Skip to content
/ jwt Public

Sample applications demonstrating working with JWTs and the Yodlee APIs

License

Notifications You must be signed in to change notification settings

Yodlee/jwt

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

MIT License

JWT IS DEPRECTATED FOR YODLEE CLIENTS IN FAVOR OF CLIENT CREDENTIAL AUTHENTICATION. THIS REPOSITORY IS NO LONGER MAINTAINED, AND YODLEE RECOMMENDS DISCONTINUED USE OF THIS LIBRARY.

Working with JSON Web Tokens

About JSON Web Tokens

JSON Web Tokens (JWTs) are an open standard for securely making claims. Identity is one example of a claim. Hence JWTs underpin one authentication approach used by Yodlee APIs. JWTs are a convenient alternative to SAML authentication used by large financial institutions.

Where to find more info on JWTs

The website jwt.io has an array of useful information. It has a debugger, allowing you to paste in a token and your key. It will decode it, or issue an error, allowing you to confirm that your code works. The site also has many open source libraries for token processing.

Yodlee Token Types

Yodlee JWTs come in two varieties: app tokens, and user tokens. You use one or the other depending on the specific Yodlee API.

App tokens have the "issuer id" value from your developer dashboard. This identifies you, the app developer.

App tokens are only needed for Yodlee APIs that provide general information.

User tokens have all the same information as an app token, along with one extra field, a user id. The id represents the specific end user you are working with (i.e. your client).

User tokens are used for Yodlee APIs that return information regarding a particular end user.

In the developer portal, users are identified by 20-character unique strings that you (the developer) assign to keep track of your users. You can see a list of 5 predefined test users in your developer account dashboard. They have this general appearance: "sbMem5c758c82bb1d12".

Outside the developer portal, your app can use any scheme you find convenient to create and assign unique ids to your end users. They can be from 3 to 150 characters in length.

Read the documentation here for more information on using JWTs with Yodlee APIs.

About the Applications

This repositoriy includes sample programs showing how to work with JWTs in:

After you clone this repository, select the subdirectory that references your language of choice.

Each subdirectory has language-specific installation and usage instructions in the related README file.

Generate (JWT generation sample)

One set of samples included here show how to generate JWTs. See the code under the generate directories.

To generate a JWT, you need your issuer id and private key from your developer account dashboard.

Copy/paste your private key into a file. You’ll need to supply the file path to the application. The private key is given to you in PEM format, which uses a limited set of ASCII characters, allowing easy copy/paste.

Keep your private key secret and do not share with others. Never put your private key into an app or on a mobile device.

All the applications require arguments, and the formats are very similar.

  • The -i or --issuer-id argument is required, and should reference your Issuer Id in the Yodlee Dashboard.

  • The -k or --key argument is required, and should reference the path to a copy of your private key in PEM format.

  • the -u or --username argument is optional, and should reference a valid username in your environment.

By passing in a --username argument, you will be generating a user token. Otherwise, you will be generating an app token See Yodlee Token Types.

A typical invokation of one of the apps will look like

$ generate --key private.pem --issuer-id f4d3dc80-885cbe1f-5f2b-4c74-0097-39dc59ae751c

That version doesn’t include a username, so that will produce an application token.

Using short form options, we have

$ generate -k private.pem -i f4d3dc80-885cbe1f-5f2b-4c74-0097-39dc59ae751c -u sbMem5c758c42bb1d12

That will produce a user token.

Copyright 2019 © Envestnet | Yodlee

Free use of this software is granted under the terms of the MIT License. See LICENSE for details.

About

Sample applications demonstrating working with JWTs and the Yodlee APIs

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •