Following deployment of the "Barclays enhanced OB journeys", there is no way for the PSU to cancel the journey and be redirected back to the TPP. For example:
On the "log in" page there is no "Go back to TPP" button that a PSU could press in the case of them not knowing their credentials.
Once the PSU has "logged in", when they are going through the consent screens, there is a "Cancel" option, however this does not redirect the PSU back to the TPP.
PSU should always have the option to be redirected back to the TPP if they cannot complete the consent journey.
PSU is "stuck" on the Barclays page and has no feasible way of returning to the TPP if they do not know their credentials or do not want to consent.
Critical. This change has been pushed onto a live production environment, breaking redirection flows for PSUs that do not know their credentials or are not comfortable in giving consent.
This goes against the principle of Oauth which requires error redirection so that a PSU can continue using a TPPs product in the case of failure.
Provide a "Cancel"/"Go back to TPP" option for PSUs