Redirect PSU to consent API

1. ConsentAuthorisationApi

The redirect start with a get request to the entryPoint of the ConsentAuthorisationApi, for authorizing a consent initiated on the TppBankingApi side.

Diagram

Request processing ConsentAPI

2.1 Retrieve Corresponding BankingProtocol

ConsentAuthorisationApi will use the given redirectCode to load the matching BankingProtocol.

2.2 .. 2.6 Retrieve associated TppConsentSession

ConsentAuthorisationApi will let BankingProtocol use the redirectCode to retrieve the TppConsentSession .

Interacting with the PsuUserAgent

2.7 consentAuthState

The CSRF-State String is called: consentAuthState

2.8 AuthorizeResponse

The AuthorizeResponse returned to the ConsentAuthorisationUI is used to display info to the PSU.

This AuthorizeResponse object is always synchronized with the ConsentAuthSessionCookie set with the same HTTP response object.

Any session, account or payment information needed to manage the authorization process is stored in both AuthorizeResponse (for display) and in the encrypted in the ConsentAuthSessionCookie. The consentCookieString is httpOnly

2.9 ConsentAuthSessionCookie

The ConsentAuthSessionCookie is used to maintain session between ConsentAuthorisationUI and ConsentAuthorisationApi. It will generated and set as a httpOnly, Secure

3. Displaying Consent Authorize UI

4. Redirecting PSU to the ASPSP

The returned AuthorizeResponse object info information needed to redirect the PSU to the target ASPSP. BackRedirectURL (OKUrl, NOKURL, etc... dependent of ASPSP API) contains the consentAuthState.