Developer Programs
Vendor Integration Program (VIP)
Direct access to Jack Henry's technical integration resources.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Broker
Get deeper access to financial institution data.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and third-party applications using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and third-party applications using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Xperience
Modern UI that provides consistent visual integration across Jack Henry products.

OAuth and OpenID Connect

Consumer API > API Reference > v0 > OAuth and OpenID Connect

Concepts

The Authentication Framework is built upon two foundational concepts: the Access Token from the OAuth standard and the Identity Token from the OpenID Connect standard.

The Access Token provides third party apps with time-limited authorized access to resources that are owned by the user. When an Access Token is issued, a Refresh Token can optionally be issued and used at a later time to obtain a new Access Token when the current Access Token expires.

The Identity Token provides third party apps with authenticated identity information about the user.

The Glossary has information on additional terms.

The Authentication Framework - Tokens article has information on the various Tokens.

The Authentication Framework - OpenID Connect and OAuth 2.0 article has information on the OpenID Connect and OAuth concepts of scopes and claims.

Relationships

OpenID Connect Discovery

OpenID Connect Discovery is supported via the GET ​/oidc​/.well-known​/openid-configuration endpoint. This allows third party apps to easily retrieve and configure the relevant endpoints related to our OpenID Connect implementation.

Obtaining an Access Token

Access Tokens can be obtained via the POST /oidc/token endpoint.

The Authentication Framework - Tokens article has information on the various Tokens.

Obtaining an Identity Token

Identity Tokens can be obtained via the POST /oidc/token endpoint.

The Authentication Framework - Tokens article has information on the various Tokens.

Obtaining a Refresh Token

Refresh Tokens can be obtained via the POST /oidc/token endpoint.

See our Learning Materials on this page for a Guide.

The Authentication Framework - Tokens article has information on the various Tokens.

Revoking Refresh Tokens

Refresh Tokens can be revoked via the POST ​/oidc​/token​/revocation endpoint. This allows third party apps to remove access when these tokens are no longer needed.

UserInfo Endpoint

Retrieving claims about the authenticated end user is supported via the GET ​/oidc​/me endpoint.

Authenticated information about the user can be returned in these ways:

  • as Claims in the Identity Token,
  • as Claims returned from the UserInfo Endpoint,
  • as Claims in both the Identity Token and from the UserInfo Endpoint.

See Section 5.5. Requesting Claims using the “claims” Request Parameter in the OpenID Connect specification for more details.

Details

See the API Reference.

Learning Materials

Quickstarts

If you are just getting started, try our Quickstart on Authentication (Node.js Example).

If you are comfortable with the command line, try our Quickstart on Authentication (Command Line).

Guides

If you want to learn how to request a Refresh Token or how to exchange one for a new Access Token, see our Guide on Refresh Tokens.

If you want to learn how to add or remove info from the Identity Token, see our Guide on Claims in the Identity Token.

Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Thu May 2 2024