Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: link to authorize api

During the authorise flow when requesting a PSU (Payment Service User) to provide the PSU consent after the authentication, the consent webpage (consent page) is displayed. The default consent page is designed for WSO2 Open Banking. But an Account Servicing Payment Service Provider (ASPSP) can customise the consent page according to the requirements. Following topics explain where an ASPSP can customise the consent page: 


Table of Content Zone
locationtop

Customise the theme of the consent page

Given below is the default Consent page of WSO2 Open Banking. 

If an ASPSP wishes to customise the theme of the existing consent page, they can modify the files in the following directories:

RequirementRelevant file Location
Change the style sheet

<WSO2_OB_IAM_HOME>/repository/deployment/server/webapps/ob#authenticationendpoint/css

Change the default font<WSO2_OB_IAM_HOME>/repository/deployment/server/webapps/ob#authenticationendpoint/fonts
Change the images<WSO2_OB_IAM_HOME>/repository/deployment/server/webapps/ob#authenticationendpoint/images
change the existing JavaScripts<WSO2_OB_IAM_HOME>/repository/deployment/server/webapps/ob#authenticationendpoint/js



Customise the layout of the consent page

The authentication endpoint in WSO2 Open Banking allows the ASPSP to customise the layout of the consent page. The consent page is designed in a servelet that consists of three main JSP pages as shown in the diagram below:

Users can also make changes to the relevant JSP pages and customise according to the requirement. In order to customise the layout of the authentication endpoint, locate the JSP pages in the following locations:

JSP PageDirectory path

Header

<WSO2_OB_IAM_HOME>/repository/deployment/server/webapps/ob#authenticationendpoint/includes/consent_top.jsp

Body

<WSO2_OB_IAM_HOME>/repository/deployment/server/webapps/ob#authenticationendpoint

In this folder, the following are the specification-specific JSP pages that are used as JSP bodies:

  • oauth2_consent_default.jsp
  • oauth2_consent_uk_accounts.jsp
  • oauth2_consent_uk_payments.jsp
  • oauth2_consent_uk_cof.jsp
  • oauth2_consent_uk_consentmgt.jsp
  • oauth2_consent_sg_accounts.jsp
  • oauth2_consent_au_accounts.jsp
  • oauth2_consent_berlin_accounts.jsp
  • oauth2_consent_berlin_consentmgt.jsp
  • oauth2_consent_berlin_payments.jsp
  • oauth2_consent_berlin_accounts.jsp
Footer<WSO2_OB_IAM_HOME>/repository/deployment/server/webapps/ob#authenticationendpoint/includes/consent_bottom.jsp



Customise the consent page to display the bank-specific information

Currently, the consent page displays specification-specific information. But there are scenarios where ASPSPs need displaying additional information, e.g., payment-charges or information of the PSU/TPP on the consent page. In that case, the user must follow the steps that are given below.

Tip
titlePrerequisite

The Bank requires to expose an API that allows retrieving bank-specific information and displaying it on the consent page.

  1. In order to invoke the bank API, add com.wso2.finance.open.banking.consent.authorize.steps-<version>.jar file as a dependency.
  2. Extend the ConsentRetrievalStep class and implement the execute method as follows.

    Code Block
    languagejava
    /**
    * Method to be implemented as a step for consent retrieval. Once implemented add the step to the deployment.toml
    * configuration.
    *
    * @param consentData Includes all the data that is received to the consent page.
    * @param jsonObject Passed on through each step where the response body sent to the page is built.
    * @return boolean representing whether the step was executed successfully. If this is false, the remaining steps
    * will continue to execute after a warning log.
    */
    boolean execute(ConsentData consentData, JSONObject jsonObject);
    • In the latest authentication endpoint, users can add customisations to the JSONObject directly.
      • Add the relevant configurations to invoke the API exposed by the Bank to display the additional information under <execute> method.
      • Add the data that needs to be displayed on the consent page in the JSONObject.
    • A sample JSONObject looks as follows:

      Code Block
      {
         "application":"tpp-AT-gold.com_tppApp1_PRODUCTION",
         "user_id":"VVixWOdBGNFD8YJm2nHCrkCGJhka",
         "transactionData":{
            "reauthSelectedAccount":[
               
            ],
            "isReauthAccountUpdateEnabled":false,
            "isError":"false",
            "Permissions":[
               "ReadAccountsDetail",
               "ReadBalances",
               "ReadBeneficiariesDetail",
               "ReadDirectDebits",
               "ReadProducts",
               "ReadStandingOrdersDetail",
               "ReadTransactionsCredits",
               "ReadTransactionsDebits",
               "ReadTransactionsDetail",
               "ReadScheduledPaymentsDetail",
               "ReadStatementsDetail",
               "ReadOffers",
               "ReadParty"
            ],
            "isReauthorization":false,
            "dates":[
               "Expiration Date Time : 2019-09-02T00:00:00Z",
               "Transaction From Date Time : 2018-03-05T14:36Z",
               "Transaction To Date Time : 2018-07-02T00:00:00Z"
            ],
            "consent_id":"397e5e62-ee07-4b25-8275-5e451991701f",
            "client_id":"VVixWOdBGNFD8YJm2nHCrkCGJhka"
         },
         "accounts":[
            {
               "account_id":"30080012343456",
               "authorizationMethod":"single",
               "display_name":"30080012343456"
            },
            {
               "account_id":"30080098763459",
               "authorizationMethod":"single",
               "display_name":"30080098763459"
            }
         ],
         "authorizationUsers":[
            {
               "user_id":"psu1@wso2.com@carbon.super",
               "customer_id":"123"
            },
            {
               "user_id":"psu2@wso2.com@carbon.super",
               "customer_id":"456"
            }
         ],
         "type":"accounts",
         "region":"UK",
         "consent_id":"397e5e62-ee07-4b25-8275-5e451991701f",
         "client_id":"VVixWOdBGNFD8YJm2nHCrkCGJhka"
      }
  3. Include the jar file of the extended class to the <WSO2_OB_IAM_HOME>/repository/components/lib directory.
  4. Configure the deployment.toml file as follows:
    1. Open the <WSO2_OB_IAM_HOME>/repository/conf/deployment.toml file.
    2. Add the extended implementations to the file. Make sure to add the default classes as given below and set the priority according to the order of the steps that must be executed. For example:

      Code Block
      languagexml
      [[open_banking.authorize.steps.retrieve.step]]
      class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.retrieval.OBConsentRetrievalStep"
      priority=1
      
      [[open_banking.authorize.steps.retrieve.step]]
      class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.retrieval.AccountListRetrievalStep"
      priority=2
      
      [[open_banking.authorize.steps.retrieve.step]]
      class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.retrieval.OBReportingRetrievalStep"
      priority=3
      
      [[open_banking.authorize.steps.retrieve.step]]
      class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.retrieval.berlin.AuthorisationInfoRetrievalStep"
      priority=4
      
      [[open_banking.authorize.steps.retrieve.step]]
      class="SampleClass"
      priority=5
  5. Now that the ASPSP needs to configure the information that displays on the consent page, the user must customise the body of the relevant JSP page. See Customise the layout of the consent page find out how it is done.
  6. Restart the WSO2 Open Banking Identity and Access Management server.

Anchor
persist-bank-information
persist-bank-information
Customise the consent page to persist bank-specific information

Currently, WSO2 Open Banking persists the data that is displayed on the consent page by default. If the ASPSP displays additional information on the consent page, that additional information can be persisted or validated as per the requirement. According to the above example where the ASPSP displays payment charges or information of the PSU/TPP, the user can persist or validate any of this additional information. See the below steps to find how it can be done:

Tip
titlePrerequisite

The Bank requires to expose an API that allows persisting or validating bank-specific information from the consent page.

  1. In order to invoke the bank API, add the com.wso2.finance.open.banking.consent.authorize.steps-<version>.jar file as a dependency.
  2. Extend the ConsentPersistStep class and implement the execute method as follows.

    Code Block
    languagejava
    /**
    Method to be implemented as a step for consent persistence. Once implemented add the step to the deployment.toml
    * configuration.
    *
    * @param consentPersistData Includes all the generic data of the consents.
    * @param metadata Contains the consent DTO object and other data which can be passed down through steps.
    * @return boolean representing whether the step was executed successfully. If this is false, the remaining steps
    * will not execute and an error will be shown in the consent page with warning log.
    */
    boolean execute(ConsentPersistData consentPersistData, Map<String, Object> metadata);


    • The data that needs to be persisted from the consent page should be included in the metadata map.
    • Under the <execute> method, pass the metadata and invokes the API that is exposed by the bank to persist or validate this information.
  3. Configure the deployment.toml file as follows:
    1. Open the <WSO2_OB_IAM_HOME>/repository/conf/deployment.toml file.
    2. Add the extended implementations to the file. Make sure to add the step and set a priority before the PSU consent (approval or denial) is persisted. See the sample below:

      Note

      According to the below sample code, the UserConsentPersistenceStep step is given the third priority. In this step, consent (approval or denial) given by the PSU on the consent page is persisted. Therefore, users require to add new implementations set a priority according to the order of steps that must be executed. If a new implementation requires not to persist the user consent, see Block consent-persistence.

      Code Block
      languagexml
      [[open_banking.authorize.steps.persist.step]]
      class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.persist.MultipleAuthPersistenceStep"
      priority=1
      
      [[open_banking.authorize.steps.persist.step]]
      class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.persist.berlin.AuthorisationInfoPersistenceStep"
      priority=2
      
      [[open_banking.authorize.steps.persist.step]]
      class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.persist.UserConsentPersistenceStep"
      priority=3
      
      [[open_banking.authorize.steps.persist.step]]
      class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.persist.OBReportingPersistenceStep"
      priority=4
      
      [[open_banking.authorize.steps.persist.step]]
      class="SampleClass"
      priority=5
  4. Include the jar file of the extended class to the <WSO2_OB_IAM_HOME>/repository/components/lib directory.

  5. Restart the WSO2 Open Banking Identity and Access Management server.

Block consent-persistence

In WSO2 Open Banking, by default, the consent (approval or denial) given by the PSU is persisted. Imagine a new implementation added by extending the ConsentPersistStep class to validate information displayed on the consent page. Based on that validation, the ASPSP wants to block persisting the PSU consent. In that case, this is how it is done:

  • In the extended class of the ConsentPersistStep class, the metadata map consists of the shouldAddUserConsent property.
    • Set the shouldAddUserConsent property as false to block consent-persistence. Thereby, the PSU consent is not persisted. By default, the value is set as true.

Integrate the bank's consent page

A REST API is introduced in the latest version of the authentication endpoint for banks who wish to integrate a consent page of their own. There are main functions that this REST API performs:

  • Displays information on the consent page
  • Captures the data on the consent page and persists them

For more information on this API and its endpoints, see Authorize API.

There are two API resources that perform the above-mentioned functions as below:

  • GET /consent/data/{session-data-key}

An interface of the retrieval endpoint makes an HTTP GET call to the REST API to retrieve consent data and bank backend to retrieve account data. In that case, the consent page invokes the GET /consent/data/{session-data-key} endpoint.

Localtabgroup
Localtab
titleSample Request
Code Block
curl -X GET \
 https://<WSO2_OB_IAM_HOST>:9446/api/openbanking/consent/v1.0.0/consent/data/<SESSION_DATA_KEY> \
 -H 'Accept: application/json' \
 -H 'Authorization: Basic YWRtaW5Ad3NvMi5jb206d3NvMjEyMw==' \
 -H 'Connection: keep-alive' \
 -H 'Host: localhost:9446' 

This is the request URL that the persisted data is sent from the consent page:

Code Block
https://localhost:9446/api/openbanking/consent/v1.0.0/consent/data/e134a4dd-20b8-4354-ad3f-a618c224245c
Localtab
titleSample Response
Code Block
{
   "reauthSelectedAccount":[
      
   ],
   "isReauthAccountUpdateEnabled":false,
   "isError":"Request object missing",
   "application":null,
   "applicatioOnBehalfOf":null,
   "isReauthorization":false,
   "type":"accounts",
   "region":"UK"
}

The users can also add additional information on the consent page. See Customise the consent page to display the bank-specific information to find how it is done.

  • PATCH /authorize/{consent-id}

The users can capture the information on the consent page and persist them. In that case, the consent page invokes the PATCH /authorize/{consent-id} endpoint. By default, account and consent information is persisted.

Localtabgroup
Localtab
titleSample Request

Run the following cURL command to invoke PATCH /api/openbanking/consent/v1.0.0/authorize endpoint.

Code Block
curl -X PATCH \ https://<WSO2_OB_IAM_HOST>:9446/api/openbanking/consent/v1.0.0/authorize/<CONSENT_ID> \
-H 'accept: application/json' \
-H 'Content-Type: application/json; charset=utf-8' \
-d '
{
   "type":"uk.payments",
   "userId":"admin@wso2.com@carbon.super",
   "approval":"approve",
   "metadata":{
      
   },
   "accountId":"08080021325698",
   "version":"null"
}'

This is the request URL that the consent page sends the persist data to:

Code Block
https://localhost:9446/api/openbanking/consent/v1.0.0/authorize/testconsent1234
Localtab
titleSample Response
Code Block
{
   "type":"uk.payments",
   "userId":"admin@wso2.com@carbon.super",
   "approval":"approve",
   "metadata":{
      
   },
   "accountId":"08080021325698",
   "version":"null"
}

If the user requires to persist additional information on the consent page, see Customise the consent page to persist bank-specific information.

See the diagram below to find how the API calls are made. Authentication Web App is the component that a user must replace with the bank's consent page.

Follow the below steps to integrate the bank's consent page :

  1. Open the <WSO2_OB_IAM_HOME>/repository/conf/deployment.toml file.

  2. Update the URLs for OAuth2 and OIDC consent pages:

    Note

    By default, values are set to the consent page that WSO2 Open Banking supports.

    Code Block
    languagexml
    [oauth.endpoints]
    oauth2_consent_page = "${carbon.protocol}://<WSO2_OB_IAM_HOST>:${carbon.management.port}/ob/authenticationendpoint/oauth2_authz.do"
    oidc_consent_page = "${carbon.protocol}://<WSO2_OB_IAM_HOST>:${carbon.management.port}/ob/authenticationendpoint/oauth2_consent.do"
Note
titleTo add an authentication step after the consent page:

By default, the consent page is displayed after the authentication steps in WSO2 Open Banking. In some use cases, banks wish to add another authentication step after the consent page is displayed. In that case, the data on the consent page that needs to be persisted is not saved until the authentication step is completed. Therefore,

  • To prevent the data loss, pass the data on the consent page to a browser session.

  • To persist the data in the browser session, invoke the PATCH /authorize/{consent-id} endpoint.


Customise Account Retrieval 

Multiexcerpt include
MultiExcerptNamepayable and shareable apis
PageWithExcerptIntegrating with the Core Banking System for UK