On the web-to-web consent journey, after the PSU logs in, they are presented with the consent screen to select the accounts for which to share account information for (see attached image). If they click on any of the other links on the page, for example one of the drop down menus at the top, they are redirected to those pages, and it is not possible for them to return to the consent journey or the TPP.
As with OBSD-6455, this breaks the Oauth redirection flow as the PSU is "swallowed" by Barclays, and there is no feasible option for them to be able to return back to the TPP.
The PSU should always have the option to be redirected back to the TPP if they cannot complete the consent journey.
The PSU is "stuck" on the Barclays Online Banking page and has no feasible options for them to return back to the TPP.
Critical. This change has been pushed onto a live production, breaking redirection flows for PSUs that click on any of the links provided to them during the consent journey.