Developer Programs
Fintech Integration Network (FIN)
Jack Henry's Integration Program for Fintechs.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Developer Account
Create a developer acccount to access resources that help you integrate with Jack Henry.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Hub
Get deeper access to financial institution data.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and 3rd-party apps using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and 3rd-party apps using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Xperience
Modern UI that provides consistent visual integration across Jack Henry products.
Full List of APIs
Begin working with Jack Henry's public APIs to build financial applications today.

Authentication (Node.js Example)

Consumer API > Quickstarts > Authentication (Node.js Example)

The Consumer API uses OpenID Connect and OAuth 2.0 for authentication.

This quickstart guides you through making your first OpenID Connect authentication using our Consumer API OpenID Connect example project.

Want to learn more about Authentication?
See the Authentication topic for more details.

Prerequisites

Before you get started, you’ll need to obtain the following from the back office administrator at your financial institution who has access to Banno People:

  • API Credentials
  • User Account

If the administrator does not know where to do this, they can review the External application configuration article on the Banno Knowledge site.

Understanding Your Development Experience
Are you a financial institution?

If you are a financial institution or working directly with a financial institution, you should work with the back office administrator at your institution to get appropriate access to Banno People.

Are you a fintech or independent developer?

If you are a fintech or other developer working without a financial institution, you are likely using the JackHenry.Dev developer portal. In this case, you will not have access to Banno People, however you will still have the ability to create and configure many aspects of your external application and plugin.

For more information on this, see our troubleshooting page.

API credentials

You’ll need API credentials to exercise the authorization flow. The Banno People administrator at your financial institution can provide you with a client_id and client_secret that you can use to access the Consumer API in your environment.

User account

You’ll need a user account to exercise the authorization flow with a test user.

Software requirements

Node.js, npm, nvm

The example is built for Node.js and npm.

If you don’t have these installed on your system already, you may want to install a Node Version Manager such as nvm.

Consumer API OpenID Connect example

Clone the Consumer API OpenID Connect Example repository.

Previous versions of this example used a certificate in order to run a local https server. This is no longer required and has been removed. If you have a previous version of the consumer-api-openid-connect-example, please update to use the latest.
Secure Redirect URIs

Redirect URIs must use HTTPS except in local development. HTTPS is required for all production redirect URIs to properly secure the connection between your application and our API.

The only exception is for local development. The following is a list of local options which are included in the HTTP allowlist:

  • Host names of localhost or those that end in .local
  • Any address in the IPv4 range of 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 (which includes http://127.0.0.1)

clone the repo
git clone https://github.com/Banno/consumer-api-openid-connect-example.git

Install project dependencies.

Install project dependencies.
cd consumer-api-openid-connect-example
npm install

Running the example (locally)

After completing all steps from the Prerequisites section above…

Navigate to the root folder consumer-api-openid-connect-example/.

Start the server by entering:

npm start

The server should now be running locally. You should see the following log statement in the terminal:

Environment: local
Server listening on http://localhost:8080...

Open http://localhost:8080/login.html in your browser.

Click on Sign in with Banno and sign in with your Banno Username and Password. You’ll be redirected to http://localhost:8080/me and see the OpenID Connect claims for the user.

It should look similar to this example:

Example success response
{
  "sub": "5cad5c30-6d24-11e9-870c-0242b78f8571",
  "address": {
    "locality": "Seattle",
    "postal_code": "981090000",
    "region": "WA",
    "street_address": "400 Broad St"
  },
  "email": "rileydoe@jackhenry.dev",
  "phone_number": "+15552368",
  "birthdate": "1951-03-02",
  "family_name": "Doe",
  "given_name": "Riley",
  "locale": "en-US",
  "name": "Riley Doe",
  "picture": "https://digital.garden-fi.com/a/consumer/api/node/public-profile-photo/dmF1bHQ6d...3c9PQ==",
  "preferred_username": "rileydoe",
  "at_hash": "meToBgo7UfatG825BaaClQ",
  "sid": "e10597ce-4b85-4a78-890b-55e2af751c9a",
  "aud": "05166b79-4f61-484d-a4b4-2a225926bf4b",
  "exp": 1571253248,
  "iat": 1571249648,
  "iss": "https://digital.garden-fi.com/a/consumer/api/v0/oidc"
}

You’ll also see a log statement in the terminal that shows the access_token, id_token, and refresh_token:

Example token response
TokenSet {
  access_token: '<lengthy-json-web-token-string>',
  expires_at: 1571334444,
  id_token: '<lengthy-json-web-token-string>',
  refresh_token: '<lengthy-json-web-token-string>',
  scope: 'openid address email phone profile offline_access banno',
  token_type: 'Bearer'
}

Where:

  • The access_token contains authorization information about your application regarding which actions it is allowed to perform via the Consumer API. These actions map to the scopes (e.g. openid address email phone profile banno).
  • The id_token contains authentication information about the user (i.e. claims).
  • The refresh_token is a credential that can be used to retrieve a new access token (e.g. for when the access token has expired or otherwise been invalidated).
  • Both the access_token and id_token are in JSON Web Token (JWT) format (see RFC 7519 for specification details).
JSON Web Tokens (JWTs) are credentials which can grant access to resources. It is important to keep them secret.

Next steps

Congratulations! Continue your learning journey:

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Developer Office Hours where we answer technical Q&A from the audience.
Did this page help you?
Last updated Thu Aug 29 2024