SecureApiGateway
diff --git a/‎README.md‎
Lines changed: 8 additions & 8 deletions b/‎README.md‎
Lines changed: 8 additions & 8 deletions
diff --git a/‎_infra/helm/securebanking-openbanking-uk-iam-initializer/readme.md‎
Lines changed: 6 additions & 6 deletions b/‎_infra/helm/securebanking-openbanking-uk-iam-initializer/readme.md‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎_infra/helm/securebanking-openbanking-uk-iam-initializer/templates/job.yaml‎
Lines changed: 5 additions & 5 deletions b/‎_infra/helm/securebanking-openbanking-uk-iam-initializer/templates/job.yaml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎config/defaults/identity-platform/fapi-as-ig-oauth2-client.json‎
Lines changed: 285 additions & 0 deletions b/‎config/defaults/identity-platform/fapi-as-ig-oauth2-client.json‎
Lines changed: 285 additions & 0 deletions
@@ -172,14 +172,14 @@ There are a variables used before load the configuration file and these variable
 
 | Environment variable   | default               | description                                                                                                                                                                                                                                            |
 |------------------------|-----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `IG.IG_CLIENT_ID`      | ig-client             | The initializer creates an OAuth2 Client that the SBAT IG will use to authenticate to the FR Platform to ensure that Api Client's can't bypass IG and use the FR Identity Platform APIs directly. The OAuth2 client will be created with this id       |
-| `IG.IG_CLIENT_SECRET`  | add-here-the-password | The initializer creates an OAuth2 Client that the SBAT IG will use to authenticate to the FR Platform to ensure that Api Client's can't bypass IG and use the FR Identity Platform APIs directly. The OAuth2 client will be created with this password |
-| `IG.IG_RCS_SECRET`     | add-here-the-secret   | IG rcs secret for remote consent service                                                                                                                                                                                                               |
-| `IG.IG_SSA_SECRET`     | add-here-the-secret   | IG ssa secret for software publisher agent                                                                                                                                                                                                             |
-| `IG.IG_IDM_USER`       | service_account.ig    | IG service user account                                                                                                                                                                                                                                |
-| `IG.IG_IDM_PASSWORD`   | add-here-the-password | IG service user account password                                                                                                                                                                                                                       |
-| `IG.IG_AGENT_ID`       | ig-agent              | IG agent id for IG policy agent                                                                                                                                                                                                                        |
-| `IG.IG_AGENT_PASSWORD` | add-here-the-password | Ig agent password for IG policy agent                                                                                                                                                                                                                  |
+| `IG.IG_CLIENT_ID`            | ig-client             | The initializer creates an OAuth2 Client that the SBAT IG will use to authenticate to the FR Platform to ensure that Api Client's can't bypass IG and use the FR Identity Platform APIs directly. The OAuth2 client will be created with this id       |
+| `IG.IG_CLIENT_SECRET`        | add-here-the-password | The initializer creates an OAuth2 Client that the SBAT IG will use to authenticate to the FR Platform to ensure that Api Client's can't bypass IG and use the FR Identity Platform APIs directly. The OAuth2 client will be created with this password |
+| `IG.IG_RCS_SECRET`           | add-here-the-secret   | IG rcs secret for remote consent service |
+| `IG.IG_SSA_SECRET`           | add-here-the-secret   | IG ssa secret for software publisher agent  |
+| `IG.IG_AS_IDM_CLIENT_SECRET` |  add-here-the-secret    | IG secret for IDM Client used on AS  |
+| `IG.IG_RS_IDM_CLIENT_SECRET` |  add-here-the-secret | IG secret for IDM Client used on RS |
+| `IG.IG_AGENT_ID`             | ig-agent              | IG agent id for IG policy agent |
+| `IG.IG_AGENT_PASSWORD`       | add-here-the-password | Ig agent password for IG policy agent |
 </details>
 
 **Identity variables**
 
@@ -134,16 +134,16 @@ spec:
                     secretKeyRef:
                       name: as-sapig-secrets
                       key: IG_CLIENT_SECRET
-                - name: IG.IG_IDM_USER
+                - name: IG.IG_AS_IDM_CLIENT_SECRET
                   valueFrom:
                     secretKeyRef:
                       name: as-sapig-secrets
-                      key: IG_IDM_USER
-                - name: IG.IG_IDM_PASSWORD
+                      key: IG_AS_IDM_CLIENT_SECRET
+                - name: IG.IG_RS_IDM_CLIENT_SECRET
                   valueFrom:
                     secretKeyRef:
                       name: as-sapig-secrets
-                      key: IG_IDM_PASSWORD
+                      key: IG_RS_IDM_CLIENT_SECRET
                 - name: IG.IG_AGENT_ID
                   valueFrom:
                     secretKeyRef:
@@ -190,8 +190,8 @@ These are the environment variables declared in the `cronjob.yaml`;
 IDENTITY.REMOTE_CONSENT_ID | secure-open-banking-rcs | | as-sapig-deployment-config/RCS_CONSENT_RESPONSE_JWT_SIGNINGKEYID | 
 | IG.IG_CLIENT_ID | | | as-sapig-secrets |
 | IG.IG_CLIENT_SECRET | | | as-sapig-secrets |
-| IG.IG_IDM_USER | | | as-sapig-secrets |
-| IG.IG_IDM_PASSWORD | | | as-sapig-secrets |
+| IG.IG_AS_IDM_CLIENT_SECRET | | | as-sapig-secrets |
+| IG.IG_RS_IDM_CLIENT_SECRET | | | as-sapig-secrets |
 | IG.IG_AGENT_ID | | | as-sapig-secrets |
 | IG.IG_AGENT_PASSWORD | | | as-sapig-secrets |
 
 
@@ -153,17 +153,17 @@ spec:
               valueFrom:
                 secretKeyRef:
                   name: as-sapig-secrets
-                  key: IG_CLIENT_SECRET
-            - name: IG.IG_IDM_USER
+                  key: IG_CLIENT_SECRET   
+            - name: IG.IG_AS_IDM_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
                   name: as-sapig-secrets
-                  key: IG_IDM_USER
-            - name: IG.IG_IDM_PASSWORD
+                  key: IG_AS_IDM_CLIENT_SECRET
+            - name: IG.IG_RS_IDM_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
                   name: as-sapig-secrets
-                  key: IG_IDM_PASSWORD
+                  key: IG_RS_IDM_CLIENT_SECRET
             - name: IG.IG_AGENT_ID
               valueFrom:
                 secretKeyRef:
 
@@ -0,0 +1,285 @@
+{
+  "asIdmOAuth2ClientConfig": {
+    "agentgroup": "",
+    "status": {
+      "inherited": false,
+      "value": "Active"
+    },
+    "userpassword": "{{.Ig.IgAsIdmClientSecret}}",
+    "clientType": {
+      "inherited": false,
+      "value": "Confidential"
+    },
+    "loopbackInterfaceRedirection": {
+      "inherited": true,
+      "value": true
+    },
+    "redirectionUris": {
+      "inherited": false,
+      "value": [
+        "https://httpbin.org/anything"
+      ]
+    },
+    "scopes": {
+      "inherited": false,
+      "value": [
+        "fr:idm:*",
+        "trusted_gateway"
+      ]
+    },
+    "defaultScopes": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "clientName": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "authorizationCodeLifetime": {
+      "inherited": true,
+      "value": 0
+    },
+    "refreshTokenLifetime": {
+      "inherited": true,
+      "value": 0
+    },
+    "accessTokenLifetime": {
+      "inherited": true,
+      "value": 0
+    }
+  },
+  "advancedOAuth2ClientConfig": {
+    "name": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "descriptions": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "requestUris": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "responseTypes": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "grantTypes": {
+      "inherited": false,
+      "value": [
+        "client_credentials"
+      ]
+    },
+    "contacts": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "tokenEndpointAuthMethod": {
+      "inherited": true,
+      "value": "string"
+    },
+    "sectorIdentifierUri": {
+      "inherited": true,
+      "value": "string"
+    },
+    "subjectType": {
+      "inherited": true,
+      "value": "string"
+    },
+    "updateAccessToken": {
+      "inherited": true,
+      "value": "string"
+    },
+    "clientUri": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "logoUri": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "policyUri": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "isConsentImplied": {
+      "inherited": true,
+      "value": true
+    },
+    "mixUpMitigation": {
+      "inherited": true,
+      "value": true
+    }
+  },
+  "coreOpenIDClientConfig": {
+    "claims": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "postLogoutRedirectUri": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "clientSessionUri": {
+      "inherited": true,
+      "value": "string"
+    },
+    "defaultMaxAge": {
+      "inherited": true,
+      "value": 0
+    },
+    "defaultMaxAgeEnabled": {
+      "inherited": true,
+      "value": true
+    },
+    "defaultAcrValues": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    },
+    "jwtTokenLifetime": {
+      "inherited": true,
+      "value": 0
+    }
+  },
+  "signEncOAuth2ClientConfig": {
+    "jwksUri": {
+      "inherited": true,
+      "value": "string"
+    },
+    "jwksCacheTimeout": {
+      "inherited": true,
+      "value": 0
+    },
+    "jwkStoreCacheMissCacheTime": {
+      "inherited": true,
+      "value": 0
+    },
+    "tokenEndpointAuthSigningAlgorithm": {
+      "inherited": true,
+      "value": "string"
+    },
+    "jwkSet": {
+      "inherited": true,
+      "value": "string"
+    },
+    "idTokenSignedResponseAlg": {
+      "inherited": true,
+      "value": "string"
+    },
+    "idTokenEncryptionEnabled": {
+      "inherited": true,
+      "value": true
+    },
+    "idTokenEncryptionAlgorithm": {
+      "inherited": true,
+      "value": "string"
+    },
+    "idTokenEncryptionMethod": {
+      "inherited": true,
+      "value": "string"
+    },
+    "idTokenPublicEncryptionKey": {
+      "inherited": true,
+      "value": "string"
+    },
+    "clientJwtPublicKey": {
+      "inherited": true,
+      "value": "string"
+    },
+    "mTLSTrustedCert": {
+      "inherited": true,
+      "value": "string"
+    },
+    "mTLSSubjectDN": {
+      "inherited": true,
+      "value": "string"
+    },
+    "mTLSCertificateBoundAccessTokens": {
+      "inherited": true,
+      "value": true
+    },
+    "publicKeyLocation": {
+      "inherited": true,
+      "value": "string"
+    },
+    "userinfoResponseFormat": {
+      "inherited": true,
+      "value": "string"
+    },
+    "userinfoSignedResponseAlg": {
+      "inherited": true,
+      "value": "string"
+    },
+    "userinfoEncryptedResponseAlg": {
+      "inherited": true,
+      "value": "string"
+    },
+    "userinfoEncryptedResponseEncryptionAlgorithm": {
+      "inherited": true,
+      "value": "string"
+    },
+    "requestParameterSignedAlg": {
+      "inherited": true,
+      "value": "string"
+    },
+    "requestParameterEncryptedAlg": {
+      "inherited": true,
+      "value": "string"
+    },
+    "requestParameterEncryptedEncryptionAlgorithm": {
+      "inherited": true,
+      "value": "string"
+    },
+    "tokenIntrospectionResponseFormat": {
+      "inherited": true,
+      "value": "string"
+    },
+    "tokenIntrospectionSignedResponseAlg": {
+      "inherited": true,
+      "value": "string"
+    },
+    "tokenIntrospectionEncryptedResponseAlg": {
+      "inherited": true,
+      "value": "string"
+    },
+    "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": {
+      "inherited": true,
+      "value": "string"
+    }
+  },
+  "coreUmaClientConfig": {
+    "claimsRedirectionUris": {
+      "inherited": true,
+      "value": [
+        "Unknown Type: any"
+      ]
+    }
+  }
+}