Page Comparison

1

User-facing TPPs MUST initially ask the User to identify the LFI so that the consent request can be constructed in line with the LFIs data group and/or service initiation capabilities.

2

User-facing TPPs SHOULD make the User aware on the inbound redirection screen( User-facing TPP to LFI) that they will be taken to their LFI for authentication for data sharing.

3

If the User has an LFI app installed on the same device the redirection MUST invoke the LFIs app for authentication purposes only without introducing any additional screens. The LFIs app-based authentication MUST have no more than the number of steps that the User would experience when directly accessing the LFI app (biometric, passcode, credentials) and offer the same authentication method(s) available to the User when authenticating in their LFIs direct channels

4

After authentication, the User MUST be deep linked within the app to confirm the account(s) to which they would like the User-facing TPP to have access.

5

Invoking of the LFI App will happen only if the User has not chosen to block being redirected to the app.  If the User has blocked redirection to the app then the User will be redirected to a browser-based authentication and authorization journey of the LFI.

6

LFIs SHOULD have an outbound redirection screen which indicates the status of the request and informs the User that they will be automatically taken back to the User-facing TPP.

67

LFIs SHOULD inform the User on the outbound redirection screen that their session with the LFI was closed.

78

User-facing TPPs SHOULD confirm the successful completion of the Open Banking Service Request (DSR, SIR).