Improve error logging for identity claims validation.
- Update dependencies for better compatibility.

libs/core/storage/src/lib/tokens.ts

@@ -1,12 +1,36 @@
 import { inject, InjectionToken, signal, Signal } from '@angular/core';
+import { logger } from '@isa/core/logging';
 import { OAuthService } from 'angular-oauth2-oidc';
+import z from 'zod';
 
 export const USER_SUB = new InjectionToken<Signal<string>>(
   'core.storage.user-sub',
   {
     factory: () => {
-      const auth = inject(OAuthService, { optional: true });
-      return signal(auth?.getIdentityClaims()?.['sub'] ?? 'anonymous');
+      const _logger = logger(() => ({
+        context: 'USER_SUB',
+      }));
+      const auth = inject(OAuthService);
+
+      const claims = auth.getIdentityClaims();
+
+      if (!claims || typeof claims !== 'object' || !('sub' in claims)) {
+        const err = new Error(
+          'No valid identity claims found. User is anonymous.',
+        );
+        _logger.error(err.message);
+        throw err;
+      }
+
+      const validation = z.string().safeParse(claims['sub']);
+
+      if (!validation.success) {
+        const err = new Error('Invalid "sub" claim in identity claims.');
+        _logger.error(err.message, { claims });
+        throw err;
+      }
+
+      return signal(validation.data);
     },
   },
 );

libs/core/tabs/src/lib/tab-navigation.service.ts

@@ -30,11 +30,7 @@ export class TabNavigationService {
   #tabService = inject(TabService);
   #title = inject(Title);
 
-  constructor() {
-    this.#initializeNavigationSync();
-  }
-
-  #initializeNavigationSync() {
+  init() {
     this.#router.events
       .pipe(filter((event) => event instanceof NavigationEnd))
       .subscribe((event: NavigationEnd) => {