Getting Started

What is it?

The Authentication Framework protects access to user data via modern, battle-tested, tech industry standards such as OAuth and OpenID Connect (which we continue to update as those standards evolve).

The Authentication Framework is also how you can securely map Banno’s customer identifiers to your existing system identifiers.

What is its purpose?

The Authentication Framework is the underlying foundation for every part of the Toolkit (i.e. the Consumer API, Plugin Framework, and Admin API).

The Authentication Framework does not use API keys nor does it share usernames and passwords with 3rd party developers.

Instead, it provides authorized API access via an Access Token and provides authenticated information about the user via an Identity Token.

Checkpoint

Have you completed the Authentication (Node.js Example) Quickstart for the Consumer API ?

Checkpoint

Have you completed the Authentication (Command Line) Quickstart for the Consumer API?

How do I use it?

These are some of the things you should know about the Authentication Framework.

Architecture

The Authentication Framework is based on the industry standard OAuth 2.0 and OpenID Connect architecture.

Checkpoint

Have you read the Architecture topic?

OAuth 2.0 and OpenID Connect

The Authentication Framework protects user data using the OAuth 2.0 industry standard. With OAuth, users can delegate scoped access to third parties who wish to act on the user’s behalf. The user’s login credentials are never shared with the third party. Instead, authorization is provided to third party apps via an access token.

The Authentication Framework provides user identity information using the OpenID Connect (OIDC) industry standard. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol. With OpenID Connect, third party apps are provided authenticated information about the user in the form of an identity token.

Checkpoint

Have you read the OpenID Connect and OAuth 2.0 topic?

Proof Key for Code Exchange (PKCE)

Now that the OAuth 2.1 draft specification has added requirements for PKCE, our v0 auth endpoints now also require it. More details about PKCE can be found here: https://auth0.com/docs/flows/authorization-code-flow-with-proof-key-for-code-exchange-pkce. We also have a migration guide for transitioning your existing applications.

Tokens

OAuth 2.0 and OpenID Connect are based on the concept of tokens. There are 3 main types:

  • Access Token
  • Identity Token
  • Refresh Token
Checkpoint

Have you read the Tokens topic?

Permissions Flow

The Authentication Framework grants data permissions based on granular request scopes and claims, which provide limited access to specific data on a per user basis.

Financial institutions are empowered to make choices about the data that gets shared with 3rd party developers.

Checkpoint

Have you read the Permissions Flow topic?

Mapping Data to Other Systems

The Authentication Framework is how you can securely map Banno’s customer identifiers to your existing system identifiers.

The Authentication Framework supports standard OpenID Connect claims which include (but are not limited to):

  • Given name
  • Family name
  • Email
  • Phone
  • Address

The Authentication Framework also supports additional claims that are specific to Banno which include (but are not limited to):

  • Unique customer identifier
  • CIF (banks)
  • Member number (credit unions)
  • NetTeller ID (banks)
  • Tax ID (or SSN)
Checkpoint

Have you read the OpenID Connect and OAuth 2.0 topic?

How have others used it?

These are some of the ways that 3rd party developers have used the Authentication Framework:

  • Cross reference users with existing ad targeting system to provide offers tailored to individual users
  • Simplify and prefill a loan application form
  • Enable developers to securely access and share financial data via a secure data access network

Additional details

These are some additional details that you may find useful as you build your apps.

External Resources for OAuth 2.0 and OpenID Connect

If you want to learn more about OAuth 2.0 and OpenID Connect, these external resources may be useful:

Other “Getting Started” pages

These pages will help you get started with other parts of the Banno Digital Toolkit: