...
Define the Open Banking specific Request Object Validator under the <
OpenIDConnect>as follows:Code Block language xml <RequestObjectValidator>com.wso2.finance.request.object.validator.OBRequestObjectValidatorImpl</RequestObjectValidator>
Update the following configurations under the
<OAuth>property with the URL of the Open Banking API Manager Gateway.Code Block language xml <OAuth2AuthzEPUrl>${carbon.protocol}://<OBAM_HOSTNAME>:8243/authorize</OAuth2AuthzEPUrl> <OAuth2TokenEPUrl>${carbon.protocol}://<OBAM_HOSTNAME>:8243/token</OAuth2TokenEPUrl> <OAuth2UserInfoEPUrl>${carbon.protocol}://<OBAM_HOSTNAME>:8243/userinfo</OAuth2UserInfoEPUrl> <OAuth2DCREPUrl>${carbon.protocol}://<OBAM_HOSTNAME>:8243/register</OAuth2DCREPUrl>Update the following configuration under the
<OpenIDConnect>tag with the hostname of the Open Banking API Manager server.Code Block language xml <IDTokenIssuerID>https://<WSO2_OB_APIM_HOST>:8243/token</IDTokenIssuerID>
Update the following configuration under the
<OpenIDConnect>tag with the hostname of the Open Banking API Manager server.Code Block language xml <IDTokenIssuerID>https://<WSO2_OB_APIM_HOST>:8243/token</IDTokenIssuerID>Make sure the
RenewRefreshTokenForRefreshGrantvalue set to false. With this configuration, the refresh token that is received by the refresh token grant type is not renewed. This is used to enforce consent re-authorization.Code Block language xml <RenewRefreshTokenForRefreshGrant>false</RenewRefreshTokenForRefreshGrant>
Add RenewTokenPerRequest and set the value to true. This configuration enforces a new token per each request, which will revoke any active tokens for the same application and user. This configuration is used to revoke previous tokens bound to the PSU during consent re-authentication.
Code Block language xml <RenewTokenPerRequest>true</RenewTokenPerRequest>
Configure the Receiver URL of the
<EventPublisher>under<AdaptiveAuth>with the hostname of the Open Banking Business Intelligence Server. By default, the relevant Siddhi Apps are configured to listen to port 8006.Code Block language xml <ReceiverURL>http://<WSO2_OB_BI_HOSTNAME>:8006/</ReceiverURL>
Add Open Banking specific response type handlers under
<SupportedResponseTypes>as follows:Code Block language xml <SupportedResponseType> <ResponseTypeName>code</ResponseTypeName> <ResponseTypeHandlerImplClass>com.wso2.finance.open.banking.identity.extensions.response.type.handlers.OBCodeResponseTypeHandler</ResponseTypeHandlerImplClass> </SupportedResponseType> <SupportedResponseType> <ResponseTypeName>code id_token</ResponseTypeName> <ResponseTypeHandlerImplClass>com.wso2.finance.open.banking.identity.extensions.response.type.handlers.OBHybridResponseTypeHandler</ResponseTypeHandlerImplClass> </SupportedResponseType>
Add the Open Banking specific grant types under <
SupportedGrantTypes>as follows:Code Block language xml <SupportedGrantType> <GrantTypeName>authorization_code</GrantTypeName> <GrantTypeHandlerImplClass>com.wso2.finance.open.banking.identity.extensions.grant.type.handlers.OBAuthorizationCodeGrantHandler</GrantTypeHandlerImplClass> </SupportedGrantType> <SupportedGrantType> <GrantTypeName>client_credentials</GrantTypeName> <GrantTypeHandlerImplClass>com.wso2.finance.open.banking.identity.extensions.grant.type.handlers.OBClientCredentialsGrantHandler</GrantTypeHandlerImplClass> </SupportedGrantType>
The cache configurations are available in
<CacheConfig>under<CacheManager>element. You can update the configurations according to your requirements.The ID Token Builder and the algorithm that signs the ID Token Builder are configurable.
By default,
<IDTokenBuilder>is set toorg.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder. For example, to sign the <IDTokenBuilder>with theSHA256withPSalgorithm the configurations are as follows:Code Block language xml <OpenIDConnect> <IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder> <SignatureAlgorithm>SHA256withPS</SignatureAlgorithm> </OpenIDConnect>