Skip to content

Kato-Official/OpenFinance

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.idea
.idea
 
 
backend
backend
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

🏦 OpenFinance Python Integration (Hackathon Build)

Version

0.1.0 — FastAPI backend for the OpenFinance UAE Sandbox (AlTareq / Nebras)

Purpose

Implements the full OAuth2 + mTLS + PAR + Consent flow with the OpenFinance sandbox using FastAPI, JWT client assertions, and PKCE.

🧱 Project Structure

OpenFinance/
├── .venv/
│
├── backend/
│   ├── certificates/
│   │   ├── client_signing.key
│   │   ├── client_transport.key
│   │   └── client_transport.pem
│   │
│   ├── clients/
│   │   └── open_finance_client.py
│   │
│   ├── routes/
│   │   ├── __init__.py
│   │   ├── consent_create.py
│   │   ├── debug.py
│   │   └── token.py
│   │
│   ├── services/
│   │   ├── __init__.py
│   │   ├── jwt_creator.py
│   │   ├── pkce.py
│   │   └── config.py
│   │
│   └── main.py
│
├── .env
└── requirements.txt

⚙️ .env Configuration

SIGNING_ISSUER=https://rp.sandbox.directory.openfinance.ae/openid_relying_party/60222c6e-18d2-4452-9140-0c5c23dd2c68
SIGNING_SUBJECT=https://rp.sandbox.directory.openfinance.ae/openid_relying_party/60222c6e-18d2-4452-9140-0c5c23dd2c68
SIGNING_KEY_KID=qWZUsxvD_ekbr_4aU-e_bLPHBei6JAPeKWzysb1WlFM
SIGNING_PRIVATE_KEY_PATH=backend/certificates/client_signing.key

MTLS_CERT_PATH=backend/certificates/client_transport.pem
MTLS_KEY_PATH=backend/certificates/client_transport.key

OF_REDIRECT_URI=https://docs.openfinance-hackathon.com/starter-kit/callback
OF_RESOURCE_SERVER=https://rs1.altareq1.sandbox.apihub.openfinance.ae
OF_ISSUER=https://auth1.altareq1.sandbox.apihub.openfinance.ae
OF_AUTH_ENDPOINT=https://auth1.altareq1.sandbox.apihub.openfinance.ae/auth
OF_PAR_ENDPOINT=https://as1.altareq1.sandbox.apihub.openfinance.ae/par
OF_TOKEN_ENDPOINT=https://as1.altareq1.sandbox.apihub.openfinance.ae/token
OF_JWKS=https://keystore.sandbox.directory.openfinance.ae/233bcd1d-4216-4b3c-a362-9e4a9282bba7/application.jwks

🧩 Service Overview

jwt_creator.py

Signs JWT assertions for:

  • /token exchange
  • /par (Pushed Authorization Request)
  • JAR (JWT Authorization Request)

open_finance_client.py

Handles HTTPX mTLS session for POSTs to /par and /token.

consent_create.py

Creates the consent (PAR):

  • Builds the JWT Request Object (JAR)
  • Signs it using your private key
  • Posts to /par
  • Returns the auth_url for the user login step

token.py

Handles the token exchange for authorization_code grant.

🧪 Step-by-Step Flow

1. Start FastAPI

uvicorn backend.main:app --reload --port 8080

2. Create Consent (PAR)

POST /consent-create/bank-data

3. Authorize in Browser

Login with sandbox credentials → approve → note the ?code= value.

4. Exchange Token

curl -s -X POST http://127.0.0.1:8080/token/authorization-code   -H "Content-Type: application/json"   -d '{
    "code": "1668752c-7edb-41dd-ac89-e45c9fe88d4c",
    "code_verifier": "gtLlupLlMF0FBGtEqSXRvb47kLwUreiq0qVVicipnfg",
    "redirect_uri": "https://docs.openfinance-hackathon.com/starter-kit/callback"
  }' | python -m json.tool

🪪 Author

Kato (Amato Alireza) (Mooj, DIFC, Dubai)
Lead Engineer / CTO — OpenFinance Hackathon Build.

About

FastAPI backend for the UAE OpenFinance Sandbox — implements mTLS, JWT-based OAuth2 flows (PAR + token exchange), and consent creation for secure account data access. Clean architecture with modular routes, PKCE, and sandbox-ready configuration.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages