Skip to content

This application provides user interface elements - username and password - so customers can authenticate via OAuth2. It communicates with OBP and Hydra APIs to achieve this.

License

Notifications You must be signed in to change notification settings

OpenBankProject/OBP-Hydra-Identity-Provider

Repository files navigation

Spring Boot application as Hydra Identity Provider.

Install steps:

1. Deploy Hydra server

Check this reference hydra 5min-tutorial, to install hydra, take the Docker way as example. Fix the quickstart.yml file as follows in environment part, the URL values is just step2 corresponding url, pay attention the leading blank characters, it is yml file.

      - URLS_CONSENT=http://localhost:8086/consent
      - URLS_LOGIN=http://localhost:8086/login
      - URLS_LOGOUT=http://localhost:8086/logout

execute this command to start the hydra server:

docker-compose -f quickstart.yml \
    -f quickstart-postgres.yml \
    -f quickstart-tracing.yml \
    up --build

Try to get response from this public url http://127.0.0.1:4444/.well-known/openid-configuration in order to confirm that hydra server is up and running.

The hydra server corresponding url example:

oauth2.admin_url=http://127.0.0.1:4445
oauth2.public_url=http://127.0.0.1:4444

2. Deploy obp-api server:

The props should contain the follow settings:

## if login_with_hydra set to true, all other props must not be empty
login_with_hydra=true
# hydra server urls
hydra_public_url=http://127.0.0.1:4444
hydra_admin_url=http://127.0.0.1:4445
# Consent names
hydra_consents=ReadAccountsBasic,ReadAccountsDetail,ReadBalances,ReadTransactionsBasic,ReadTransactionsDebits,ReadTransactionsDetail
## check the oauth2.jwk_set.url props, it must contains jwks.json that locate in ${hydra_public_url}/.well-known/jwks.json
##oauth2.jwk_set.url=http://localhost:4444/.well-known/jwks.json,https://www.googleapis.com/oauth2/v3/certs
## whether create hydra client when create consumer, default is false
mirror_consumer_in_hydra=true

The obp-api server url example: http://localhost:8080

Login obp-api portal, create one consumer for project OBP-Hydra-Identity-Provider The consumer_key example: yp5tgl0thzjj1jk0sobqljpxyo514dsjvxoe1ngy

3. Deploy OBP-Hydra-Identity-Provider:

execute command: mvn clean package

generate jar file in target folder: hydra-identity-provider-xxx.jar

Create application.properties file, and content as follows:

# server port number
server.port=8086
# rename the JSESSIONID cookie name, avoid local deploy other springboot instance that cause instances share the same JSESSIONID
server.servlet.session.cookie.name=IDENTITY_PROVIDER_SESSION

logging.level.com.openbankproject=DEBUG
spring.thymeleaf.encoding=UTF-8
spring.thymeleaf.servlet.content-type=text/html;

# obp-api server url
obp.base_url=http://localhost:8080

## obp endpoint path prefix
endpoint.path.prefix=${obp.base_url}/mx-open-finance/v0.0.1

# hydra server admin urls
oauth2.admin_url=http://127.0.0.1:4445

# when verify consentId and bankId, need an authenticated user, it can be any available user
identity_provider.user.username=Cliente_uno
identity_provider.user.password=publicuserslongpass
# set consumer_key that generate in 1 step
consumer_key=yp5tgl0thzjj1jk0sobqljpxyo514dsjvxoe1ngy

# MTLS related, config keystore and truststore
## keystore and truststore files can be local files or web resources, as example:
mtls.keyStore.path=file:///Users/<some path>/cert/user.jks
#mtls.keyStore.path=http://<some domain>/user.jks
mtls.keyStore.password=<keystore password>
mtls.trustStore.path=file:///Users/<some path>/cert/ofpilot.jks
#mtls.trustStore.path=http://<some domain>/ofpilot.jks
mtls.trustStore.password=<truststore password>

make the application.properties file in the same folder with hydra-identity-provider-xxx.jar

execute command to start this project: java -jar hydra-identity-provider-xxx.jar

So the project running on http://localhost:8086

4. Deploy demo project obp-hydra-auth2: OBP-Hydra-OAuth2

execute command: mvn clean package

generate jar file in target folder: obp-hydra-auth2-xxx.jar

create file application.properties, and the content as follows:

# server port number
server.port=8081

logging.level.com.openbankproject=DEBUG
# hydra server public urls
oauth2.public_url=http://127.0.0.1:4444
# obp-api server url
obp.base_url=http://localhost:8080

## obp endpoint path prefix
endpoint.path.prefix=${obp.base_url}/mx-open-finance/v0.0.1

# MTLS related, config keystore and truststore
## keystore and truststore files can be local files or web resources, as example:
mtls.keyStore.path=file:///Users/<some path>/cert/user.jks
#mtls.keyStore.path=http://<some domain>/user.jks
mtls.keyStore.password=<keystore password>
mtls.trustStore.path=file:///Users/<some path>/cert/ofpilot.jks
#mtls.trustStore.path=http://<some domain>/ofpilot.jks
mtls.trustStore.password=<truststore password>

# create one consumer, and copy OAuth2 information past here:
oauth2.client_id=z3xh2jrf4y2t3h0th0jbs0fs54zg1wqffoupexwy
oauth2.client_secret=1qxhj0uz3b5kvypi1lstqvfwysiyezuusdidxxih
oauth2.redirect_uri=http://127.0.0.1:8081/main.html
oauth2.client_scope=ReadAccountsBasic,\
ReadAccountsDetail,\
ReadBalances,\
ReadTransactionsBasic,\
ReadTransactionsDebits,\
ReadTransactionsDetail

make the application.properties file in the same folder obp-hydra-auth2-xxx.jar

execute command to start this project: java -jar obp-hydra-auth2-xxx.jar

So the project running on http://localhost:8081

5. open web browser with url: http://localhost:8081/index.html

Videos

server install video

show uk oauth2 flow

About

This application provides user interface elements - username and password - so customers can authenticate via OAuth2. It communicates with OBP and Hydra APIs to achieve this.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published