From 820dc2a31a1066ce7f7489ec290c5557d45c2675 Mon Sep 17 00:00:00 2001
From: shuang <shuang@tesobe.com>
Date: Tue, 17 Nov 2020 19:31:22 +0800
Subject: [PATCH] feature/implement_FAPI_flow: remove flow-A related code,
 rename `login_with_hydra` to `integrate_with_hydra`, enable Consumer and
 disable Consumer update OAuth2 client grantTypes to enable and disable it.

---
 .../resources/props/sample.props.template     |   4 +-
 obp-api/src/main/scala/code/model/OAuth.scala |  29 +-
 .../code/model/dataAccess/AuthUser.scala      |  17 +-
 .../code/snippet/ConsentConfirmation.scala    | 249 ------------------
 .../code/snippet/ConsumerRegistration.scala   |  16 +-
 .../src/main/scala/code/util/HydraUtil.scala  |  25 +-
 obp-api/src/main/webapp/consent.html          | 146 ----------
 7 files changed, 50 insertions(+), 436 deletions(-)
 delete mode 100644 obp-api/src/main/scala/code/snippet/ConsentConfirmation.scala
 delete mode 100644 obp-api/src/main/webapp/consent.html

diff --git a/obp-api/src/main/resources/props/sample.props.template b/obp-api/src/main/resources/props/sample.props.template
index 45a3d733a..843be98d1 100644
--- a/obp-api/src/main/resources/props/sample.props.template
+++ b/obp-api/src/main/resources/props/sample.props.template
@@ -865,8 +865,8 @@ outboundAdapterCallContext.generalContext
 # ------------------------------------------------------------------------------------------
 
 # ------------------------------ Hydra oauth2 props ------------------------------
-## if login_with_hydra set to true, all other props must not be empty
-#login_with_hydra=true
+## if integrate_with_hydra set to true, all other props must not be empty
+#integrate_with_hydra=true
 #hydra_public_url=http://127.0.0.1:4444
 #hydra_admin_url=http://127.0.0.1:4445
 #hydra_consents=ReadAccountsBasic,ReadAccountsDetail,ReadBalances,ReadTransactionsBasic,ReadTransactionsDebits,ReadTransactionsDetail
diff --git a/obp-api/src/main/scala/code/model/OAuth.scala b/obp-api/src/main/scala/code/model/OAuth.scala
index 746ce4d2e..99cc32118 100644
--- a/obp-api/src/main/scala/code/model/OAuth.scala
+++ b/obp-api/src/main/scala/code/model/OAuth.scala
@@ -25,7 +25,7 @@ TESOBE (http://www.tesobe.com/)
 
   */
 package code.model
-import java.util.Date
+import java.util.{Collections, Date}
 
 import code.api.util.APIUtil
 import code.api.util.migration.Migration.DbFunction
@@ -36,6 +36,7 @@ import code.nonce.NoncesProvider
 import code.token.TokensProvider
 import code.users.Users
 import code.util.Helper.MdcLoggable
+import code.util.HydraUtil
 import code.util.HydraUtil._
 import com.github.dwickern.macros.NameOf
 import com.openbankproject.commons.ExecutionContext.Implicits.global
@@ -186,7 +187,7 @@ object MappedConsumersProvider extends ConsumersProvider with MdcLoggable {
   }
 
   def deleteConsumer(consumer: Consumer): Boolean = {
-    if(mirrorConsumerInHydra) hydraAdmin.deleteOAuth2Client(consumer.key.get)
+    if(integrateWithHydra) hydraAdmin.deleteOAuth2Client(consumer.key.get)
     Consumer.delete_!(consumer)
   }
 
@@ -245,10 +246,28 @@ object MappedConsumersProvider extends ConsumersProvider with MdcLoggable {
         }
         val updatedConsumer = c.saveMe()
 
-        if(mirrorConsumerInHydra && Option(originIsActive) != isActive) {
+        if(integrateWithHydra && Option(originIsActive) != isActive && isActive.isDefined) {
+          val clientId = c.key.get
+          val existsOAuth2Client = Box.tryo(hydraAdmin.getOAuth2Client(clientId))
+            .filter(null !=)
           // if disable consumer, delete hydra client, else if enable consumer, create hydra client
+          // note: hydra update client endpoint have bug, can't update any client, So here delete and create new one
           if (isActive == Some(false)) {
-            hydraAdmin.deleteOAuth2Client(c.key.get)
+              existsOAuth2Client
+              .map { oAuth2Client =>
+                  hydraAdmin.deleteOAuth2Client(clientId)
+                  // set grantTypes to empty to disable the client
+                  oAuth2Client.setGrantTypes(Collections.emptyList())
+                  hydraAdmin.createOAuth2Client(oAuth2Client)
+              }
+          } else if(isActive == Some(true) && existsOAuth2Client.isDefined) {
+            existsOAuth2Client
+              .map { oAuth2Client =>
+                hydraAdmin.deleteOAuth2Client(clientId)
+                // set grantTypes to correct value to enable the client
+                oAuth2Client.setGrantTypes(HydraUtil.grantTypes)
+                hydraAdmin.createOAuth2Client(oAuth2Client)
+              }
           } else if(isActive == Some(true)) {
             createHydraClient(updatedConsumer)
           }
@@ -402,7 +421,7 @@ object MappedConsumersProvider extends ConsumersProvider with MdcLoggable {
             case None =>
           }
           val createdConsumer = c.saveMe()
-          if(mirrorConsumerInHydra) createHydraClient(createdConsumer)
+          if(integrateWithHydra) createHydraClient(createdConsumer)
           createdConsumer
         }
     }
diff --git a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
index 0452b6807..4aaeb9e5c 100644
--- a/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
+++ b/obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
@@ -859,22 +859,7 @@ def restoreSomeSessions(): Unit = {
     // val currentUrl = S.uriAndQueryString.getOrElse("/")
     // AuthUser.loginRedirect.set(Full(Helpers.appendParams(currentUrl, List((LogUserOutParam, "false")))))
     def checkInternalRedirectAndLogUseIn(preLoginState: () => Unit, redirect: String, user: AuthUser) = {
-      val loginChallengeBox = S.param("login_challenge")
-        .filter(StringUtils.isNotBlank(_))
-      if(loginWithHydra && loginChallengeBox.isDefined) {
-        val challenge = loginChallengeBox.orNull
-        val acceptLoginRequest = new AcceptLoginRequest()
-        acceptLoginRequest.setSubject(user.username.get)
-        acceptLoginRequest.remember(false)
-        acceptLoginRequest.rememberFor(3600)
-        val response = hydraAdmin.acceptLoginRequest(challenge, acceptLoginRequest)
-        val redirectTo = response.getRedirectTo
-        logUserIn(user, () => {
-          S.notice(S.?("logged.in"))
-          preLoginState()
-          S.redirectTo(redirectTo)
-        })
-      } else if (Helper.isValidInternalRedirectUrl(redirect)) {
+      if (Helper.isValidInternalRedirectUrl(redirect)) {
         logUserIn(user, () => {
           S.notice(S.?("logged.in"))
           preLoginState()
diff --git a/obp-api/src/main/scala/code/snippet/ConsentConfirmation.scala b/obp-api/src/main/scala/code/snippet/ConsentConfirmation.scala
deleted file mode 100644
index 650445e6d..000000000
--- a/obp-api/src/main/scala/code/snippet/ConsentConfirmation.scala
+++ /dev/null
@@ -1,249 +0,0 @@
-/**
- * Open Bank Project - API
- * Copyright (C) 2011-2019, TESOBE GmbH.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- * Email: contact@tesobe.com
- * TESOBE GmbH.
- * Osloer Strasse 16/17
- * Berlin 13359, Germany
- *
- * This product includes software developed at
- * TESOBE (http://www.tesobe.com/)
- *
- */
-package code.snippet
-
-import java.util.Date
-
-import code.api.UKOpenBanking.v3_1_0.UtilForUKV310
-import code.api.util.{APIUtil, NewStyle}
-import code.consent.{Consent, Consents}
-import code.consumer.Consumers
-import code.model.dataAccess.AuthUser
-import code.util.Helper.MdcLoggable
-import code.util.HydraUtil
-import code.views.Views
-import code.webuiprops.MappedWebUiPropsProvider.getWebUiPropsValue
-import net.liftweb.http.{RequestVar, S, SHtml}
-import net.liftweb.util.CssSel
-import net.liftweb.util.Helpers._
-import sh.ory.hydra.model.{AcceptConsentRequest, ConsentRequestSession, RejectRequest}
-
-import scala.jdk.CollectionConverters.{asScalaBufferConverter, mapAsJavaMapConverter, seqAsJavaListConverter}
-import com.openbankproject.commons.ExecutionContext.Implicits.global
-import com.openbankproject.commons.model.{AccountId, BankId, BankIdAccountId, ViewId, ViewIdBankIdAccountId}
-import com.openbankproject.commons.util.Functions.Implicits._
-import net.liftweb.common.{Box, Full}
-
-import scala.concurrent.{Await, Future}
-import scala.concurrent.duration.{Duration, SECONDS}
-
-class ConsentConfirmation extends MdcLoggable {
-
-  private object submitButtonDefenseFlag extends RequestVar("")
-
-  private object cancelButtonDefenseFlag extends RequestVar("")
-
-
-  val confirmConsentButtonValue = getWebUiPropsValue("webui_post_confirm_consent_submit_button_value", "Yes, I confirm")
-  val rejectConsentButtonValue = getWebUiPropsValue("webui_post_reject_consent_submit_button_value", "Cancel")
-
-  def confirmConsentsForm: CssSel = {
-
-    def submitButtonDefense: Unit = {
-      submitButtonDefenseFlag("true")
-    }
-
-    def cancelButtonDefense: Unit = {
-      cancelButtonDefenseFlag("true")
-    }
-
-
-    def formElement(ele: => CssSel): CssSel =
-      "form" #> {
-        "type=submit" #> SHtml.submit(s"$confirmConsentButtonValue", () => submitButtonDefense) &
-          "type=button" #> SHtml.submit(s"$rejectConsentButtonValue", () => cancelButtonDefense) &
-          ele
-      }
-
-
-    val consentChallengeBox = S.param("consent_challenge")
-    if (consentChallengeBox.isEmpty) {
-      return formElement {
-        "#confirm-errors" #> "Please login first."
-      }
-    }
-    val consentChallenge = consentChallengeBox.orNull
-    if (cancelButtonDefenseFlag.get == "true") {
-      val rejectRequest = new RejectRequest()
-      rejectRequest.setError("access_denied")
-      rejectRequest.setErrorDescription("The resource owner denied the request")
-      val rejectResponse = HydraUtil.hydraAdmin.rejectConsentRequest(consentChallenge, rejectRequest)
-      AuthUser.logUserOut()
-      return S.redirectTo(rejectResponse.getRedirectTo)
-    }
-
-    val consentResponse = HydraUtil.hydraAdmin.getConsentRequest(consentChallenge)
-
-    val DateTimeRegex = """(\d+-\d{2}-\d{2}).*(\d{2}:\d{2}:\d{2}).*""".r // style example: 2020-09-09T11:55:22Z
-    def getDateTime(paramName: String): Date = S.param(paramName) match {
-      case Full(DateTimeRegex(date, time)) => APIUtil.DateWithSecondsFormat.parse(s"${date}T${time}Z")
-      case Full(v) => throw new IllegalArgumentException(s"request parameter $paramName is not correct date time format: $v")
-      case _ => throw new IllegalArgumentException(s"request parameter $paramName should not be empty.")
-    }
-
-    if (S.post_?) {
-      // get values of submit form
-      val consents = S.params("consent_scope")
-      val bankId = S.param("bank_id")
-      val accountIds = S.params("account_id")
-      val fromDate = getDateTime("from_date")
-      val toDate = getDateTime("to_date")
-      val expirationDate = getDateTime("expiration_date")
-
-      val currentUser = AuthUser.getCurrentUser.openOrThrowException("User is not logged in, in order to confirm consent the user must be authenticated.")
-
-      { // TO create consent
-        val accountIdsOpt = if (accountIds.isEmpty) None else Some(accountIds)
-        val consent: Box[Consent] = {
-          val consumer = Consumers.consumers.vend.getConsumerByConsumerKey(consentResponse.getClient.getClientId)
-          val consumerId = consumer.map(_.consumerId.get)
-          Consents.consentProvider.vend.saveUKConsent(Some(currentUser), bankId, accountIdsOpt, consumerId, consents, expirationDate, fromDate, toDate, Some("MXOpenFinance"), Some("0.0.1"))
-        }
-      }
-
-      { // revoke all consents for all accounts
-
-        // AuthUser.hydraConsents is just the follow values, read from props
-        //ViewId: six fixed
-        //"ReadAccountsBasic"
-        //"ReadAccountsDetail"
-        //"ReadBalances"
-        //"ReadTransactionsBasic"
-        //"ReadTransactionsDebits"
-        //"ReadTransactionsDetail"
-
-        val bankIdAccountIdsFuture: Future[List[BankIdAccountId]] = for {
-          availablePrivateAccounts <- Views.views.vend.getPrivateBankAccountsFuture(currentUser)
-          (accounts, _) <- NewStyle.function.getCoreBankAccountsFuture(availablePrivateAccounts, None)
-        } yield {
-          accounts.map(account => BankIdAccountId(BankId(account.bankId), AccountId(account.id)))
-        }
-        // all the BankIdAccountId for current user
-        val bankIdAccountIds = Await.result(bankIdAccountIdsFuture, Duration(30, SECONDS))
-        val revokeAccessIds: List[ViewIdBankIdAccountId] = for {
-          consent <- HydraUtil.hydraConsents
-          bankIdAccountId <- bankIdAccountIds
-        } yield ViewIdBankIdAccountId(ViewId(consent), bankIdAccountId.bankId, bankIdAccountId.accountId)
-        UtilForUKV310.revokeAccessToViews(currentUser, revokeAccessIds)
-      }
-
-      { // grant checked consents
-        val grantAccessIds: List[ViewIdBankIdAccountId] = for {
-          consent <- consents
-          accountId <- accountIds
-        } yield ViewIdBankIdAccountId(ViewId(consent), BankId(bankId.orNull), AccountId(accountId))
-        UtilForUKV310.grantAccessToViews(currentUser, grantAccessIds)
-      }
-
-      // inform hydra
-        val consentRequest = new AcceptConsentRequest()
-        val scopes = "openid" :: "offline" :: consents
-        consentRequest.setGrantScope(scopes.asJava)
-        consentRequest.setGrantAccessTokenAudience(consentResponse.getRequestedAccessTokenAudience)
-        consentRequest.setRemember(false)
-        consentRequest.setRememberFor(3600) // TODO set in props
-
-      val session = new ConsentRequestSession()
-      val userName = currentUser.name
-      val idTokenValues = Map("given_name" -> userName,
-        "family_name" -> userName,
-        "name" -> userName,
-        "email" -> currentUser.emailAddress,
-        "email_verified" -> true).asJava
-
-      session.setIdToken(idTokenValues)
-      val accessToken = Map(
-        "bank_id" -> bankId.orNull,
-        "account_id" -> accountIds.asJava,
-        "transactionFromDateTime" -> fromDate,
-        "transactionToDateTime" -> toDate,
-        "expirationDateTime" -> expirationDate,
-        ).asJava
-      session.accessToken(accessToken)
-      consentRequest.setSession(session)
-
-      val acceptConsentResponse = HydraUtil.hydraAdmin.acceptConsentRequest(consentChallenge, consentRequest)
-      S.redirectTo(acceptConsentResponse.getRedirectTo)
-    } else {
-      if (consentResponse.getSkip) {
-        val requestBody = new AcceptConsentRequest()
-        requestBody.setGrantScope(consentResponse.getRequestedScope)
-        requestBody.setGrantAccessTokenAudience(consentResponse.getRequestedAccessTokenAudience)
-        val requestSession = new ConsentRequestSession()
-        requestBody.setSession(requestSession)
-        val skipResponse = HydraUtil.hydraAdmin.acceptConsentRequest(consentChallenge, requestBody)
-        S.redirectTo(skipResponse.getRedirectTo)
-      } else {
-        val currentUser = AuthUser.getCurrentUser.openOrThrowException("User is not login, do confirm consent must be authenticated user.")
-
-        val bankAndAccountFuture: Future[List[(String, String, String, String)]] = for {
-          availablePrivateAccounts <- Views.views.vend.getPrivateBankAccountsFuture(currentUser)
-          (accounts, _) <- NewStyle.function.getCoreBankAccountsFuture(availablePrivateAccounts, None)
-          (banks, _) <- NewStyle.function.getBanks(None)
-        } yield {
-          for {
-            bank <- banks
-            account <- accounts
-            if account.bankId == bank.bankId.value
-          } yield (bank.bankId.value, bank.shortName, account.id, account.label)
-        }
-        //(bankId, bankName, accountId, accountLabel)
-        val bankAndAccount: List[(String, String, String, String)] = Await.result(bankAndAccountFuture, Duration(30, SECONDS))
-
-        val banks = bankAndAccount.map(it => it._1 -> it._2).distinctBy(_._1)
-
-        formElement {
-          "#confirm-errors" #> "" &
-            "#consent_challenge [value]" #> consentChallenge &
-            ".bank" #> {
-              banks.map { it =>
-                  ".bank [value]" #> it._1 &
-                  ".bank *" #> it._2
-                }
-            } &
-            "#account_group" #> {
-              bankAndAccount.map { account =>
-                val (bankId, _, accountId, label) = account
-                "@account_id [value]" #> accountId &
-                  "@account_id [id]" #> s"account_$accountId" &
-                  "@account_id [bank_id]" #> bankId &
-                  "@account_id_label [for]" #> s"account_$accountId" &
-                  "@account_id_label *" #> label
-              }
-            } &
-            "#scope_group" #> consentResponse.getRequestedScope.asScala.filter(it => it != "openid" && it != "offline").map { scope =>
-              "@consent_scope [value]" #> scope &
-              "@consent_scope [id]" #> s"consent_$scope" &
-                "@consent_scope_label [for]" #> s"consent_$scope" &
-                "@consent_scope_label *" #> scope
-            }
-        }
-
-      }
-    }
-  }
-}
diff --git a/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala b/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala
index ffc9d71d9..efb7d8c14 100644
--- a/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala
+++ b/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala
@@ -99,13 +99,13 @@ class ConsumerRegistration extends MdcLoggable {
           "#appType" #> SHtml.select(appTypes, Box!! appType.is, appType(_)) &
           "#appName" #> SHtml.text(nameVar.is, nameVar(_)) &
           "#redirect_url_label" #> {
-            if (HydraUtil.mirrorConsumerInHydra) "Redirect URL" else "Redirect URL (Optional)"
+            if (HydraUtil.integrateWithHydra) "Redirect URL" else "Redirect URL (Optional)"
           } &
           "#appRedirectUrl" #> SHtml.text(redirectionURLVar, redirectionURLVar(_)) &
           "#appDev" #> SHtml.text(devEmailVar, devEmailVar(_)) &
           "#appDesc" #> SHtml.textarea(descriptionVar, descriptionVar (_)) &
           "#appUserAuthenticationUrl" #> SHtml.text(authenticationURLVar.is, authenticationURLVar(_)) & {
-            if(HydraUtil.mirrorConsumerInHydra) {
+            if(HydraUtil.integrateWithHydra) {
               "#app-client_certificate" #> SHtml.textarea(clientCertificateVar, clientCertificateVar (_))&
               "#app-request_uri" #> SHtml.text(requestUriVar, requestUriVar(_)) &
               "#app-signing_alg" #> SHtml.select(signingAlgs, Box!! signingAlgVar.is, signingAlgVar(_)) &
@@ -127,7 +127,7 @@ class ConsumerRegistration extends MdcLoggable {
       val jwks = jwksVar.is
       val jwsAlg = signingAlgVar.is
       var jwkPrivateKey: String = s"Please change this value to ${if(StringUtils.isNotBlank(jwksUri)) "jwks_uri" else "jwks"} corresponding private key"
-      if(HydraUtil.mirrorConsumerInHydra) {
+      if(HydraUtil.integrateWithHydra) {
         HydraUtil.createHydraClient(consumer, oAuth2Client => {
           val signingAlg = signingAlgVar.is
 
@@ -182,7 +182,7 @@ class ConsumerRegistration extends MdcLoggable {
       "#directlogin-endpoint a [href]" #> urlDirectLoginEndpoint &
       "#post-consumer-registration-more-info-link a *" #> registrationMoreInfoText &
       "#post-consumer-registration-more-info-link a [href]" #> registrationMoreInfoUrl & {
-        if(HydraUtil.mirrorConsumerInHydra) {
+        if(HydraUtil.integrateWithHydra) {
           "#hydra-client-info-title *" #>"OAuth2" &
           "#admin_url *" #> HydraUtil.hydraAdminUrl &
             "#client_id *" #> {consumer.key.get} &
@@ -314,17 +314,15 @@ class ConsumerRegistration extends MdcLoggable {
       jwksUriVar.set(jwksUri)
       jwksVar.set(jwks)
 
-      val oauth2ParamError: CssSel = if(HydraUtil.mirrorConsumerInHydra) {
+      val oauth2ParamError: CssSel = if(HydraUtil.integrateWithHydra) {
         if(StringUtils.isBlank(redirectionURLVar.is) || Consumer.redirectURLRegex.findFirstIn(redirectionURLVar.is).isEmpty) {
           showErrorsForDescription("The 'Redirect URL' should be a valid url !")
         } else if(StringUtils.isNotBlank(requestUri) && !requestUri.matches("""^https?://(www.)?\S+?(:\d{2,6})?\S*$""")) {
           showErrorsForDescription("The 'request_uri' should be a valid url !")
         } else if(StringUtils.isNotBlank(jwksUri) && !jwksUri.matches("""^https?://(www.)?\S+?(:\d{2,6})?\S*$""")) {
           showErrorsForDescription("The 'jwks_uri' should be a valid url !")
-        } else if(StringUtils.isNotBlank(jwksUri) && StringUtils.isBlank(signingAlg)) {
-          showErrorsForDescription("The 'signing_alg' should not be empty when request_uri have value!")
-        } else if(!StringUtils.isAllBlank(jwksUri, jwks) && StringUtils.isBlank(signingAlg)) {
-          showErrorsForDescription("The 'signing_alg' must have value when 'jwks_uri' or 'jwks' have value!")
+        } else if(StringUtils.isBlank(signingAlg)) {
+          showErrorsForDescription("The 'signing_alg' should not be empty!")
         } else if(StringUtils.isNoneBlank(jwksUri, jwks)) {
           showErrorsForDescription("The 'jwks_uri' and 'jwks' should not have value at the same time!")
         } else if (StringUtils.isNotBlank(clientCertificate) && X509.validate(clientCertificate) != Full(true)) {
diff --git a/obp-api/src/main/scala/code/util/HydraUtil.scala b/obp-api/src/main/scala/code/util/HydraUtil.scala
index 9423771c8..af728482b 100644
--- a/obp-api/src/main/scala/code/util/HydraUtil.scala
+++ b/obp-api/src/main/scala/code/util/HydraUtil.scala
@@ -18,25 +18,32 @@ import scala.jdk.CollectionConverters.{mapAsJavaMapConverter, seqAsJavaListConve
 
 object HydraUtil {
 
-  val loginWithHydra = APIUtil.getPropsAsBoolValue("login_with_hydra", false)
+  private val INTEGRATE_WITH_HYDRA = "integrate_with_hydra"
+
+  val integrateWithHydra = APIUtil.getPropsAsBoolValue(INTEGRATE_WITH_HYDRA, false)
 
   val mirrorConsumerInHydra = APIUtil.getPropsAsBoolValue("mirror_consumer_in_hydra", false)
 
   lazy val hydraPublicUrl = APIUtil.getPropsValue("hydra_public_url")
-    .openOrThrowException("If props login_with_hydra is true, hydra_public_url value should not be blank")
+    .openOrThrowException(s"If props $INTEGRATE_WITH_HYDRA is true, hydra_public_url value should not be blank")
     .replaceFirst("/$", "")
 
   lazy val hydraAdminUrl = APIUtil.getPropsValue("hydra_admin_url")
-    .openOrThrowException("If props login_with_hydra is true, hydra_admin_url value should not be blank")
+    .openOrThrowException(s"If props $INTEGRATE_WITH_HYDRA is true, hydra_admin_url value should not be blank")
     .replaceFirst("/$", "")
 
   lazy val hydraConsents = APIUtil.getPropsValue("hydra_consents")
-    .openOrThrowException("If props login_with_hydra is true, hydra_client_scope value should not be blank")
+    .openOrThrowException(s"If props $INTEGRATE_WITH_HYDRA is true, hydra_client_scope value should not be blank")
     .trim.split("""\s*,\s*""").toList
 
+  private val allConsents = hydraConsents.mkString("openid offline ", " ","")
+
+
+  val grantTypes = ("authorization_code" :: "client_credentials" :: "refresh_token" :: "implicit" :: Nil).asJava
+
   lazy val hydraAdmin = {
     val hydraAdminUrl = APIUtil.getPropsValue("hydra_admin_url")
-      .openOrThrowException("If props login_with_hydra is true, hydra_admin_url value should not be blank")
+      .openOrThrowException(s"If props $INTEGRATE_WITH_HYDRA is true, hydra_admin_url value should not be blank")
     val defaultClient = Configuration.getDefaultApiClient
     defaultClient.setBasePath(hydraAdminUrl)
     new AdminApi(defaultClient)
@@ -44,7 +51,7 @@ object HydraUtil {
 
   lazy val hydraPublic = {
     val hydraPublicUrl = APIUtil.getPropsValue("hydra_public_url")
-      .openOrThrowException("If props login_with_hydra is true, hydra_public_url value should not be blank")
+      .openOrThrowException(s"If props $INTEGRATE_WITH_HYDRA is true, hydra_public_url value should not be blank")
     val apiClient = new ApiClient
     apiClient.setBasePath(hydraPublicUrl)
     new PublicApi(apiClient)
@@ -65,10 +72,10 @@ object HydraUtil {
     val oAuth2Client = new OAuth2Client()
     oAuth2Client.setClientId(consumer.key.get)
     oAuth2Client.setClientSecret(consumer.secret.get)
-    val allConsents = "openid" :: "offline" :: hydraConsents
-    oAuth2Client.setScope(allConsents.mkString(" "))
 
-    oAuth2Client.setGrantTypes(("authorization_code" :: "client_credentials" :: "refresh_token" :: "implicit" :: Nil).asJava)
+    oAuth2Client.setScope(allConsents)
+
+    oAuth2Client.setGrantTypes(grantTypes)
     oAuth2Client.setResponseTypes(("code" :: "id_token" :: "token" :: "code id_token" :: Nil).asJava)
     oAuth2Client.setPostLogoutRedirectUris(List(redirectUrl).asJava)
 
diff --git a/obp-api/src/main/webapp/consent.html b/obp-api/src/main/webapp/consent.html
deleted file mode 100644
index cb1a6a75c..000000000
--- a/obp-api/src/main/webapp/consent.html
+++ /dev/null
@@ -1,146 +0,0 @@
-<!--
-Open Bank Project - API
-Copyright (C) 2011-2017, TESOBE GmbH
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU Affero General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU Affero General Public License for more details.
-
-You should have received a copy of the GNU Affero General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-Email: contact@tesobe.com
-TESOBE GmbH
-Osloerstrasse 16/17
-Berlin 13359, Germany
-
-  This product includes software developed at
-  TESOBE (http://www.tesobe.com/)
-  by
-  Simon Redfern : simon AT tesobe DOT com
-  Sebastian Henschel : sebastian AT tesobe DOT com
--->
-<style>
-	.bootstrap-datetimepicker-widget,
-	.bootstrap-datetimepicker-widget .picker-switch td span{
-		background-color: #fff ;
-		color: #333 ;
-	}
-</style>
-<div id="register-consumer" data-lift="surround?with=default;at=content">
-	<div data-lift="ConsentConfirmation.confirmConsentsForm">
-		<h2 style="text-align: center">Confirm the following permissions on your account for your Application:</h2>
-			<form method="post">
-				<div class="row">
-					<div class="col-xs-12 col-sm-6">
-						<div class="form-group">
-							<label for="bank_id">Banks</label>
-							<select class="form-control" id="bank_id" name="bank_id">
-								<option value="">--select a bank--</option>
-								<option class="bank" value="psd201-bank-y--uk">Bank y</option>
-							</select>
-						</div>
-					</div>
-				</div>
-				<hr>
-				<div class="row">
-					<div class="col-xs-12 col-sm-12">
-						<h4>Accounts:</h4>
-					</div>
-				</div>
-				<br>
-				<div class="row">
-					<div class="col-xs-12 col-sm-6"  id="account_group">
-						<div class="form-group">
-							<input type="checkbox" name="account_id" id="account_id" value="account_x" bank_id="bank_x_y">
-							<label for="account_id" name="account_id_label">account x</label>
-						</div>
-					</div>
-				</div>
-
-				<hr>
-				<div class="row">
-					<div class="col-xs-12 col-sm-12">
-						<h4>Consents:</h4>
-					</div>
-				</div>
-				<br>
-				<div class="row">
-					<div class="col-xs-12 col-sm-12" id="scope_group">
-						<div class="form-group">
-							<input type="checkbox" name="consent_scope" id="consent_scope_openid" value="openid">
-							<label for="consent_scope_openid" name="consent_scope_label">openid</label>
-						</div>
-					</div>
-				</div>
-				<hr>
-				<div class="row">
-					<div class="col-xs-12 col-sm-12">
-						<h4>Date Time:</h4>
-					</div>
-				</div>
-				<br>
-				<div class="row">
-					<div class="col-xs-12 col-sm-6">
-						<div class="form-group">
-							<label for="from_date">TransactionFromDateTime</label>
-							<input type="text" name="from_date" id="from_date" class="form-control" data-date-format="YYYY-MM-DDTHH:mm:ss">
-						</div>
-					</div>
-					<div class="col-xs-12 col-sm-6">
-						<div class="form-group">
-							<label for="to_date">TransactionToDateTime</label>
-							<input type="text" name="to_date" id="to_date" class="form-control" data-date-format="YYYY-MM-DDTHH:mm:ss">
-						</div>
-					</div>
-				</div>
-				<div class="row">
-					<div class="col-xs-12 col-sm-6">
-						<div class="form-group">
-							<label for="expiration_date">ExpirationDateTime</label>
-							<input type="text" name="expiration_date" id="expiration_date" class="form-control" data-date-format="YYYY-MM-DDTHH:mm:ss">
-						</div>
-					</div>
-				</div>
-
-				<input type="hidden" name="consent_challenge" id="consent_challenge">
-
-				<input type="button" name="confirm" value="Cancel" class="btn btn-default" />
-
-				<input type="submit" name="confirm" value="Yes, I confirm" class="btn btn-default" />
-				<div id = "confirm-errors-div" class="hide alert alert-danger">
-					<span data-lift="Msg?id=confirm-errors"/>
-				</div>
-			</form>
-		</div>
-
-	</div>
-</div>
-<script type="text/javascript">
-	$(function () {
-		$('#from_date, #to_date').datetimepicker({
-			defaultDate: new Date()
-		});
-		$('#expiration_date').datetimepicker({
-			defaultDate: new Date(new Date().setFullYear(new Date().getFullYear() + 1))
-		});
-		// hide all account checkboxes
-		$('input[name=account_id]').prop("checked", false).parent().parent().hide();
-		$('#bank_id').change(function(){
-			var bankId = $(this).val();
-			$('input[name=account_id]').prop("checked", false).parent().parent().hide();
-			if(bankId) {
-				$('input[name=account_id]')
-						.filter(function() { // not use .filter('[bank_id='+bankId+']') reason: bankId may have special characters
-							return $(this).attr('bank_id') === bankId;
-						}).parent().parent().show();
-			}
-		});
-	});
-</script>