API Security Configuration
API security configuration:
API security configuration contains security context: Basic HTTPS authentication or Oauth 2.0.
You will have to set up an appropriate security configuration and disable a weaker security configuration. This selection also depends on the deployment environment used and your security objectives.
OAuth 2.0:
OAuth 2.0 is an industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. An OAuth 2.0 server is a piece of software that implements network protocol flows which allow a client (a piece of software) to act on behalf of a user. Fineract Security settings are supplied here. We can define the Oauth and Basic Auth realm settings. The Oauth Client data is not defined in the xml file it is found here. If adding more clients, we can simply use a query like this.
INSERT INTO 'oauth_client_details' ('client_id', 'client_secret', 'scope', 'authorized_grant_types') VALUES ('community-app', '123', 'all', 'password,refresh_token');
Switching between Basic Auth and Oauth It is possible that code-level changes or Fineract improvements get shipped with a security context and configurations. If your deployment requires you to switch b/w basic authentication and OAuth, follow these steps to enable/disable oAuth/basicauth for the Mifos X community app and Fineract 1. x(both):
a. For Community App
To enable OAuth:
Go to
community-app/app/scripts/modules/configurations.jsChange the value of the “SECURITY“ constant to “oauth“.
To enable basicauth:
Go to
community-app/app/scripts/modules/configurations.jsChange the value of the “SECURITY“ constant to “basicauth“.
b. For Fineract 1. x
To enable OAuth:
When building the application for production, add the -Psecurity=oauth flag.
To enable basicauth:
When building the application for production, exclude the -Psecurity flag
Last updated
