JWT IS DEPRECTATED FOR YODLEE CLIENTS IN FAVOR OF CLIENT CREDENTIAL AUTHENTICATION. THIS REPOSITORY IS NO LONGER MAINTAINED, AND YODLEE RECOMMENDS DISCONTINUED USE OF THIS LIBRARY.
JSON Web Tokens (JWTs) are an open standard for securely making claims. Identity is one example of a claim. Hence JWTs underpin one authentication approach used by Yodlee APIs. JWTs are a convenient alternative to SAML authentication used by large financial institutions.
The website jwt.io has an array of useful information. It has a debugger, allowing you to paste in a token and your key. It will decode it, or issue an error, allowing you to confirm that your code works. The site also has many open source libraries for token processing.
Yodlee JWTs come in two varieties: app tokens, and user tokens. You use one or the other depending on the specific Yodlee API.
App tokens have the "issuer id" value from your developer dashboard. This identifies you, the app developer.
App tokens are only needed for Yodlee APIs that provide general information.
User tokens have all the same information as an app token, along with one extra field, a user id. The id represents the specific end user you are working with (i.e. your client).
User tokens are used for Yodlee APIs that return information regarding a particular end user.
In the developer portal, users are identified by 20-character unique strings that you (the developer) assign to keep track of your users. You can see a list of 5 predefined test users in your developer account dashboard. They have this general appearance: "sbMem5c758c82bb1d12".
Outside the developer portal, your app can use any scheme you find convenient to create and assign unique ids to your end users. They can be from 3 to 150 characters in length.
Read the documentation here for more information on using JWTs with Yodlee APIs.
This repositoriy includes sample programs showing how to work with JWTs in:
After you clone this repository, select the subdirectory that references your language of choice.
Each subdirectory has language-specific installation and usage instructions in the related README file.
One set of samples included here show how to generate JWTs.
See the code under the generate
directories.
To generate a JWT, you need your issuer id and private key from your developer account dashboard.
Copy/paste your private key into a file. You’ll need to supply the file path to the application. The private key is given to you in PEM format, which uses a limited set of ASCII characters, allowing easy copy/paste.
Keep your private key secret and do not share with others. Never put your private key into an app or on a mobile device.
All the applications require arguments, and the formats are very similar.
-
The
-i
or--issuer-id
argument is required, and should reference your Issuer Id in the Yodlee Dashboard. -
The
-k
or--key
argument is required, and should reference the path to a copy of your private key in PEM format. -
the
-u
or--username
argument is optional, and should reference a valid username in your environment.
By passing in a --username
argument, you will be generating a user token.
Otherwise, you will be generating an app token
See Yodlee Token Types.
A typical invokation of one of the apps will look like
$ generate --key private.pem --issuer-id f4d3dc80-885cbe1f-5f2b-4c74-0097-39dc59ae751c
That version doesn’t include a username, so that will produce an application token.
Using short form options, we have
$ generate -k private.pem -i f4d3dc80-885cbe1f-5f2b-4c74-0097-39dc59ae751c -u sbMem5c758c42bb1d12
That will produce a user token.
Copyright 2019 © Envestnet | Yodlee
Free use of this software is granted under the terms of the MIT License. See LICENSE for details.