We've been trying to work with Barclays about this issue and we've been going back and forth with no resolution.
On Android, in different instances, the user gets the OBA28 error and cannot authenticate. This happens when:
App-to-app does not work straight away and the page below is loaded:
(check attached screenshot).
Then, when that webpage is loaded, an option is given to open the app manually by clicking a button. However, this button breaks the flow giving the OBA28 error.
There is absolutely no other way to authenticate using an Android phone in this case.
This happens, for instance, with some of our clients (Plum and Emma), who use a special webview/iframe that does not redirect the user to the app automatically.
Here's a video we recorded to show you the errors: https://drive.google.com/file/d/1zYOKPe8A-CPukgh20FbGN-ucAq_K33AS/view?usp=sharing
1. Using a valid launchbmb://CON link: it opens the app, but we get the OBA28 error.
2. Using the link you suggested, it doesn't work at all: launchNativeFlow://CON
3. Clicking on the default "oauth.tiaa.barclays.com" link, the flow works normally.
The big problem here is: whilst no other banks open the app directly in the scenarios above mentioned (using iframes, etc), Barclays does not provide a manual authentication flow (by asking the user to type their membership number, etc) and instead, breaks the only flow available (app-to-app).