Builds the OIDC claims request parameter Moneyhub uses to drive
connection behaviour.
Moneyhub layers a set of mh:* custom claims on top of standard OIDC
claims. They're passed as the (URL-encoded, JSON-serialised) claims
parameter on the authorisation request - either inline, wrapped in a
signed request object (see MoneyHub.Auth.PrivateKeyJWT), or via Pushed
Authorisation Requests (see MoneyHub.Auth).
Every claim lives under id_token in the resulting JSON (Moneyhub does
not currently read claims from userinfo).
Example: register a new user for ongoing access
MoneyHub.Claims.new()
|> MoneyHub.Claims.put_sub()
|> MoneyHub.Claims.to_json()Example: connect a specific existing user
MoneyHub.Claims.new()
|> MoneyHub.Claims.put_sub("5c1907c0e6b340e5c056fb2a")
|> MoneyHub.Claims.to_json()Example: refresh an existing connection
MoneyHub.Claims.new()
|> MoneyHub.Claims.put_sub("5c1907c0e6b340e5c056fb2a")
|> MoneyHub.Claims.put_connection_id("b74f1a79f0be8bdb857d82d0f041d7d2:0f1aa7c1-6379-483a-bfd8-ae0a208fb635")
|> MoneyHub.Claims.to_json()Example: create a single immediate payment
MoneyHub.Claims.new()
|> MoneyHub.Claims.put_sub()
|> MoneyHub.Claims.put_payment(%{
"amount" => %{"amount" => 10.5, "currency" => "GBP"},
"creditorAccount" => %{"identification" => %{"sortCode" => "010203", "accountNumber" => "12345678"}},
"reference" => "Invoice 123"
})
|> MoneyHub.Claims.to_json()Summary
Functions
Starts an empty claims builder.
Sets an arbitrary mh:* (or any other) claim under id_token with the
given essential flag and/or fixed value. Use this for claims not yet
covered by a dedicated put_*/2 function.
Sets the mh:cat_type claim, controlling whether returned transactions
are categorised using the "personal" or "business" category set.
Sets the mh:con_id claim to target a specific existing connection - used
to refresh/re-sync a connection or to request re-authentication
(re-consent) for it.
Sets the mh:payment claim with the given payment request payload,
driving a single immediate payment authorisation.
Sets the mh:recurring_payment claim, driving a Variable Recurring
Payment (VRP) consent authorisation.
Sets the mh:standing_order claim, driving a standing order creation
authorisation.
Sets the sub claim, identifying which Moneyhub user this connection or
action belongs to.
Serialises the claims builder to a JSON string suitable for the claims
authorisation parameter.
Same as to_json/1 but raises on failure.
Types
Functions
@spec new() :: t()
Starts an empty claims builder.
Sets an arbitrary mh:* (or any other) claim under id_token with the
given essential flag and/or fixed value. Use this for claims not yet
covered by a dedicated put_*/2 function.
Sets the mh:cat_type claim, controlling whether returned transactions
are categorised using the "personal" or "business" category set.
Sets the mh:con_id claim to target a specific existing connection - used
to refresh/re-sync a connection or to request re-authentication
(re-consent) for it.
Sets the mh:payment claim with the given payment request payload,
driving a single immediate payment authorisation.
payment is the raw payment request map (amount, creditor account,
reference, and so on) as documented for the payments API.
Sets the mh:recurring_payment claim, driving a Variable Recurring
Payment (VRP) consent authorisation.
Sets the mh:standing_order claim, driving a standing order creation
authorisation.
Sets the sub claim, identifying which Moneyhub user this connection or
action belongs to.
Called with no user_id, this marks the claim essential without a
fixed value, letting Moneyhub assign a new user and report their id in
the returned id_token (used when registering a brand-new user). Called
with a user_id, it pins the connection/action to that specific,
already-registered user.
@spec to_json(t()) :: {:ok, String.t()} | {:error, MoneyHub.Error.t()}
Serialises the claims builder to a JSON string suitable for the claims
authorisation parameter.
Same as to_json/1 but raises on failure.