Redirects in Mobile Apps
Some banks redirect the user to a bank hosted website for authentication. On mobile apps these redirects can cause problems when the user returns from the bank website and wants to continue in your mobile app.
In order to prevent these problems, (1) set the redirect_return_url
for mobile app sessions and (2) open the redirect URL in a way that works best for your mobile app.
Optionally, you can (3) close the WebView directly once the last flow of your session has finished.
Finally, test your integration by using the redirect flow of the PSD2 test bank.
1. Set the redirect_return_url
for mobile app sessions
This will prevent the user from getting stuck after the redirect was completed.
We recommend setting it to the view with the WebView containing the XS2A App. The WebView will instruct the user on how to continue the authentication or trigger one of callbacks to inform about its final state. For example onFinished
if the authentication is completed.
See how to set the redirect_return_url
in the create session call.
2. Open the redirect URL
You can open the redirect
- (A) outside of your mobile app in the default browser app,
- (B) in an additional WebView inside your mobile app or
- (C) in the same WebView inside your mobile app.
DO NOT implement (B) or (C) without Klarna's direct approval as these can cause technical issues and/or are not allowed by certain banks.
(A) Open the redirect outside of your mobile app in the default browser app
The XS2A App opens the redirect with a window.open
call. Catch that event and open the requested external URL in the default browser. Typically this can be done by listening to the onNavigationStateChange
event of the WebView.
(B) Open the redirect in an additional WebView inside your mobile app
The XS2A App opens the redirect with a window.open
call. Catch that event and open the requested external URL in a new WebView. Typically this can be done by listening to the onNavigationStateChange
event of the WebView. The new WebView needs to enable JavaScript and localStorage.
(C) Open the redirect in the same WebView inside your mobile app
Set the psd2RedirectMethod
option to sameWindow
when calling the configure()
or startFlow()
function of our SDK.
window.XS2A.configure({
psd2RedirectMethod: 'sameWindow'
});
This will trigger the redirect to be opened in the already existing WebView.
3. Close the WebView directly once the last flow has finished
In any case, the state of the flow reveals if the authentication has been completed or if there are further steps for the user to complete. This provides an additional way to understand if the XS2A App can be closed besides the client-side onFinished
callback.
If the current state of the flow is "state":"FINISHED"
you can already get the results and close the WebView in your mobile app. If it is "state":"CONSUMER_INPUT_NEEDED"
you should call the startFlow()
with the corresponding client_token
in the WebView in your mobile app.
In order not to interrupt an existing or following flows, only do this on the last flow of your session.
See how to retrieve information about a flow and how to close the XS2A App.