update fdx

Author: reverentgeek

CLAUDE.md

@@ -54,6 +54,7 @@ pnpm --filter @apps/app start   # Start APP in production
 ### Caddy Configuration
 
 The current `caddyfile` configuration routes traffic as follows:
+
 - `id.localtest.me` → `localhost:3001` (OP)
 - `app.localtest.me` → `localhost:3004` (Client App)
 - `api.localtest.me` → `localhost:3003` (Resource Server)
@@ -113,7 +114,7 @@ Key features:
 - Includes customer and account data repositories
 - Uses Pino for structured logging
 - Runs on port 3003
-- Implements FDX Core Exchange API specification (v6.3.1)
+- Implements FDX with Plaid's Core Exchange API specification (v6.3.1)
 
 Key components:
 
@@ -124,7 +125,7 @@ Key components:
 - Request validation utilities
 - Public health endpoint
 
-Available endpoints (FDX Core Exchange compliant):
+Available endpoints (FDX compliant):
 
 - `/api/fdx/v6/customers/current` - Get current customer information
 - `/api/fdx/v6/accounts` - List customer accounts
@@ -189,6 +190,7 @@ The authorization server supports multiple client configurations:
 3. **Environment variable**: Set `OIDC_CLIENTS` as a JSON string
 
 Each client configuration must include:
+
 - `client_id`: Unique client identifier
 - `client_secret`: Client secret for authentication
 - `redirect_uris`: Array of allowed redirect URIs
@@ -200,6 +202,7 @@ Each client configuration must include:
 ### Scopes
 
 Supported scopes:
+
 - `openid` - Basic identity (required)
 - `profile` - Profile information (name)
 - `email` - Email address
@@ -209,6 +212,7 @@ Supported scopes:
 ### Token TTLs
 
 Default token lifetimes (configured in `apps/auth/src/index.ts`):
+
 - Session: 1 day (86400 seconds)
 - Grant: 1 year (31536000 seconds)
 - Access Token: 1 hour (3600 seconds)
@@ -220,13 +224,15 @@ Default token lifetimes (configured in `apps/auth/src/index.ts`):
 The authorization server uses JWKS (JSON Web Key Set) to sign JWT tokens:
 
 **Development (default):**
+
 - No `JWKS` environment variable needed
 - `oidc-provider` auto-generates ephemeral keys on startup
 - Keys have `kid="keystore-CHANGE-ME"` in JWT headers
 - Keys regenerate on each restart (invalidates all tokens)
 - Perfectly acceptable for local development
 
 **Production (required):**
+
 - Set `JWKS` environment variable with persistent signing keys
 - Prevents token invalidation on server restarts
 - Enables proper key rotation strategy
@@ -235,6 +241,7 @@ The authorization server uses JWKS (JSON Web Key Set) to sign JWT tokens:
 - Contains private key material - never commit to version control
 
 **Why persistent keys matter:**
+
 - Tokens survive service restarts and deployments
 - Multiple server instances can share the same keys
 - Proper cryptographic key rotation
@@ -249,7 +256,7 @@ The authorization server uses JWKS (JSON Web Key Set) to sign JWT tokens:
 3. Use demo credentials: `[email protected]` / `passw0rd!`
 4. Approve consent (you'll see all requested scopes: openid, email, profile, offline_access, accounts:read)
 5. After redirect, explore the features:
-   - **API Explorer** (`/api-explorer`): Test all FDX Core Exchange endpoints interactively
+   - **API Explorer** (`/api-explorer`): Test all FDX endpoints interactively
    - **Token Inspector** (`/token`): View your ID token claims and user information
    - **Token Debug** (`/debug/tokens`): Inspect raw and decoded access/ID/refresh tokens
 

README.md

@@ -1,10 +1,12 @@
-# Core Exchange Sample Implementation
+# Build FDX APIs using Plaid
+
+## Core Exchange Sample Implementation with Node.js
 
 <p align="center">
   <img src="apps/app/public/plaidypus-200.png" alt="Plaidypus Logo" width="200">
 </p>
 
-A working example of [Plaid Core Exchange](https://plaid.com/core-exchange/docs/) with OpenID Connect and FDX Core Exchange API v6.3. We built this with TypeScript, Express, and battle-tested OAuth libraries so you can see how all the pieces fit together.
+A working example of [Plaid Core Exchange](https://plaid.com/core-exchange/docs/) with OpenID Connect and FDX API v6.3. We built this with TypeScript, Express, and battle-tested OAuth libraries so you can see how all the pieces fit together.
 
 ## What's Inside
 
@@ -50,7 +52,7 @@ The OpenID Provider. This is where users log in and grant permissions. We're usi
 
 ### Resource Server (`apps/api`)
 
-The protected API implementing FDX Core Exchange API v6.3. Every request gets validated—we check JWT access tokens using `jose` against the Auth server's JWKS endpoint and enforce scope-based authorization. Customer and account data live here, accessed via a repository pattern.
+The protected API implementing FDX v6.3 using Plaid's Core Exchange. Every request gets validated—we check JWT access tokens using `jose` against the Auth server's JWKS endpoint and enforce scope-based authorization. Customer and account data live here, accessed via a repository pattern.
 
 **Endpoints you get:** Customer info, account details, statements, transactions, contact info, payment and asset transfer network data
 
@@ -205,7 +207,7 @@ Once everything's running, here's the fun part:
 
 ### Resource Server (API)
 
-All the FDX Core Exchange API v6.3 endpoints you need:
+All the FDX v6.3 endpoints you need for Plaid Core Exchange:
 
 - **Customer**: `/api/fdx/v6/customers/current`
 - **Accounts**: `/api/fdx/v6/accounts`, `/api/fdx/v6/accounts/{accountId}`

apps/app/public/styles.css

@@ -1,4 +1,4 @@
-/*! tailwindcss v4.1.14 | MIT License | https://tailwindcss.com */
+/*! tailwindcss v4.1.15 | MIT License | https://tailwindcss.com */
 @layer properties;
 @layer theme, base, components, utilities;
 @layer theme {
@@ -169,7 +169,9 @@
     ::placeholder {
       color: currentcolor;
       @supports (color: color-mix(in lab, red, red)) {
-        color: color-mix(in oklab, currentcolor 50%, transparent);
+        & {
+          color: color-mix(in oklab, currentcolor 50%, transparent);
+        }
       }
     }
   }

apps/app/views/api-explorer.ejs

@@ -4,7 +4,7 @@
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>API Explorer - Plaidypus Client</title>
+  <title>API Explorer - Plaidypus FDX Explorer</title>
   <link rel="icon" type="image/png" href="/public/plaidypus-200.png">
   <link href="/public/styles.css" rel="stylesheet">
   <style>
@@ -239,7 +239,9 @@
               <h3 class="text-md font-medium text-plaid-dark-gray">Response</h3>
               <button onclick="copyToClipboard('response-content', this)" class="copy-button" style="float: none;">
                 <svg class="w-4 h-4 inline-block mr-1" fill="none" stroke="currentColor" viewBox="0 0 24 24">
-                  <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z"></path>
+                  <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2"
+                    d="M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z">
+                  </path>
                 </svg>
                 Copy
               </button>

apps/app/views/debug-tokens.ejs

@@ -4,7 +4,7 @@
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Token Debug - Plaidypus Client</title>
+  <title>Token Debug - Plaidypus FDX Explorer</title>
   <link rel="icon" type="image/png" href="/public/plaidypus-200.png">
   <link href="/public/styles.css" rel="stylesheet">
 </head>

apps/app/views/index.ejs

@@ -4,7 +4,7 @@
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Home - Plaidypus Client</title>
+  <title>Home - Plaidypus FDX Explorer</title>
   <link rel="icon" type="image/png" href="/public/plaidypus-200.png">
   <link href="/public/styles.css" rel="stylesheet">
 </head>
@@ -17,8 +17,8 @@
         <div class="flex items-center space-x-4">
           <img src="/public/plaidypus-200.png" alt="Plaidypus Logo" class="h-16 w-16">
           <div>
-            <h1 class="text-3xl font-bold text-plaid-black">Core Exchange API Playground</h1>
-            <p class="text-plaid-dark-gray mt-2">Time to check out Core Exchange in action!</p>
+            <h1 class="text-3xl font-bold text-plaid-black">Build FDX APIs using Plaid</h1>
+            <p class="text-plaid-dark-gray mt-2">See FDX APIs in action using Plaid Core Exchange!</p>
           </div>
         </div>
       </div>
@@ -28,10 +28,10 @@
         <h2 class="text-lg font-semibold text-plaid-black mb-4">What's Under the Hood</h2>
         <div class="prose prose-sm max-w-none text-plaid-dark-gray">
           <p class="mb-3">
-            A full-stack reference implementation of <a href="https://plaid.com/core-exchange/docs/reference/6.3"
-              target="_blank" rel="noopener noreferrer"
+            A full-stack reference implementation of FDX v6.3 using Plaid <a
+              href="https://plaid.com/core-exchange/docs/reference/6.3" target="_blank" rel="noopener noreferrer"
               class="text-plaid-mint-600 hover:text-plaid-mint-700 underline hover:no-underline">Core
-              Exchange API v6.3</a> with
+              Exchange</a> with
             proper OAuth 2.0 + OpenID Connect (OIDC) flows. A sample of everything you need to build a secure
             integration with Plaid.
           </p>

apps/app/views/partials/navigation.ejs

@@ -5,7 +5,7 @@
       <div class="flex items-center">
         <a href="/" class="flex items-center space-x-3 text-xl font-bold text-plaid-black hover:text-plaid-mint-600 transition-colors">
           <img src="/public/plaidypus-200.png" alt="Plaidypus Logo" class="h-10 w-10">
-          <span>Plaidypus Client</span>
+          <span>Plaidypus FDX Explorer</span>
         </a>
       </div>
 

apps/app/views/token.ejs

@@ -4,7 +4,7 @@
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Token Inspector - Plaidypus Client</title>
+  <title>Token Inspector - Plaidypus FDX Explorer</title>
   <link rel="icon" type="image/png" href="/public/plaidypus-200.png">
   <link href="/public/styles.css" rel="stylesheet">
   <style>

apps/auth/public/styles.css

@@ -1,4 +1,4 @@
-/*! tailwindcss v4.1.14 | MIT License | https://tailwindcss.com */
+/*! tailwindcss v4.1.15 | MIT License | https://tailwindcss.com */
 @layer properties;
 @layer theme, base, components, utilities;
 @layer theme {
@@ -149,7 +149,9 @@
     ::placeholder {
       color: currentcolor;
       @supports (color: color-mix(in lab, red, red)) {
-        color: color-mix(in oklab, currentcolor 50%, transparent);
+        & {
+          color: color-mix(in oklab, currentcolor 50%, transparent);
+        }
       }
     }
   }

scripts/secrets.js

@@ -2,7 +2,7 @@
 /* eslint-disable no-console */
 
 /**
- * Core Exchange Secrets Manager
+ * Secrets CLI
  *
  * A unified CLI tool for generating secure secrets and OAuth client credentials
  *
@@ -165,7 +165,7 @@ function generateAll( prefix = null ) {
  */
 function showHelp() {
 	console.log( `
-Core Exchange Secrets Manager
+Secrets CLI
 
 A unified CLI tool for generating secure secrets and OAuth client credentials.