Openg2p Portal Server

fastapi ~=0.103.1
uvicorn[standard] >=0.12.0
gunicorn ~=22.0.0
asyncio ~=3.4.3
pydantic-settings ~=2.0.0
pydantic-extra-types ~=2.0.0
python-multipart >=0.0.5
httpx >=0.23.0
sqlalchemy ~=2.0.20
json-logging ~=1.3.0
orjson ~=3.9.7
cryptography ~=41.0.4
python-jose ~=3.3.0
python-slugify>=8.0.0
psycopg2
asyncpg
SQLAlchemy
email-validator
openg2p-fastapi-common
openg2p-fastapi-auth

sudo apt install -y python3-pip python3-dev build-essential libpq-dev

mkdir PORTAL

cd PORTAL

git clone https://github.com/OpenG2P/openg2p-fastapi-common.git
git clone https://github.com/OpenG2P/openg2p-portal-server.git

python3.10 -m venv .venv

source .venv/bin/activate

pip install -e openg2p-fastapi-common/openg2p-fastapi-common
pip install -e openg2p-fastapi-common/openg2p-fastapi-auth
pip install -e openg2p-portal-server

PORTAL_PORT=8001
PORTAL_DB_USERNAME="portal_user"
PORTAL_DB_PASSWORD="pass"
PORTAL_DB_HOSTNAME="localhost"
PORTAL_DB_PORT="5432"
PORTAL_DB_DBNAME="db_portal"
PORTAL_AUTH_COOKIE_SECURE="false"
PORTAL_OPENAPI_ROOT_PATH= "/v1/selfservice"
PORTAL_AUTH_DEFAULT_ISSUERS="[\"https://keycloak.openg2p.org/realms/master\",\"https://esignet.openg2p.org\"]"
PORTAL_AUTH_DEFAULT_JWKS_URLS="[\"https://keycloak.openg2p.org/realms/master/protocol/openid-connect/certs\",\"https://esignet.openg2p.org/.well-known/jwks.json\"]"

python3 main.py migrate

# Connect to the PostgreSQL database
psql -U portal_user -d db_portal -h localhost -p 5432

-- Insert a new OAuth provider with the provided details
INSERT INTO public.auth_oauth_provider (
    id, name, flow, body, image_icon_url, client_id, 
    client_authentication_method, client_secret, 
    auth_endpoint, validation_endpoint, token_endpoint, jwks_uri, 
    scope, enable_pkce, code_verifier, 
    date_format, token_map, extra_authorize_params, 
    g2p_portal_oauth_callback_url, g2p_id_type
) 
VALUES
(
    1,
    'Benficiary Portal',
    'oidc_auth_code',
    'LOGIN WITH NATIONAL ID',
    'https://esignet.openg2p.org/logo.png',
    'openg2p-beneficiary-esignet',
    'private_key_jwt',
    'secret_value',
    'https://esignet.openg2p.org/authorize',
    'https://esignet.openg2p.org/v1/esignet/oidc/userinfo',
    'https://esignet.openg2p.org/v1/esignet/oauth/v2/token',
    'https://esignet.openg2p.org/.well-known/jwks.json',
    'openid profile email',
    true,
    'code_verifier',
    '%Y/%m/%d',
    'sub:user_id name:name email:email phone_number:phone birthdate:birthdate gender:gender address:address picture:picture individual_id:provider_unique_id',
    '{
       "acr_values": "mosip:idp:acr:generated-code mosip:idp:acr:biometrics mosip:idp:acr:linked-wallet", 
       "claims": "{\"userinfo\":{\"name\":{\"essential\":true},\"phone_number\":{\"essential\":false},\"email\":{\"essential\":false},\"gender\":{\"essential\":true},\"birthdate\":{\"essential\":true},\"address\":{\"essential\":false},\"picture\":{\"essential\":false},\"individual_id\":{\"essential\":false}},\"id_token\":{}}"
     }',
    'http://selfservice17.openg2p.my/v1/selfservice/oauth2/callback',
    'NATIONAL ID'
);

# Encode the private key file into Base64 format and save it to a temporary file
base64 -w0 /home/Downloads/beneficiary.priv.pem > /tmp/key.b64

# Connect to the PostgreSQL database
psql -U portal_user -d db_portal -h localhost -p 5432

--Set the content of the private key by reading it from a file
\set content `cat /tmp/key.b64`

--Update the client private key for OAuth provider with id = 1
UPDATE public.auth_oauth_provider
SET client_private_key = :'content'
WHERE id = 1;

--Verify the updated private key
SELECT 
    id, 
    LENGTH(client_private_key) AS key_length,
    LEFT(client_private_key::text, 30) AS key_start,
    RIGHT(client_private_key::text, 30) AS key_end
FROM public.auth_oauth_provider
WHERE id = 1;

python3 main.py run