To add a new connection for a registered user, you need to include the user id in the sub claim in the request object, e.g.:

{
    "scope": "openid id:all",
    "claims": {
        "id_token": {
            "sub": {
                "essential": true,
                "value": "5c1907c0e6b340e5c056fb2a"
            },
            "mh:con_id": {
                "essential": true
            }
        }
    }
}

On completion of the connection, the connection id is returned in the id token as below:

json
{
    "iss": "https://identity.moneyhub.com",
    "sub": "24400320",
    "aud": "s6BhdRkqt3",
    "nonce": "n-0S6_WzA2Mj",
    "exp": 1311281970,
    "iat": 1311280970,
    "mh:con_id": "the-connection-id"
}

To refresh an account for a registered user via either openbanking or screen scraping the following parameters would be sent in the request object:

{
    "scope": "openid refresh",
    "claims": {
        "id_token": {
            "sub": {
                "essential": true,
                "value": "5c1907c0e6b340e5c056fb2a"
            },
            "mh:con_id": {
                "essential": true,
                "value": "b74f1a79f0be8bdb857d82d0f041d7d2:0f1aa7c1-6379-483a-bfd8-ae0a208fb635"
            }
        }
    }
}

Moneyhub uses the OpenID Connect claims parameter for the following purposes:

  1. Specifying the connection that should be re-authorised or refreshed
  2. Specifying the user profile that an account should be added to
  3. Overriding the category type to categorise transactions for all accounts from this connection

The format of the claims parameter may seem odd to those unfamiliar with OpenID Connect, but it has the advantage of being a standards compliant technique of supporting the above purposes. It is supported by many OpenID Connect relying party libraries.

Our discovery document details the claims that we support, they currently include:

  • sub - the subject (user id) that the authorization request should be scoped to (for adding, reauth and refresh)
  • mh:con_id - the connection id that the authorization request should be scoped to (for reauth and refresh)
  • mh:cat_type - (optional) override the category type that will be applied to transactions received through this connection (for adding and reauth). Valid values are personal and business
  • mh:payment - used when initiating a payment.

Payments Claim