{"id":23859215,"url":"https://github.com/openconext/openconext-invite","last_synced_at":"2025-09-08T07:30:50.478Z","repository":{"id":166361550,"uuid":"638508484","full_name":"OpenConext/OpenConext-Invite","owner":"OpenConext","description":null,"archived":false,"fork":false,"pushed_at":"2025-08-21T13:48:45.000Z","size":5667,"stargazers_count":3,"open_issues_count":31,"forks_count":5,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-08-21T14:54:16.475Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OpenConext.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-05-09T14:01:23.000Z","updated_at":"2025-08-21T13:48:48.000Z","dependencies_parsed_at":"2023-09-25T23:37:02.479Z","dependency_job_id":"bc06cda2-f763-41ce-a99a-c6e8a22a2ae2","html_url":"https://github.com/OpenConext/OpenConext-Invite","commit_stats":null,"previous_names":["openconext/openconext-invite"],"tags_count":43,"template":false,"template_full_name":null,"purl":"pkg:github/OpenConext/OpenConext-Invite","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-Invite","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-Invite/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-Invite/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-Invite/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OpenConext","download_url":"https://codeload.github.com/OpenConext/OpenConext-Invite/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-Invite/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274152122,"owners_count":25231285,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-08T02:00:09.813Z","response_time":121,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-03T03:32:56.492Z","updated_at":"2025-09-08T07:30:49.795Z","avatar_url":"https://github.com/OpenConext.png","language":"Java","readme":"# Openconext-Invite\n\n[![Build Status](https://github.com/OpenConext/OpenConext-Invite/actions/workflows/actions.yml/badge.svg)](https://github.com/SOpenConext/OpenConext-Invite/actions/workflows/actions.yml/badge.svg)\n![Coverage](.github/badges/jacoco.svg)\n![Branches](.github/badges/branches.svg)\n\n## [Getting started](#getting-started)\n\n### [System Requirements](#system-requirements)\n\n- Java 21\n- Maven 3\n\nFirst install Java 21 with a package manager\nand then export the correct the `JAVA_HOME`. For example on macOS:\n\n```bash\nexport JAVA_HOME=/Library/Java/JavaVirtualMachines/openjdk-21.jdk/Contents/Home/\n```\n\nThen create the MySQL database:\n\n```sql\nDROP DATABASE IF EXISTS invite;\nCREATE DATABASE invite CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci;\nCREATE USER 'invite'@'localhost' IDENTIFIED BY 'secret';\nGRANT ALL privileges ON `invite`.* TO 'invite'@'localhost';\n```\n\n### [Building and running](#building-and-running)\n\nThis project uses Spring Boot and Maven. To run locally, type:\n\n```bash\nmvn spring-boot:run\n```\n\nTo build and deploy (the latter requires credentials in your maven settings):\n\n```bash\nmvn clean deploy\n```\n\n### [Mail](#mail)\n\nIn the default `application.properties` the mail host is `localhost` and the port is `1025`. Run mailpit to capture mails.\nSee \u003chttps://github.com/axllent/mailpit\u003e\n\n### [Endpoints](#endpoints)\n\n\u003chttps://invite.test.surfconext.nl/ui/swagger-ui/index.html\u003e\n\n\u003chttps://mock.test.surfconext.nl/\u003e\n\n\u003chttps://welcome.test.surfconext.nl/\u003e\n\n\u003chttps://invite.test.surfconext.nl/\u003e\n\n### [Mock](#mock)\n\nIf you want to use the mock-provisioning, add the following metadata in Manage.\n\nSCIM:\n\n```json\n\"provisioning_type\": \"scim\",\n\"scim_url\": \"https://mock.test.surfconext.nl/api/scim/v2\",\n\"scim_user\": \"user\",\n\"scim_password\": \"secret\",\n\"scim_update_role_put_method\": true\n```\n\neVA\n\n```json\n\"provisioning_type\": \"eva\",\n\"eva_token\": \"secret\",\n\"eva_guest_account_duration\": 30\n\"eva_url\": \"https://mock.test.surfconext.nl/eva\",\n```\n\nGraph\n\n```json\n\"provisioning_type\": \"graph\",\n\"graph_url\": \"https://mock.test.surfconext.nl/graph/users\",\n\"graph_client_id\" : \"client_id\",\n\"graph_domain\" : \"hartingcollege.onmicrosoft.com\",\n\"graph_secret\" : \"secret\",\n\"graph_tenant\": \"tenant\"\n```\n\n### [Local endpoints](#local-endpoints)\n\nLogin with Mujina IdP and user `admin` to become super-user in the local environment\n\n\u003chttp://localhost:8888/ui/swagger-ui/index.html\u003e\n\n\u003chttp://localhost:8081/\u003e\n\n\u003chttp://localhost:4000\u003e\n\n\u003chttp://localhost:3000\u003e\n\n### [Institution Admin](#institution-admin)\n\nTo become an institution admin in invite, add the following values as `eduPersonEntitlements` using Mujina:\n\n- urn:mace:surfnet.nl:surfnet.nl:sab:organizationGUID:ad93daef-0911-e511-80d0-005056956c1a\n- urn:mace:surfnet.nl:surfnet.nl:sab:role:SURFconextverantwoordelijke\n\n### [Technical documentation](#technical-documentation)\n\n\u003chttps://openconext.github.io/OpenConext-Invite/\u003e\n\n### Security\n\nThere are several security filters in Invite:\n\n- OAuth2 login where the user logs in with OpenIDConnect. Invite is acting as a backend server and cookies are used to\n  identify the user in the security context.\n- Access token login where the user has logged in with OpenIDConnect and the client obtained an access token. Invite is\n  acting as a resource server. The API is stateless and for now no token introspects are cached.\n- Basic Authentication for voot, teams, aa, profile, deprovision and sp_dashboard endpoints. The API is stateless and\n  the API users are stored in memory. Endpoints are also secured by scope.\n- API token header (`X-API-TOKEN`) generated for institutional_admins (or super_users) in the GUI. The user stored in\n  the security context is the first user with the same organisational GUID (or super_user) as the user who has generated\n  the token.\n\n### Provisioning Secrets\n\nThe secrets (passwords / API-keys) used in provisionings are encrypted in OpenConext-Manage using keypairs.\n\n#### Create private / public keypair\n\n```bash\nopenssl genrsa -traditional -out private_key.pem 2048\nopenssl rsa -pubout -in private_key.pem -out public_key.pem\n```\n\n#### Convert private key to pkcs8 format in order to import it from Java\n\n```bash\nopenssl pkcs8 -topk8 -in private_key.pem -inform pem -out private_key_pkcs8.pem -outform pem -nocrypt\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenconext%2Fopenconext-invite","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenconext%2Fopenconext-invite","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenconext%2Fopenconext-invite/lists"}