{"id":23448548,"url":"https://github.com/mondido/omniauth-nordea","last_synced_at":"2026-04-29T22:02:52.134Z","repository":{"id":78005455,"uuid":"134745763","full_name":"Mondido/omniauth-nordea","owner":"Mondido","description":"Omniauth strategy for Nordea Open Banking ","archived":false,"fork":false,"pushed_at":"2018-05-25T15:12:32.000Z","size":8,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-05T00:52:49.933Z","etag":null,"topics":["mondido","nordea","openbanking","payments","psd2"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Mondido.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-24T17:05:38.000Z","updated_at":"2019-02-19T09:16:54.000Z","dependencies_parsed_at":"2023-03-12T03:23:54.257Z","dependency_job_id":null,"html_url":"https://github.com/Mondido/omniauth-nordea","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Mondido/omniauth-nordea","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mondido%2Fomniauth-nordea","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mondido%2Fomniauth-nordea/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mondido%2Fomniauth-nordea/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mondido%2Fomniauth-nordea/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Mondido","download_url":"https://codeload.github.com/Mondido/omniauth-nordea/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mondido%2Fomniauth-nordea/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32445555,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T20:22:27.477Z","status":"ssl_error","status_checked_at":"2026-04-29T20:22:26.507Z","response_time":110,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mondido","nordea","openbanking","payments","psd2"],"created_at":"2024-12-23T22:17:07.531Z","updated_at":"2026-04-29T22:02:52.129Z","avatar_url":"https://github.com/Mondido.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OmniAuth NordeaOB\n\n## WORK IN PROGRESS\n\n[OmniAuth](https://github.com/intridea/omniauth) strategy for authenticating\nNordea Open Banking users.\n\n\nThis is intended for apps already using OmniAuth, for apps that authenticate\nagainst more than one service (eg: Heroku and GitHub), or apps that have\nspecific needs on session management. \n\n\n## Configuration\n\nOmniAuth works as a Rack middleware. Mount this Nordea adapter with:\n\n```ruby\nuse OmniAuth::Builder do\n  provider :nordea, ENV.fetch(\"NORDEA_OAUTH_ID\"), ENV.fetch(\"NORDEA_OAUTH_SECRET\")\nend\n```\n\nObtain a `NORDEA_OAUTH_ID` and `NORDEA_OAUTH_SECRET` by creating an app at\nthe [Nordea Open Banking Portal](https://developer.nordeaopenbanking.com/).\n\nYour Nordea OAuth client should be set to receive callbacks on\n`/auth/nordea/callback`.\n\n\n## Usage\n\nInitiate the OAuth flow sending users to `/auth/nordea`.\n\nOnce the authorization flow is complete and the user is bounced back to your\napplication, check `env[\"omniauth.auth\"][\"credentials\"]`. It contains both a\nrefresh token and an access token (identified just as `\"token\"`) to the\naccount.\n\n\n### Basic account information\n\nIf you want this middleware to fetch additional Nordea account information like\nthe user email address and name, use the `fetch_info` option, like:\n\n```ruby\nuse OmniAuth::Builder do\n  provider :nordea, ENV.fetch(\"NORDEA_OAUTH_ID\"), ENV.fetch(\"NORDEA_OAUTH_SECRET\"),\n    fetch_info: true\nend\n```\n\nThis sets name and email in the [omniauth auth hash][auth-hash]. You can access\nit from your app via `env[\"omniauth.auth\"][\"info\"]`.\n\n[auth-hash]: https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema\n\n### OAuth scopes\n\n[Nordea supports different OAuth scopes][oauth-scopes]. By default this\nstrategy will request global access to the account, but you're encouraged to\nrequest for less permissions when possible.\n\n[oauth-scopes]: https://developer.nordeaopenbanking.com/\n\nTo do so, configure it like:\n\n```ruby\nuse OmniAuth::Builder do\n  provider :nordea, ENV.fetch(\"NORDEA_OAUTH_ID\"), ENV.fetch(\"NORDEA_OAUTH_SECRET\"),\n    scope: \"identity\"\nend\n```\n\nThis will trim down the permissions associated to the access token given back\nto you.\n\nThe Oauth scope can also be decided dynamically at runtime. For example, you\ncould use a `scope` GET parameter if it exists, and revert to a default `scope`\nif it does not:\n\n```ruby\nuse OmniAuth::Builder do\n  provider :nordea, ENV.fetch(\"NORDEA_OAUTH_ID\"), ENV.fetch(\"NORDEA_OAUTH_SECRET\"),\n    scope: -\u003e(request) { request.params[\"scope\"] || \"identity\" }\nend\n```\n\n\n\n## Example - Rails\n\nUnder `config/initializers/omniauth.rb`:\n\n```ruby\nRails.application.config.middleware.use OmniAuth::Builder do\n  provider :nordea, ENV.fetch(\"NORDEA_OAUTH_ID\"), ENV.fetch(\"NORDEA_OAUTH_SECRET\")\nend\n```\n\nThen add to `config/routes.rb`:\n\n```ruby\nExample::Application.routes.draw do\n  get \"login\" =\u003e \"sessions#new\"\n  get \"/auth/:provider/callback\" =\u003e \"sessions#create\"\nend\n```\n\nController support:\n\n```ruby\nclass SessionsController \u003c ApplicationController\n  def new\n    redirect_to \"/auth/nordea\"\n  end\n\n  def create\n    access_token = request.env['omniauth.auth']['credentials']['token']\n    # DO NOT store this token in an unencrypted cookie session\n    # Please read \"A note on security\" below!\n    nordea_api = Nordea::API.new(api_key: access_token)\n    @apps = nordea_api.get_apps.body\n  end\nend\n```\n\nAnd view:\n\n```erb\n\u003ch1\u003eYour apps:\u003c/h1\u003e\n\n\u003cul\u003e\n  \u003c% @apps.each do |app| %\u003e\n    \u003cli\u003e\u003c%= app[\"name\"] %\u003e\u003c/li\u003e\n  \u003c% end %\u003e\n\u003c/ul\u003e\n```\n\n## A note on security\n\n**Make sure your cookie session is encrypted before storing sensitive\ninformation on it, like access tokens**. [encrypted_cookie][encrypted-cookie]\nis a popular gem to do that in Ruby.\n\n[encrypted-cookie]: https://github.com/cvonkleist/encrypted_cookie\n\nBoth Rails and Sinatra take a cookie secret, but that is only used to protect\nagainst tampering; any information stored on standard cookie sessions can\neasily be read from the client side, which can be further exploited to leak\ncredentials off your app.\n\n\n## Meta\n\nReleased under the MIT license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmondido%2Fomniauth-nordea","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmondido%2Fomniauth-nordea","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmondido%2Fomniauth-nordea/lists"}