Developer Programs
Vendor Integration Program (VIP)
Direct access to Jack Henry's technical integration resources.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Broker
Get deeper access to financial institution data.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and third-party applications using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and third-party applications using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Xperience
Modern UI that provides consistent visual integration across Jack Henry products.

Authentication - Authorization Code (Node.js Example)

Admin API > Quickstarts > Authentication - Authorization Code (Node.js Example)

Welcome to our Quickstart guide for using the Admin API with OpenID Connect and OAuth 2.0 for authentication, utilizing Node.js in our example project.

In this quickstart, we will walk you through the process of making your first OpenID Connect authentication using our example project, Admin API OpenID Connect Example, which is written in Node.js.

OpenID Connect and OAuth 2.0 are industry-standard protocols for authenticating users and protecting access to APIs. By using these protocols, the Admin API ensures that only authorized users can access the resources they are requesting.

The example project we will be using in this quickstart is designed to help you get started quickly and easily with the use of Node.js. It provides a simple and straightforward way to test the authentication process and familiarize yourself with the Admin API.

We will take you step by step through the process of setting up the example project and making your first OpenID Connect authentication request. Along the way, we will provide tips and best practices to help you understand the process and ensure that everything is set up correctly.

By the end of this quickstart, you will have a solid understanding of how to use the Admin API with OpenID Connect and OAuth 2.0 for authentication, utilizing Node.js in your project. But as a reminder, Node.js is not the only way to use our API; any language with a method to send standard HTTP requests will do.

So, let’s get started!

Prerequisites

Before you get started, you’ll need to have access to the Banno Back Office.

You’ll need to get the following from the back office administrator at your financial institution.

  • API Credentials
  • User Account
Understanding Your Development Experience
Are you a financial institution?

If you are a financial institution or working directly with a financial institution, you should work with the back office administrator at your institution to get appropriate access to the Admin API.

Are you a fintech or independent developer?

If you are a fintech or other developer working without a financial institution, you are likely using the JackHenry.Dev developer portal. In this case, you will not have access to the Banno Back Office.

API credentials

You’ll need API credentials to exercise the authorization flow. The Banno Back Office administrator at your financial institution can provide you with a client_id and client_secret that you can use to access the Admin API in your environment.

For this example to run correctly, you will need to set https://localhost:8080/auth/cb as the redirect URI.

User account

You will need a user account to complete the authorization flow.

Software requirements

Node.js, npm, nvm

The example is built for Node.js and npm.

If you don’t have these installed on your system already, you may want to install a Node Version Manager such as nvm.

Admin API OpenID Connect example

Clone the repo
git clone https://github.com/Banno/admin-api-openid-connect-example.git
  • Install project dependencies
Install project dependencies.
cd admin-api-openid-connect-example
npm install

Running the example (Locally)

Complete the steps from the prerequisites section and navigate to the root folder admin-api-openid-connect-example/.

Specifically, you’ll need to edit the config.js file to add your own client_id and client_secret.

Start the server
npm start

The server will now be running locally. You’ll see this log statement in the terminal:

Successful start output
Environment: local
Server listening on https://localhost:8080...
  • Go to https://localhost:8080/ in a web browser.
  • Click on Sign in with Banno and sign in with your Banno Username and Password. You’ll be redirected to https://localhost:8080/me and see the OpenID Connect claims for the user.

After completing the auth flow, the browser will display something that looks similar to this example:

Example success response
{
  "sub": "5cad5c30-6d24-11e9-870c-0242b78f8571",
  "family_name": "Doe",
  "given_name": "Riley",
  "middle_name": null,
  "name": "Riley Doe",
  "picture": "https://digital.garden-fi.com/a/consumer/api/node/public-profile-photo/dmF1bHQ6d...3c9PQ==",
  "preferred_username": "rileydoe",
  "at_hash": "meToBgo7UfatG825BaaClQ",
  "aud": "05166b79-4f61-484d-a4b4-2a225926bf4b",
  "exp": 1571253248,
  "iat": 1571249648,
  "iss": "https://www.banno.com/a/oidc-provider/api/v0"
}

You’ll also see a log statement in the terminal that shows the access_token, id_token, and refresh_token:

Example token response
TokenSet {
  access_token: '<lengthy-json-web-token-string>',
  expires_at: 1571334444,
  id_token: '<lengthy-json-web-token-string>',
  refresh_token: '<lengthy-json-web-token-string>',
  scope: 'openid profile',
  token_type: 'Bearer'
}
  • The access_token contains authorization information about your application regarding which actions it is allowed to perform via the Consumer API. These actions map to the scopes (e.g. openid address email phone profile banno).
  • The id_token contains authentication information about the user (i.e. claims).
  • The refresh_token is a credential that can be used to retrieve a new access token (e.g. for when the access token has expired or otherwise been invalidated).
  • Both the access_token and id_token are in JSON Web Token (JWT) format (see RFC 7519 for specification details).
JSON Web Tokens (JWTs) are credentials which can grant access to resources. It is important to keep them secret.

Next steps

Congratulations! Continue your learning journey:

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Tue Jul 18 2023