User Management
Second Use Case - Ongoing Access
Create A User
To create a new user you need to take some preliminary authentication steps first. The /user endpoint wants to see an client-credentials token with the scope of user:create
.
Obtaining A Token
To get your new client-credentials token we will need to POST /oidc/token
to our identity endpoint: https://identity.moneyhub.co.uk
The token endpoint is very versatile and offers lots of functionality, information on this can be found here: token
For your purposes you want to send this information:
scope=user:create
grant_type=client_credentials
client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_assertion=<JWT Explained Below>
If you are following along with the guide you should have your token_endpoint_auth_method
set to private_key_jwt
and so this next part will apply. If you haven't chosen this method then you will need to explore our authentication docs found here: Authentication
For client_assertion
above you will need to generate a JWT signed by your private JWKS. As mentioned in creating a client guide, your JWT library should allow all this functionality. Your JWT needs to have these properties:
{
"iss": "your client id",
"sub": "your client id",
"jti": "A unique identifier for the token, which can be used to prevent reuse",
"aud": "our token endpoint, i.e.(https://identity.moneyhub.co.uk/oidc/token)",
"iat": "the time at which the token was issued",
"exp": "the time at which the token will expire"
}
You may find that your JWT library handles values like jti
, iat
, exp
for you automatically.
Put this all together and you have this request:
curl --location --request POST 'https://identity.moneyhub.co.uk/oidc/token' \
--header 'Content-T: application/x-www-form-urlencoded' \
--form 'scope="user:create"' \
--form 'grant_type="client_credentials"' \
--form 'client_assertion_type="urn:ietf:params:oauth:client-assertion-type:jwt-bearer"' \
--form 'client_assertion="eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ5b3VyIGNsaWVudCBpZCIsInN1YiI6InlvdXIgY2xpZW50IGlkIiwianRpIjoiaGVsbG8gd29ybGQiLCJhdWQiOiJodHRwczovL2lkZW50aXR5Lm1vbmV5aHViLmNvLnVrL29pZGMvdG9rZW4iLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MTUxNjIzOTA1Mn0.TGKAnFafnSoiCCP5Wt_ZSAU0I3d7c9nplqPR-iECrbcj67pytz902H_NyM1KwpGTl0GoKhm43jMBfE-GgjcMTWqdNuOGL84EnE0iuZpn_qtucuw3wBzhPo0dXjA-F6HWjcqcfe__sca7SwxihLRQsyfv_Vz-zyULWXorruT5rCTKsp03Y5eR_f0rVet5AIxovc-N1jtXrNTC3MbzGpTUY8WZgO0e7rwSP3Trs4aT557k07XzAPPiZX58gXIIppwp7ambwpZ70J7lk53LXOwqLAHlX0L-tiRVYOovYeGC_fDoIsiJWmh59eUMulQxMxLh-gRgKl9J-sufCDouii29Jw"'
Once successful, you should receive this response:
{
"access_token": "The client credentials access token",
"expires_in": "The expiry of this token",
"token_type": "The type of token this is (client credentials)"
}
Now you have a token, with the ability to create a new user! Let's do this now.
Posting A User
Creating a user is very simple, using the same identity url you will make this request: POST /users
and you can optionally include a clientUserId
in the body to specify our own unique id for this user. The request will look something like this:
curl --location --request POST 'https://identity.moneyhub.co.uk/users' \
--header 'Authorization: Bearer <client_credentials_access_token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"clientUserId": "my-id"
}'
You will then get back your new user in a response like this:
{
"userId": "The Moneyhub user id",
"clientUserId": "Your optionally specified id",
"clientId": "Your client id",
"createdAt": "Date of creation",
"updatedAt": "Last date of any updates",
"scopes": "The scopes specified",
"managedBy": "Who this user is managed by (client in this case)",
"lastAccessed": "When the user was last accessed",
"deletedAt": "If the user was deleted, this would be the date",
"userType": "The type of user",
"clientName": "Name of your client",
"connectionIds": "An array of any connections the user has"
}
If you need specifics for this endpoint the documentation can be found here: Post Users
Manage Users
API users are an important resource for the ongoing access use case and as such we also have GET
, GET ALL
and DELETE
endpoints for these. The documentation for these can be found here: Users endpoints
Updated 4 months ago