Connect An Account

Completing A Connection

Now you have the authorisation URL sorted. Its time to pass over control to your user.

When given this new URL the user must visit the site and will be taken through a few main steps:

  1. Choosing their bank (if you did not provide a specific bank id in the request)
  2. Consenting to the action being taken - Their bank will inform and request their consent to proceed
  3. Authenticating with their bank - Logging into their bank and providing further access to the requested resources

You can try this yourself, visit the new link you have made and try to connect with our Moneyhub Open Banking Mock.

Exchanging The Code

If all is well, and the user has given consent and successfully authenticated themselves the bank and Moneyhub will redirect back to your given redirect URI. Upon this redirect a code will be given in a query parameter.

Finalising The Connection

To seal the deal with this connection you must now exchange this code for your access and id tokens.

You are now going to make a new request to the identity server (https://identity.moneyhub.co.uk) and
POST /oidc/token

curl --location --request POST 'https://identity.moneyhub.co.uk/oidc/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code={Your code returned from the redirect}' \
--data-urlencode 'redirect_uri={The redirect uri used in the auth url}' \
--data-urlencode 'client_id={Your clientId}' \
--data-urlencode 'client_assertion={Your JWT}' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'sub={Your userId if you have one}' \

๐Ÿšง

New JWTs

Each time you make a new request to the /token endpoint, you will need a fresh JWT with unique jti. You will get errors back if you try to use the same JWT twice.

Once successfully posted, you should receive a token set that looks like this:

{
  access_token: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlRxVk1laV9XdUtqZW5HWlJUbnJpeUxXRnZuS2tzTjNvLWFuWXBqS0JEbVUifQ.eyJqdGkiOiJLYkFwQVo1UDk5R2RfckdTQXl6bDMiLCJzdWIiOiI2MDUzN2IwNzRjNGI2ZmRmMTIwMjQ2NTgiLCJpc3MiOiJodHRwczovL2lkZW50aXR5Lm1vbmV5aHViLmNvLnVrL29pZGMiLCJpYXQiOjE2MTYwODM3NDMsImV4cCI6MTYxNjA5MDk0Mywic2NvcGUiOiJpZDoxZmZlNzA0ZDM5NjI5YTkyOWM4ZTI5Mzg4MGZiNDQ5YSBvcGVuaWQiLCJjbGFpbXMiOnsiaWRfdG9rZW4iOnsic3ViIjp7ImVzc2VudGlhbCI6dHJ1ZSwidmFsdWUiOiI2MDUzN2IwNzRjNGI2ZmRmMTIwMjQ2NTgifSwibWg6Y29uX2lkIjp7ImVzc2VudGlhbCI6dHJ1ZX0sImF1dGhfdGltZSI6eyJlc3NlbnRpYWwiOnRydWV9fSwicmVqZWN0ZWQiOltdfSwiYXVkIjoiMWUxYjI1NTYtNmUyOS00MjZjLTlhNTItOGNkNWI5MDE5YzcyIn0.eP90PFkfrh9syOpit_8SPutsjEN_KaZN23bR5VL43_tRjxKL5Rxc2M1HVMfUY2WraEEjC9fqwGpW3L3otPpzn1iZWy3SjS0iUcz1VCbucEOWvwjuAHUc0hQSqoDx97oJTnWiFZ_mGmk65xK_W4botUjaxlCu7iUUJsREB5C9vruo370Q2-m9fQZ4HthhsDxKAbjAy9v5ln6E4NUufkC7XPu3Yg1Nx8sTvI0a79XJ622t2Chy0z3QncoJIbBHawc6jbD-GfsrUMP0PEdB9RTlbSkn2mt1I8KpUomyWJ4E05ys3CuIoiWP2b6MMHRFgeAJinIN06uQZ0eQblySsC-urw',
  expires_at: 1616090946,
  id_token: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlRxVk1laV9XdUtqZW5HWlJUbnJpeUxXRnZuS2tzTjNvLWFuWXBqS0JEbVUifQ.eyJzdWIiOiI2MDUzN2IwNzRjNGI2ZmRmMTIwMjQ2NTgiLCJtaDpjb25faWQiOiIxZmZlNzA0ZDM5NjI5YTkyOWM4ZTI5Mzg4MGZiNDQ5YTowNjczN2ZmZS1jZGZmLTQwNDctYTFkMy1iNTRlYmM4YzM2OGIiLCJhdXRoX3RpbWUiOjE2MTYwODM3MzAsIm5vbmNlIjoiYmFyIiwiYXRfaGFzaCI6IjI1ODg2UXNaTDZIY2VfZ3Y5YU9XUWciLCJzaWQiOiI3N2I1OGZjMS0wZTMwLTQxMjMtYWVmZi04YzcwZTczMDJmMzIiLCJhdWQiOiIxZTFiMjU1Ni02ZTI5LTQyNmMtOWE1Mi04Y2Q1YjkwMTljNzIiLCJleHAiOjE2MTYwODczNDYsImlhdCI6MTYxNjA4Mzc0NiwiaXNzIjoiaHR0cHM6Ly9pZGVudGl0eS5tb25leWh1Yi5jby51ay9vaWRjIn0.Upy5ThfFepYYldLL_RVBFMKjBoIWnUfZM6INF2v7572gH3B4fWBuTfQGvWHuf1NJ9szmiNN1_g09b_XI9lSCPzIXnrS-jeEgiMuCbiZISxxbRgS0Swg2XFay2LlgcWTijRBcq2r9o0KpacoXtxU2OSjJY6Q2ahF8H6HRwQHL0-zZAIj_XL8iMvgmXDwIjifSXj9wCxljS1R_3rRr1IYLIxvoSKK9NhJet4PHv-ICbApR5tFjN7ulVjR6V1rEkQDAvj9WmZFL3L2BMKEV9ZvhU773bHATNJ-ehebWr5qXzDxRsGgB4MeWc-Fy0cz4DqiiHwhNTr3sBdD1Pge0gIDv-w',
  scope: 'id:1ffe704d39629a929c8e293880fb449a openid',
  token_type: 'Bearer'
}

Whatโ€™s Next

You have now successfully made a connection and can begin to query against this for data.