This documentation is for WSO2 Open Banking version 1.4.0. View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Update identity.xml file in <WSO2_OBKM_HOME>/repository/conf/identity with the following configurations.

      1. Define the Open Banking specific Request Object Validator under the <OpenIDConnect> as follows:

        Code Block
        languagexml
        <RequestObjectValidator>com.wso2.finance.request.object.validator.OBRequestObjectValidatorImpl</RequestObjectValidator>
      2. Update the following configurations under the <OAuth> property with the URL hostname of the Open Banking API Manager Gateway.

        Code Block
        languagexml
        <OAuth2AuthzEPUrl>${carbon.protocol}://<OBAM<WSO2_OB_APIM_HOSTNAME>:8243/authorize</OAuth2AuthzEPUrl>      
        <OAuth2TokenEPUrl>${carbon.protocol}://<OBAM<WSO2_OB_APIM_HOSTNAME>:8243/token</OAuth2TokenEPUrl>
        ....
        <OAuth2UserInfoEPUrl>${carbon.protocol}://<OBAM<WSO2_OB_APIM_HOSTNAME>:8243/userinfo</OAuth2UserInfoEPUrl>
        
        ....
        <OAuth2DCREPUrl>${carbon.protocol}://<OBAM<WSO2_OB_APIM_HOSTNAME>:8243/register</OAuth2DCREPUrl>
        .... <OpenIDConnect>
        .... <IDTokenIssuerID>https://<OBAM<WSO2_OB_APIM_HOSTNAME>:8243/token</IDTokenIssuerID> </OpenIDConnect>
      3. Update the RenewRefreshTokenForRefreshGrant as false. With this configuration, the refresh token that is received by the refresh token grant type is not renewed. This is used to enforce consent re-authorization.

        Code Block
        languagexml
        <RenewRefreshTokenForRefreshGrant>false</RenewRefreshTokenForRefreshGrant>
      4. Add RenewTokenPerRequest and set the value to true. This configuration enforces a new token per each request, which will revoke any active tokens for the same application and user. This configuration is used to revoke previous tokens bound to the PSU during consent re-authentication.

        Code Block
        languagexml
        <RenewTokenPerRequest>true</RenewTokenPerRequest>
      5. Configure the Reveiver URL ReceiverURL of the <EventPublisher> under <AdaptiveAuth> with the hostname of the Open Banking Business Intelligence Server. By default, the relevant Siddhi Apps are configured to listen to port 8006.

        Code Block
        languagexml
        <ReceiverURL>http://<OBBI_HOSTNAME>:8006/</ReceiverURL>
      6. Add Open Banking specific response type handlers under <SupportedResponseTypes> as follows:

        Code Block
        languagexml
        <SupportedResponseType>
        	<ResponseTypeName>code</ResponseTypeName>
        <ResponseTypeHandlerImplClass>com	<ResponseTypeHandlerImplClass>
                            com.wso2.finance.open.banking.identity.extensions.response.type.handlers.OBCodeResponseTypeHandler<OBCodeResponseTypeHandler
            </ResponseTypeHandlerImplClass>
        </SupportedResponseType>
        <SupportedResponseType>
        	<ResponseTypeName>code id_token</ResponseTypeName>
        <ResponseTypeHandlerImplClass>com	<ResponseTypeHandlerImplClass>
                            com.wso2.finance.open.banking.identity.extensions.response.type.handlers.OBHybridResponseTypeHandler<OBHybridResponseTypeHandler
            </ResponseTypeHandlerImplClass>
        </SupportedResponseType>
      7. Add the Open Banking specific grant types under <SupportedGrantTypes> as follows.

        Code Block
        languagexml
        <SupportedGrantType> <GrantTypeName>authorization_code</GrantTypeName> <GrantTypeHandlerImplClass>com.wso2.finance.open.banking.identity.extensions.grant.type.handlers.OBAuthorizationCodeGrantHandler</GrantTypeHandlerImplClass> </SupportedGrantType> <SupportedGrantType> <GrantTypeName>client_credentials</GrantTypeName> <GrantTypeHandlerImplClass>com.wso2.finance.open.banking.identity.extensions.grant.type.handlers.OBClientCredentialsGrantHandler</GrantTypeHandlerImplClass> </SupportedGrantType>
      8. Update the cache configuration.

        Code Block
        languagexml
        <CacheConfig> <CacheManager name="IdentityApplicationManagementCacheManager"> . . . <Cache name="PrivateKeyJWT" enable="true" timeout="10" capacity="5000" isDistributed="false"/> </CacheManager> </CacheConfig>
      9. Update the <IDTokenBuilder> under <OpenIDConnect> to specify Open Banking specific ID Token Builder.

        Code Block
        languagexml
        <IDTokenBuilder>com.wso2.finance.idtoken.builder.OpenBankingIDTokenBuilder</IDTokenBuilder>