API-Explorer-II/.env.example at develop · OpenBankProject/API-Explorer-II · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
### OBP API Configuration ###
VITE_OBP_API_HOST=http://127.0.0.1:8080
VITE_OBP_API_VERSION=v5.1.0

### API Explorer Host ###
VITE_OBP_API_EXPLORER_HOST=http://localhost:5173

### Session Configuration ###
VITE_OBP_SERVER_SESSION_PASSWORD=change-me-to-a-secure-random-string

### OAuth2 Redirect URL (shared by all providers) ###
VITE_OAUTH2_REDIRECT_URL=http://localhost:5173/api/oauth2/callback

### Logout behaviour ###
### Controls what happens when a user logs out:
###   public   (default) - Full SSO logout: also ends the Keycloak/OIDC session
###                         (via end_session_endpoint), so the next login requires
###                         credentials. Use for public-facing / shared machines.
###   internal           - Local-only logout: clears the app session but keeps the
###                         provider SSO session, so re-login is silent. Use for
###                         deployments within a single trusted organisation.
### Unset or unrecognised values fall back to "public".
VITE_OBP_LOGOUT_MODE=public

### Redis Configuration (Optional - uses localhost:6379 if not set) ###
# VITE_OBP_REDIS_URL=redis://127.0.0.1:6379
# VITE_OBP_REDIS_PASSWORD=
# VITE_OBP_REDIS_USERNAME=

### Multi-Provider OAuth2/OIDC Configuration ###
### If VITE_OBP_OAUTH2_WELL_KNOWN_URL is set, it will be used
### Otherwise, the system fetches available providers from: VITE_OBP_API_HOST/obp/v5.1.0/well-known
### Configure credentials below for each provider you want to support

### (Optional) ###
# VITE_OBP_OAUTH2_WELL_KNOWN_URL=http://127.0.0.1:9000/obp-oidc/.well-known/openid-configuration

### OBP-OIDC Provider ###
VITE_OBP_OIDC_CLIENT_ID=your-obp-oidc-client-id
VITE_OBP_OIDC_CLIENT_SECRET=your-obp-oidc-client-secret

### OBP Consumer Key (for API calls) ###
VITE_OBP_CONSUMER_KEY=your-obp-oidc-client-id

### Keycloak Provider (Optional) ###
# VITE_KEYCLOAK_CLIENT_ID=your-keycloak-client-id
# VITE_KEYCLOAK_CLIENT_SECRET=your-keycloak-client-secret

### Google Provider (Optional) ###
### 1. Create an OAuth client in Google Cloud Console (APIs & Services -> Credentials
###    -> Create Credentials -> OAuth client ID, type "Web application").
### 2. Add VITE_OAUTH2_REDIRECT_URL (see above, default
###    http://localhost:5173/api/oauth2/callback) as an Authorized redirect URI.
### 3. On the OBP-API side: include "google" in oauth2.oidc_provider and add
###    https://www.googleapis.com/oauth2/v3/certs to oauth2.jwk_set.url,
###    otherwise the provider is not advertised by /well-known and Google
###    id_tokens are rejected. See README "Login with Google" for details.
# VITE_GOOGLE_CLIENT_ID=your-google-client-id.apps.googleusercontent.com
# VITE_GOOGLE_CLIENT_SECRET=your-google-client-secret

### GitHub Provider (Optional) ###
# VITE_GITHUB_CLIENT_ID=your-github-client-id
# VITE_GITHUB_CLIENT_SECRET=your-github-client-secret

### Custom OIDC Provider (Optional) ###
# VITE_CUSTOM_OIDC_PROVIDER_NAME=my-custom-provider
# VITE_CUSTOM_OIDC_CLIENT_ID=your-custom-client-id
# VITE_CUSTOM_OIDC_CLIENT_SECRET=your-custom-client-secret

### Berlin Group TPP Signature Certificate Configuration (Optional) ###
# VITE_BG_PRIVATE_KEY_PATH=./certs/private_key.pem
# VITE_BG_CERTIFICATE_PATH=./certs/certificate.pem
# VITE_BG_KEY_ID=SN=1082, CA=CN=Your Name, O=YourOrg
# VITE_BG_API_VERSION=v1.3
# VITE_BG_PSU_DEVICE_ID=device-1234567890
# VITE_BG_PSU_DEVICE_NAME=API-Explorer-II
# VITE_BG_PSU_IP_ADDRESS=127.0.0.1
# VITE_BG_TPP_REDIRECT_URI=https://your-app.com/berlin-group/redirect
# VITE_BG_TPP_NOK_REDIRECT_URI=https://your-app.com/berlin-group/error

### Chatbot Configuration (Optional) ###
VITE_CHATBOT_ENABLED=false
# VITE_CHATBOT_URL=http://localhost:5000

### Resource Docs Version ###
VITE_OBP_API_DEFAULT_RESOURCE_DOC_VERSION=OBPv7.0.0