What does it mean if my app doesn't receive an authorization code?
After a successful authorization request, TPP app expects to receive an authorization code that can be further exchanged to an access token that can be then used to access PSD2 APIs. There are however scenarios where the authorization code is not returned but instead just a callback is returned with some information on what happened with the customer session.
What are the most common scenarios where the authorization code is not returned?
1) User (PSU) cancelling the authentication session
2) User (PSU) cancelling the access authorization while selecting their accounts
What fields should I expect in the callback?
Scenario | Field in URL | |
---|---|---|
httpMessage | moreInformation | |
User cancelled the session during authentication | error.session.cancelled | Session cancelled by user |
User cancelled the session during access authorization (account selection) | error.session.cancelled | Session cancelled by user |
Authorization failed for other reasons | error.authorization.failed | Authorization failed |
Customer timing out | error.session.expired |
Session expired |
Example:
httpMessage=error.session.cancelled&
moreInformation=Session+cancelled+by+user