Redirects in Mobile Apps

Some banks redirect the user to a bank hosted website for authentication. On mobile apps these redirects can cause problems when the user returns from the bank website and wants to continue in your mobile app.

In order to prevent these problems, (1) set the redirect_return_url for mobile app sessions and (2) open the redirect URL in a way that works best for your mobile app.

Optionally, you can (3) close the WebView directly once the last flow of your session has finished.

Finally, test your integration by using the redirect flow of the PSD2 test bank.

1. Set the redirect_return_url for mobile app sessions

This will prevent the user from getting stuck after the redirect was completed.

We recommend setting it to the view with the WebView containing the XS2A App. The WebView will instruct the user on how to continue the authentication or trigger one of callbacks to inform about its final state. For example onFinished if the authentication is completed.

See how to set the redirect_return_url in the create session call.

2. Open the redirect URL

You can open the redirect

  • (A) outside of your mobile app in the default browser app,
  • (B) in an additional WebView inside your mobile app or
  • (C) in the same WebView inside your mobile app.

(A) Open the redirect outside of your mobile app in the default browser app

The XS2A App opens the redirect with a window.open call. Catch that event and open the requested external URL in the default browser. Typically this can be done by listening to the onNavigationStateChange event of the WebView.

(B) Open the redirect in an additional WebView inside your mobile app

The XS2A App opens the redirect with a window.open call. Catch that event and open the requested external URL in a new WebView. Typically this can be done by listening to the onNavigationStateChange event of the WebView. The new WebView needs to enable JavaScript and localStorage.

(C) Open the redirect in the same WebView inside your mobile app

Set the psd2RedirectMethod option to sameWindow when calling the configure() or startFlow() function of our SDK.

window.XS2A.configure({
    psd2RedirectMethod: 'sameWindow'
});

This will trigger the redirect to be opened in the already existing WebView.

3. Close the WebView directly once the last flow has finished

In any case, the state of the flow reveals if the authentication has been completed or if there are further steps for the user to complete. This provides an additional way to understand if the XS2A App can be closed besides the client-side onFinished callback.

If the current state of the flow is "state":"FINISHED" you can already get the results and close the WebView in your mobile app. If it is "state":"CONSUMER_INPUT_NEEDED" you should call the startFlow() with the corresponding client_token in the WebView in your mobile app.

In order not to interrupt an existing or following flows, only do this on the last flow of your session.

results matching ""

    No results matching ""