User Management
Second Use Case - Ongoing Access
Create A User
To create a new user you need to take some preliminary authentication steps first. The /user endpoint wants to see an client-credentials token with the scope of user:create
.
Obtaining A Token
To get your new client-credentials token we will need to POST /oidc/token
to our identity endpoint: https://identity.moneyhub.co.uk
The token endpoint is very versatile and offers lots of functionality, information on this can be found here: token
For your purposes you want to send this information:
scope=user:create
grant_type=client_credentials
client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
client_assertion=<JWT Explained Below>
If you are following along with the guide you should have your token_endpoint_auth_method
set to private_key_jwt
and so this next part will apply. If you haven't chosen this method then you will need to explore our authentication docs found here: Authentication
For client_assertion
above you will need to generate a JWT signed by your private JWKS. As mentioned in creating a client guide, your JWT library should allow all this functionality. Your JWT needs to have these properties:
{
"iss": "your client id",
"sub": "your client id",
"jti": "A unique identifier for the token, which can be used to prevent reuse",
"aud": "our token endpoint, i.e.(https://identity.moneyhub.co.uk/oidc/token)",
"iat": "the time at which the token was issued",
"exp": "the time at which the token will expire"
}
You may find that your JWT library handles values like jti
, iat
, exp
for you automatically.
Put this all together and you have this request:
curl --location --request POST 'https://identity.moneyhub.co.uk/oidc/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'scope=user:create' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer' \
--data-urlencode 'client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6InRaSUpteEZfbjhfb0JaVS1WQmpmWVFpdVl4ZDU0UnhDVnk0OUVsMF9NNG8ifQ.eyJzdWIiOiJlODY5Y2UxNC03ZTA1LTQxMGItYWI3NC04NDRiMTVhNTZhMjciLCJhdWQiOiJodHRwczovL2lkZW50aXR5Lm1vbmV5aHViLmNvLnVrL29pZGMiLCJpc3MiOiJlODY5Y2UxNC03ZTA1LTQxMGItYWI3NC04NDRiMTVhNTZhMjciLCJqdGkiOiJDai05M1dKRW1TckY3WWMwTl9ucDMwLXRFeGY0RDBZS2RhNTNnNTFjVTF3IiwiaWF0IjoxNzA3OTk4NjczLCJleHAiOjE3MDc5OTkyNzN9.WPVfwX154hG6PKkwEHcbCvouH05CsC9nF_ZhMSURWYDRZ0e_oBImMBB-BmK0moN8N_FsEX2m858Z1q10_UfWUwAhsK6KTGYR8wENfNUi-5iPGOenm8dEn6gO0lud6VpRPgsTEO2aO4cM9S8KJVVYCSpm-njHSPDjDw4G1TBwxoHRAgMW-pDSOjLyoHfx_peUN26EcyqQJ1ALOYn6GBk7laMBVIYOdn883dzn1hSg3eprMUQe3MbBkJ1sxL1AMQejI5w547JSzLvyJgYDR_4n40-ZU-lwazNBZmi9mETteKv4-k4iUDANl8SMuvORkTKsyZcnx1bxQFhutT5YUthEZA'
Once successful, you should receive this response:
{
"access_token": "The client credentials access token",
"expires_in": "The expiry of this token",
"token_type": "The type of token this is (client credentials)"
}
Now you have a token, with the ability to create a new user! Let's do this now.
Posting A User
Creating a user is very simple, using the same identity url you will make this request: POST /users
and you can optionally include a clientUserId
in the body to specify our own unique id for this user. The request will look something like this:
curl --location --request POST 'https://identity.moneyhub.co.uk/users' \
--header 'Authorization: Bearer <client_credentials_access_token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"clientUserId": "my-id"
}'
You will then get back your new user in a response like this:
{
"userId": "The Moneyhub user id",
"clientUserId": "Your optionally specified id",
"clientId": "Your client id",
"createdAt": "Date of creation",
"updatedAt": "Last date of any updates",
"scopes": "The scopes specified",
"managedBy": "Who this user is managed by (client in this case)",
"lastAccessed": "When the user was last accessed",
"deletedAt": "If the user was deleted, this would be the date",
"userType": "The type of user",
"clientName": "Name of your client",
"connectionIds": "An array of any connections the user has"
}
If you need specifics for this endpoint the documentation can be found here: Post Users
Manage Users
API users are an important resource for the ongoing access use case and as such we also have GET
, GET ALL
and DELETE
endpoints for these. The documentation for these can be found here: Users endpoints
Updated 8 months ago