Barclays - Online Banking - Logging in with passcode and memorable word "swallows" the PSU

Description

Barclays - Online Banking - Logging in with passcode and memorable word "swallows" the PSU

According to the Open Banking Account and Transaction API Specification v1.1.0:
> If the PSU does not complete a successful consent authorisation (e.g. if the PSU is not authenticated successfully), the authorization code grant ends with a redirection to the TPP with an error response as described in RFC 6749 Section 4.1.2.1. The PSU is redirected to the TPP with a error parameter indicating the error that occoured.

Following deployment of the "Barclays enhanced OB journeys", during the web-to-web flow if the PSU logs in using "Passcode and memorable word", they are encountered with an error (see attached screenshot), and are "stuck" on their Online Banking portal.

There is no way for the PSU to come back to the TPP, unless they "go back" on their browser, which is not an acceptable UX, and does not notify the TPP that the PSU was unable to complete the redirection journey.
Further, the PSU should not even be presented with the option of using "Passcode and memorable word" if, through that "log in" method, they are not "authorised enough" to authorise an AccountRequest.

Expected

PSU should be redirected back to the TPP if they cannot log in using PINsentry or Mobile PINsentry.

Actual

PSU is "stuck" on the Barclays page and has no feasible way of returning to the TPP.

Impact

Critical. This change has been pushed onto a live production environment, breaking redirection flows for PSUs that log in using one of the three options provided to them ("Passcode and memorable word").

Remediation

  • Redirect the PSU back to the TPP if the PSU does not have "enough access" to authorise the AccountRequest.

  • Do not present the option to log in via "Passcode and memorable word" if the PSU is not "authorised" enough to authorise the AccountRequest.

Technical Impact

None

Workaround

None

Resolution Notes

None

Impact Assessment

None

Status

Assignee

Unassigned

Reporter

Service Desk

Reference

None

Service Desk Reference

OBSD-6454

ASPSP

Query Type

None

TPP Impact

High

OB Environment

Production

Business Impact Severity

None

Share

Yes
Configure