tobypinder
commented
6 years ago AIB have deemed this issue "low impact" and placed on their Backlog
Open tobypinder opened 6 years ago
tobypinder
commented
6 years ago AIB have deemed this issue "low impact" and placed on their Backlog
As seen in attached images, clicking "Cancel" pre-authorization results in an error page. This error page does not reference the fact that the consumer cancelled the journey, nor does it allow the user to return to the TPP.
Expected
Redirection to the TPP with
errorandstateparameters as per Oauth 2.0.Actual
PSU ends up captive on the error screen.
Impact
High - PSUs are unable to return to a TPP and select a different bank or an alternative solution in this case. The situation of cancelling a consent journey is fairly normal user behaviour for a number of reasons - as such we'd expect a non-trivial portion of AIB BCA PSU's to be impacted.
Remediation
Fix underlying error on "cancel" on this journey, but more broadly it is important that PSU's always return to TPPs on error cases - generalised error pages should redirect or contain the link back to the PSU as per Oauth 2.0.