This application belong to the inbound/outbound tier of the Piattaforma Unitaria product.
See PU Microservice Architecture for more details.
- To handle users' sessions;
- To handle m2m clients;
- To store users and roles.
See OpenAPI, exposed through the following path:
/swagger-ui/index.html
See Postman collection and Postman Environment.
GET /payhub/.well-known/jwks.json: JWKS containing public keys;POST /payhub/oauth/token: To obtain an access token;GET /payhub/oauth/userinfo: To validate the token and get logged user info;POST /payhub/oauth/revoke: To revoke an access token;POST /payhub/oauth/clients/{organizationIpaCode}: To register an organization client to use in M2M authentication;DELETE /payhub/oauth/clients/{organizationIpaCode}/{clientId}: To delete an organization client;DELETE /actuator/caches/ACCESS_TOKEN: To revoke all access tokens.
401: Invalid access token provided, thus a new login is required;403: Trying to access a not authorized resource.
See available actuator endpoints through the following path:
/actuator
- Health (provide an accessToken to see details):
/actuator/health- Liveness:
/actuator/health/liveness - Readiness:
/actuator/health/readiness
- Liveness:
- Metrics:
/actuator/metrics- Prometheus:
/actuator/prometheus
- Prometheus:
Further endpoints are exposed through the JMX console.
- Redis
- MongoDB
- p4pa-organization: To retrieve organization info and add them to the user info.
- External IAM - The IAM which will provide the id token used to authenticate users:
- JWKS endpoint: Key sets to validate JWT signs.
users: Users authenticated through the external IAM;operators: Users' role inside an organization;clients: Organizations' clients for M2M authentication.
See application.yml for each configurable property.
| ENV | DESCRIPTION | DEFAULT |
|---|---|---|
| SERVER_PORT | Application server listening port | 8080 |
| ENV | DESCRIPTION | DEFAULT |
|---|---|---|
| LOG_LEVEL_ROOT | Base level | INFO |
| LOG_LEVEL_PAGOPA | Base level of custom classes | INFO |
| LOG_LEVEL_SPRING | Level applied to Spring framework | INFO |
| LOG_LEVEL_SPRING_BOOT_AVAILABILITY | To print availability events | DEBUG |
| LOGGING_LEVEL_API_REQUEST_EXCEPTION | Level applied to APIs exception | INFO |
| LOG_LEVEL_PERFORMANCE_LOG | Level applied to PerformanceLog | INFO |
| LOG_LEVEL_PERFORMANCE_LOG_API_REQUEST | Level applied to API Performance Log | INFO |
| LOG_LEVEL_PERFORMANCE_LOG_REST_INVOKE | Level applied to REST invoke Performance Log | INFO |
| ENV | DESCRIPTION | DEFAULT |
|---|---|---|
| REDIS_HOST | Redis server host | localhost |
| REDIS_PORT | Redis server port | 6380 |
| REDIS_PASSWORD | Redis password | |
| MONGODB_URI | Mongo connection string | mongodb://localhost:27017 |
| MONGODB_DBNAME | Mongo db name | payhub |
| MONGODB_CONNECTIONPOOL_MAX_SIZE | Mongo connection pool max size | 100 |
| MONGODB_CONNECTIONPOOL_MIN_SIZE | Mongo connection pool max size | 0 |
| MONGODB_CONNECTIONPOOL_MAX_WAIT_MS | Timeout milliseconds | 120000 |
| MONGODB_CONNECTIONPOOL_MAX_CONNECTION_LIFE_MS | Connection lifetime (milliseconds) | 0 |
| MONGODB_CONNECTIONPOOL_MAX_CONNECTION_IDLE_MS | Connection idle lifetime (milliseconds) | 120000 |
| MONGODB_CONNECTIONPOOL_MAX_CONNECTING | Max parallel creating connections | 2 |
π Caching
| ENV | DESCRIPTION | DEFAULT |
|---|---|---|
| CACHE_JWKS_SIZE | External IAM jwks cache size | 10 |
| CACHE_JWKS_MINUTES | External IAM jwks cache retention (minutes) | 60 |
| CACHE_ORGANIZATION_SIZE | Organization data cache size | 100 |
| CACHE_ORGANIZATION_MINUTES | Organization data cache retention (minutes) | 60 |
| CACHE_BROKER_MAXIMUM_SIZE | Broker data cache size | 100 |
| CACHE_BROKER_MINUTES | Broker data cache retention (minutes) | 60 |
| ENV | DESCRIPTION | DEFAULT |
|---|---|---|
| DEFAULT_REST_CONNECTION_POOL_SIZE | Default connection pool size | 10 |
| DEFAULT_REST_CONNECTION_POOL_SIZE_PER_ROUTE | Default connection pool size per route | 5 |
| DEFAULT_REST_CONNECTION_POOL_TIME_TO_LIVE_MINUTES | Default connection pool TTL (minutes) | 10 |
| DEFAULT_REST_TIMEOUT_CONNECT_MILLIS | Default connection timeout (milliseconds) | 120000 |
| DEFAULT_REST_TIMEOUT_READ_MILLIS | Default read timeout (milliseconds) | 120000 |
| ENV | DESCRIPTION | DEFAULT |
|---|---|---|
| ORGANIZATION_BASE_URL | Organization microservice URL | |
| ORGANIZATION_MAX_ATTEMPTS | Organization API max attempts | 3 |
| ORGANIZATION_WAIT_TIME_MILLIS | Organization retry waiting time (milliseconds) | 500 |
| ORGANIZATION_PRINT_BODY_WHEN_ERROR | To print body when an error occurs | true |
| ENV | DESCRIPTION | DEFAULT |
|---|---|---|
| JWT_EXTERNAL_TOKEN_BASE_URL | External IAM base URL (it will be used to build the jwks url appending the path /.well-known/jwks.json) |
https://auth.server.com |
| JWT_EXTERNAL_TOKEN_ISS | External IAM issuer claim value | externalauthentication-server-issuer |
| ENV | DESCRIPTION | DEFAULT |
|---|---|---|
| JWT_TOKEN_AUDIENCE | The aud claim set on the generated access token | application-audience |
| JWT_TOKEN_EXPIRATION_SECONDS | Access token expiration (seconds) | 3600 |
| JWT_TOKEN_PRIVATE_KEY | JWT private key | |
| JWT_TOKEN_PUBLIC_KEY | JWT public key | |
| ACCESS_ORGANIZATION_MODE_ENABLED | If true, it will expect the presence of the access organization inside the ID Token. Thus, it will register te relation between the operator and the relation with the provided roles. If disabled, the admin should register the associations using the provided API. | true |
| ENV | DESCRIPTION | DEFAULT |
|---|---|---|
| DATA_CIPHER_P4PA_AUTH_HASH_KEY | Base64 encoded key (256 bit) used to calculate hash | |
| DATA_CIPHER_P4PA_AUTH_ENCRYPT_PSW | Base64 encoded key (256 bit) used to encrypt data | |
| PIATTAFORMA_UNITARIA_CLIENT_SECRE 8FFF T | client_secret used on M2M authentication to get a technical access token |
Ensure the following tools are installed on your machine:
- Java 21+
- Gradle (or use the Gradle wrapper included in the repository)
- Docker (to build and run on an isolated environment, optional)
./gradlew dependencies --write-locks./gradlew clean build./gradlew testSee Postman collection and Postman Environment.
./gradlew bootRundocker build -t <APP_NAME> .
docker run --env-file <ENV_FILE> <APP_NAME>