mirror of
https://github.com/OpenBankProject/API-Explorer-II.git
synced 2026-02-06 10:47:04 +00:00
86295f827a
Backend Implementation: - Add arctic and jsonwebtoken dependencies - Create PKCEUtils for OAuth2 PKCE flow (RFC 7636) - Create OAuth2Service for OIDC provider integration * OIDC discovery (.well-known/openid-configuration) * Authorization URL generation with PKCE * Token exchange (code for access/refresh/ID tokens) * Token refresh flow * UserInfo endpoint integration - Create OAuth2AuthorizationMiddleware (initiate auth flow) - Create OAuth2CallbackMiddleware (handle provider callback) - Create OAuth2ConnectController (/oauth2/connect endpoint) - Create OAuth2CallbackController (/oauth2/callback endpoint) Configuration: - Add OAuth2 environment variables to env_ai - Feature flag VITE_USE_OAUTH2 for gradual migration - Support for OBP-OIDC provider Features: - PKCE (Proof Key for Code Exchange) support - State parameter for CSRF protection - Session-based token storage - Comprehensive error handling - Security best practices (token expiration, flow timeout) Note: Backend infrastructure complete. Next phase: integrate with app.ts and update UserController for dual auth support.
55 lines
2.3 KiB
Plaintext
55 lines
2.3 KiB
Plaintext
### OBP-API mode ###################################
|
|
# If OBP-API split to two instances, eg: apis,portal
|
|
# Then API_Explorer need to set two api hosts: api_hostname and this api_portal_hostname, for all Rest Apis will call api_hostname
|
|
# but for all the portal home page link, we need to use this props. If do not set this, it will use api_hostname value instead.
|
|
VITE_OBP_API_PORTAL_HOST=http://127.0.0.1:8080
|
|
|
|
|
|
VITE_OBP_API_HOST=http://127.0.0.1:8080
|
|
VITE_OBP_API_VERSION=v5.1.0
|
|
VITE_OBP_API_MANAGER_HOST=https://apimanagersandbox.openbankproject.com
|
|
VITE_OBP_API_EXPLORER_HOST=http://localhost:5173
|
|
VITE_OBP_CONSUMER_KEY=0xzsimlrhdguiiuuj1ncykcxzjrogxibjff3dthl
|
|
VITE_OBP_CONSUMER_SECRET=ikf5wykke1oonykb33kmx3deh5ukbdak44ieg1l5
|
|
VITE_OBP_REDIRECT_URL=http://localhost:5173/api/callback
|
|
VITE_OPB_SERVER_SESSION_PASSWORD=asidudhiuh33875
|
|
# The above code connects to localhost on port 6379.
|
|
# To connect to a different host or port, use a connection string in the format
|
|
# redis[s]://[[username][:password]@][host][:port][/db-number]
|
|
# Be sure to secure your Redis instance
|
|
VITE_OBP_REDIS_URL = redis://127.0.0.1:6379
|
|
|
|
# Enable the chatbot interface "Opey"
|
|
VITE_CHATBOT_ENABLED=true
|
|
VITE_CHATBOT_URL=http://localhost:5000
|
|
|
|
# Product styling setting
|
|
#VITE_OBP_LINKS_COLOR="#52b165"
|
|
#VITE_OBP_HEADER_LINKS_COLOR="#39455f"
|
|
#VITE_OBP_HEADER_LINKS_HOVER_COLOR="#39455f"
|
|
#VITE_OBP_HEADER_LINKS_BACKGROUND_COLOR="#eef0f4"
|
|
#VITE_OBP_LOGO_URL=https://static.openbankproject.com/images/obp_logo.png
|
|
|
|
# https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production
|
|
# The value could be: development, staging, production
|
|
# NODE_ENV=development
|
|
|
|
#DEBUG=express-session
|
|
|
|
### OAuth2/OIDC Configuration (New - Phase 1 Implementation) ###
|
|
# Set to 'true' to use OAuth2 instead of OAuth 1.0a
|
|
VITE_USE_OAUTH2=false
|
|
|
|
# OAuth2 Client Credentials (from OBP-OIDC)
|
|
# These should match the values in OBP-OIDC/run-server.sh
|
|
VITE_OBP_OAUTH2_CLIENT_ID=obp-explorer-ii-client
|
|
VITE_OBP_OAUTH2_CLIENT_SECRET=CHANGE_THIS_TO_EXPLORER_SECRET_2024
|
|
VITE_OBP_OAUTH2_REDIRECT_URL=http://localhost:5173/oauth2/callback
|
|
|
|
# OIDC Well-Known Configuration URL
|
|
# For local development with OBP-OIDC:
|
|
VITE_OBP_OAUTH2_WELL_KNOWN_URL=http://127.0.0.1:9000/obp-oidc/.well-known/openid-configuration
|
|
|
|
# Optional: Token refresh threshold (seconds before expiry)
|
|
VITE_OBP_OAUTH2_TOKEN_REFRESH_THRESHOLD=300
|