Barclays - Online Banking - PSU cannot cancel the journey

Description

Barclays - Online Banking - PSU cannot cancel the journey

Following deployment of the "Barclays enhanced OB journeys", there is no way for the PSU to cancel the journey and be redirected back to the TPP. For example:

  • On the "log in" page there is no "Go back to TPP" button that a PSU could press in the case of them not knowing their credentials.

  • Once the PSU has "logged in", when they are going through the consent screens, there is a "Cancel" option, however this does not redirect the PSU back to the TPP.

Expected

PSU should always have the option to be redirected back to the TPP if they cannot complete the consent journey.

Actual

PSU is "stuck" on the Barclays page and has no feasible way of returning to the TPP if they do not know their credentials or do not want to consent.

Impact

Critical. This change has been pushed onto a live production environment, breaking redirection flows for PSUs that do not know their credentials or are not comfortable in giving consent.

This goes against the principle of Oauth which requires error redirection so that a PSU can continue using a TPPs product in the case of failure.

Remediation

  • Provide a "Cancel"/"Go back to TPP" option for PSUs

Technical Impact

None

Workaround

None

Resolution Notes

None

Impact Assessment

None

Status

Assignee

Unassigned

Reporter

Service Desk

Reference

None

Service Desk Reference

OBSD-6455

ASPSP

Query Type

None

Created (Original)

Jan 31, 2019, 3:51 PM

TPP Impact

High

Issue Summary

Barclays - Online Banking - PSU cannot cancel the journey

OB Environment

Production

Business Impact Severity

None

Share

Yes
Configure