What does it mean if my app doesn't receive an auth code?
After a successful authorization request, TPP app expects to receive an auth code that can be further exchanged to an access token that can be then used to access PSD2 APIs. There are however scenarios where the auth code is not returned but instead just a callback is returned with some information on what happened with the customer session.
Below is an illustration of the authorization flow and the step where the callback might happen.
What are the most common scenarios where the auth code is not returned?
1) User (PSU) cancelling the authentication session
2) User (PSU) cancelling the access authorization while selecting their accounts
So what fields should I expect in the callback?
|Scenario||Field in URL|
|User cancelled the session during authentication||error.session.cancelled||Session cancelled by user|
|User cancelled the session during access authorization (account selection)||error.session.cancelled||Session cancelled by user|
|Authorization failed for other reasons||error.authorization.failed||Authorization failed|
|Customer timing out||error.session.expired||