OBP-OIDC now functions as a Developer Setup Helper that automatically generates secure configurations for the entire OBP ecosystem. No more placeholder values or manual secret generation!
- Real cryptographic secrets (not
CHANGE_THIS_TO_...placeholders) - Database passwords: 24-character secure passwords with mixed case, numbers, and symbols
- OIDC client secrets: 32-byte Base64-encoded secrets (256-bit entropy)
- Fresh generation: Automatically detects and replaces placeholder values
- One-command setup:
./generate-config.shgets you started - Ready-to-copy configurations: No manual editing required
- File outputs: Configurations saved to files for easy reference
- Interactive CLI: Choose what to generate
- 4 OBP clients pre-configured:
- OBP-API Core Service
- OBP Portal Web Application
- API-Explorer-II Tool
- Opey-II Mobile/Web Client
- Database storage: All configs stored in PostgreSQL
- Environment-specific: Easy to customize URLs and redirects
# Interactive mode
./generate-config.sh
# Direct commands
mvn exec:java -Dexec.args="--generate-config" # Full config
mvn exec:java -Dexec.args="--db-config" # Database only
mvn exec:java -Dexec.args="--help" # Show help- Environment variable check: Detects
CHANGE_THISplaceholders - Fresh generation: Creates new secrets when placeholders found
- Secure reuse: Keeps existing valid secrets if present
- Database storage: Secrets stored securely in
v_oidc_admin_clients
- Console output: Formatted for easy reading
- Configuration files:
obp-oidc-database-config.txt- Database setup commandsobp-oidc-generated-config.txt- OIDC client configurations
- Project-specific formats:
- OBP-API: Props file format
- Portal:
.envfile format - Explorer-II: Environment variables
- Opey-II: Environment variables
# Auto-generated database commands
sudo -u postgres psql << EOF
CREATE DATABASE sandbox;
CREATE USER oidc_user WITH PASSWORD 'SecurePassword123!';
CREATE USER oidc_admin WITH PASSWORD 'AdminPassword456#';
GRANT CONNECT ON DATABASE sandbox TO oidc_user;
GRANT CONNECT ON DATABASE sandbox TO oidc_admin;
\q
EOF# Props file entries
openid_connect.scope=openid email profile
openid_connect.endpoint=http://localhost:8080/.well-known/openid_configuration
oauth2.client_id=obp-api-client
oauth2.client_secret=GeneratedSecureSecret123ABC
oauth2.callback_url=http://localhost:8080/auth/openid-connect/callback# .env file entries
NEXT_PUBLIC_OAUTH_CLIENT_ID=obp-portal-client
OAUTH_CLIENT_SECRET=GeneratedPortalSecret456DEF
NEXT_PUBLIC_OAUTH_AUTHORIZATION_URL=http://localhost:8080/oauth/authorize
OAUTH_TOKEN_URL=http://localhost:8080/oauth/token
OAUTH_USERINFO_URL=http://localhost:8080/oauth/userinfo
NEXT_PUBLIC_OAUTH_REDIRECT_URI=http://localhost:3000/callback- Smart secret detection:
generateFreshSecretIfPlaceholder() - Secure password generation:
generateSecurePassword() - Configuration writing:
writeConfigurationFile() - Developer config mode:
generateDeveloperConfig()
- Argument parsing:
--generate-config,--db-config,--help - Interactive script:
generate-config.shwith menu system - File generation: Automatic config file creation
- Help system: Built-in documentation
- SecureRandom: Cryptographically secure random number generation
- Base64 encoding: URL-safe encoding for OIDC secrets
- Password complexity: Mixed case, numbers, symbols for database passwords
- No hardcoded secrets: All secrets generated at runtime
# 1. Clone OBP-OIDC
git clone [repo-url]
cd OBP-OIDC
# 2. Generate configuration
./generate-config.sh
# 3. Set up database (copy from generated file)
sudo -u postgres psql < obp-oidc-database-config.txt
# 4. Export environment variables (from generated file)
export OIDC_USER_PASSWORD=GeneratedPassword...
export OIDC_ADMIN_PASSWORD=GeneratedAdminPassword...
# 5. Start OBP-OIDC
./run-server.sh
# 6. Copy client configs to other OBP projects
# All configurations printed on startup + saved to files- Backward compatible: Still reads existing environment variables
- Placeholder replacement: Automatically upgrades
CHANGE_THISvalues - Database integration: Works with existing database schemas
- PostgreSQL database creation commands
- User creation with generated passwords
- Permission grants
- Environment variable exports
- Project-specific configuration sections
- Copy-paste ready format
- All 4 OBP clients included
- Timestamped for reference
- No weak passwords: All secrets cryptographically generated
- No placeholder exposure: Eliminates accidental deployment of
CHANGE_THISvalues - Unique per deployment: Each installation gets unique secrets
- Zero manual configuration: Everything auto-generated
- Fast onboarding: New developers up and running in minutes
- Error reduction: No manual secret management mistakes
- Documentation: Clear instructions and examples
- Version controlled: Configuration generation is code-driven
- Reproducible: Same process works across all environments
- Updatable: Easy to modify client configurations as ecosystem evolves
- Environment profiles: Development, staging, production configs
- Custom client creation: Interactive client builder
- Configuration validation: Check generated configs against services
- Docker integration: Container-ready configuration generation
- Kubernetes secrets: Generate K8s secret manifests
- OBP-API integration: Direct props file writing
- Portal integration: Automatic
.envfile updates - CI/CD integration: Automated deployment configurations
- Development containers: Pre-configured dev environments
OBP-OIDC now serves as a comprehensive developer helper that:
- Generates secure secrets automatically
- Provides ready-to-use configurations for all OBP projects
- Eliminates manual setup errors and security issues
- Streamlines developer onboarding from hours to minutes
- Maintains backward compatibility with existing deployments
The system transforms OBP-OIDC from a simple OIDC provider into an essential developer productivity tool for the entire OBP ecosystem.