when a new AIS consent is confirmed with confirmation code the old AIS consent is not being expired.

[dominikseitz]

Place where bug appeared

https://github.com/adorsys/xs2a/blob/0777a990c3532d95b5b171e1fd07fa550d800135/xs2a-impl/src/main/java/de/adorsys/psd2/xs2a/service/authorization/ConsentAuthorisationConfirmationService.java#L135

Current behavior

old AIS consents stay in consent management system and are not being expired.

Expected behavior

old AIS consents for the same TPP and PSU should be expired.

If no confirmation code is being used it works fine by calling https://github.com/adorsys/xs2a/blob/78774402f4ae8ecf9fa0c8dd891861274bbf06ff/consent-management/consent-management-lib/src/main/java/de/adorsys/psd2/consent/service/psu/CmsPsuAisServiceInternal.java#L190

Steps to reproduce

• create and authorise an AIS consent with redirect flow and confirmation code enabled.
• create and authorise a second AIS consent with redirect flow and confirmation code enabled for same TPP and same PSU.
• check status of all AIS consents for the given TPP and PSU.

SCA approach

• [ x] Redirect with confirmation code enabled
• [ ] Embedded
• [ ] Decoupled

XS2A version(s):

• 9.5

Log files or other additional info

[dashkok]

Hello, Thank you for your request. This issue will be fixed with the new release in February. We will let you know as soon as a new version of XS2A will be released.

BR, Daria Lavrenova Opensource team

[andriimurashkin]

Fixed in XS2A for v.8.9 and v.9.8.

@dominikseitz FYI