No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


NWCreditUnion-Demo is an example of a Relying Party application. This demo utilizes Trusted Key's wallet service to allow users to verify their identity to open credit accounts, passwordless login into their accounts, and have full control over their money by verifying every purchase made at merchant sites.

Getting started

This application was developed under Node-js version 6.10.x. Use nvm to install the latest stable version of node v6.10

To begin, obtain OAuth Client Id & Client Secre by registering a relying party application at Detailed instructions on this can be found here.

A running MongoDB instance, and the hosted/local URL of the application are also required.

A JWT token is used for authentication with the credit union's endpoints, so we shall need a 128bit ASCII String JWT secret.

An optional hosted merchant URL can be provided to try out transaction signature requests.

Update the config.js file accordingly:

  config.localUrl = 'https://<where your application is hosted>';
  config.oauthClientId = '<client id>';
  config.oauthClientSecret = '<client secret>';
  config.authorizeCallbackRoute = '/<registered callback url route>';
  config.mongoDbUri = 'mongodb://<username>:<password>@<fqdn:port>/<db name>';
  config.jwtTokenSecret = '<128bit ASCII String secret>';
  config.merchantUrl = 'https://<where your merchant application is hosted>'; //Optional

Install dependencies and run the application:

# Change to project directory
cd <project-directory>

# Install npm dependencies
npm install

# Run the applicationn
node index.js

Endpoint Authentication

A JWT token is used for authentication. We create the JWT token using the token obtain from Trusted Key’s OAuth. The rederictUri receives this token. The JWT token can be in either a Cookie token=<JWT>;path=/ or as part of the request header X-Auth-Token: <JWT> when making calls to NWCreditUnions’s endpoints. Our jwt-service.js handles creation and authorization of jwt tokens.


These endpoints can be used by a accompanying credit union mobile app or merchant website.

GET /getLoginToken?userName=<user's registered email>

Returns JWT token as part of header or cookie for use with other endpoints requiring user authentication.

GET /oauth/logout

Clears all cookies and invalidates tokens.

GET /getUser

Returns an authenticated user's personal account details.

GET /deleteUser

Deletes an authenticated user's account from the database.

GET /save-card?hash=<hash of cardnumber + cvv>&lastFourDigits=<card's last 4 digits>

Attach a credit card to the user's account.

GET /fraud/credit-card?hash=<hash of credit card number + cvv>&amount=&merchant=

Finds a user account with the matching credit card hash and sends a signature request to the user's wallet to confirm or deny a transaction.