| Expand | ||||
|---|---|---|---|---|
| ||||
|
1. Overview
The UAE Standards will support two approaches of carrying out the authentication procedure of the User, namely redirection and decoupled .
...
The authentication journeys are categorized based on the device and the application where the consumption of User-facing TPP service and authentication takes place
2. Redirection
...
The User consumes the User-facing TPP service and authenticates for the OF request with the AE on a separate applications on the same device. The authentication data is exchanged only between User and the AE through the AE and the User-facing TPP has no visibility of this. Redirection uses the principle of deeplinking when the User’s action within the User-facing TPP app/website invokes the AE app/website.
3. Decoupled
...
The User consumes the User-facing TPP service and authenticates with the AE on separate applications on separate devices. The authentication data is exchanged only between User and AE through the AE application and the User-facing TPP has no visibility of this. A Decoupled experience on the two devices can be achieved by using Redirection where the User uses a deeplink within the User-facing TPP app/website on one device to invoke their AE app/website on another device
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
Using the Redirection implementation the User-facing TPPs can implement a redirection flow on a single device or a Decouple redirection flow using two devices depending on the customer experience they want to support. A Decoupled Redirection does not require the AE to implement anything in addition to the Redirection flow they will be implementing. |