During the authorise flow when requesting a PSU (Payment Service User) to provide the PSU consent after the authentication, the consent webpage (consent page) is displayed. The default consent page is designed for WSO2 Open Banking. But an Account Servicing Payment Service Provider (ASPSP) can customise the consent page according to the requirements. Following topics explain where an ASPSP can customise the consent page:
Table of Content Zone | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Customise the theme of the consent pageGiven below is the default Consent page of WSO2 Open Banking. If an ASPSP wishes to customise the theme of the existing consent page, they can modify the files in the following directories:
Customise the layout of the consent pageThe authentication endpoint in WSO2 Open Banking allows the ASPSP to customise the layout of the consent page. The consent page is designed in a servelet that consists of three main JSP pages as shown in the diagram below: Users can also make changes to the relevant JSP pages and customise according to the requirement. In order to customise the layout of the authentication endpoint, locate the JSP pages in the following locations:
Customise the consent page to display the bank-specific informationCurrently, the consent page displays specification-specific information. But there are scenarios where ASPSPs need displaying additional information, e.g., payment-charges or information of the PSU/TPP on the consent page. In that case, the user must follow the steps that are given below.
Anchor |
|
Tip | ||
---|---|---|
| ||
The Bank requires to expose an API that allows persisting or validating bank-specific information from the consent page. |
- In order to invoke the bank API, add the
com.wso2.finance.open.banking.consent.authorize.steps-<version>.jar
file as a dependency. Extend the C
onsentPersistStep
class and implement theexecute
method as follows.Code Block language java /** Method to be implemented as a step for consent persistence. Once implemented add the step to the deployment.toml * configuration. * * @param consentPersistData Includes all the generic data of the consents. * @param metadata Contains the consent DTO object and other data which can be passed down through steps. * @return boolean representing whether the step was executed successfully. If this is false, the remaining steps * will not execute and an error will be shown in the consent page with warning log. */ boolean execute(ConsentPersistData consentPersistData, Map<String, Object> metadata);
- The data that needs to be persisted from the consent page should be included in the
metadata
map. - Under the
<execute>
method, pass the metadata and invokes the API that is exposed by the bank to persist or validate this information.
- The data that needs to be persisted from the consent page should be included in the
- Configure the
deployment.toml
file as follows:- Open the
<WSO2_OB_IAM_HOME>/repository/conf/deployment.toml
file. Add the extended implementations to the file. Make sure to add the step and set a priority before the PSU consent (approval or denial) is persisted. See the sample below:
Note According to the below sample code, the
UserConsentPersistenceStep
step is given the third priority. In this step, consent (approval or denial) given by the PSU on the consent page is persisted. Therefore, users require to add new implementations set a priority according to the order of steps that must be executed. If a new implementation requires not to persist the user consent, see Block consent-persistence.Code Block language xml [[open_banking.authorize.steps.persist.step]] class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.persist.MultipleAuthPersistenceStep" priority=1 [[open_banking.authorize.steps.persist.step]] class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.persist.berlin.AuthorisationInfoPersistenceStep" priority=2 [[open_banking.authorize.steps.persist.step]] class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.persist.UserConsentPersistenceStep" priority=3 [[open_banking.authorize.steps.persist.step]] class="com.wso2.finance.open.banking.consent.authorize.steps.impl.steps.persist.OBReportingPersistenceStep" priority=4 [[open_banking.authorize.steps.persist.step]] class="SampleClass" priority=5
- Open the
Include the jar file of the extended class to the
<WSO2_OB_IAM_HOME>/repository/components/lib
directory.- Restart the WSO2 Open Banking Identity and Access Management server.
Block consent-persistence
In WSO2 Open Banking, by default, the consent (approval or denial) given by the PSU is persisted. Imagine a new implementation added by extending the ConsentPersistStep
class to validate information displayed on the consent page. Based on that validation, the ASPSP wants to block persisting the PSU consent. In that case, this is how it is done:
- In the extended class of the C
onsentPersistStep
class, the metadata map consists of theshouldAddUserConsent
property.- Set the
shouldAddUserConsent
property as false to block consent-persistence. Thereby, the PSU consent is not persisted. By default, the value is set astrue.
- Set the
Integrate the bank's consent page
A REST API is introduced in the latest version of the authentication endpoint for banks who wish to integrate a consent page of their own. There are main functions that this REST API performs:
- Displays information on the consent page
- Captures the data on the consent page and persists them
For more information on this API and its endpoints, see Authorize API.
There are two API resources that perform the above-mentioned functions as below:
- GET /consent/data/{session-data-key}
An interface of the retrieval endpoint makes an HTTP GET call to the REST API to retrieve consent data and bank backend to retrieve account data. In that case, the consent page invokes the GET /consent/data/{session-data-key}
endpoint.
Localtabgroup | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The users can also add additional information on the consent page. See Customise the consent page to display the bank-specific information to find how it is done.
- PATCH /authorize/{consent-id}
The users can capture the information on the consent page and persist them. In that case, the consent page invokes the PATCH /authorize/{consent-id}
endpoint. By default, account and consent information is persisted.
Localtabgroup | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
If the user requires to persist additional information on the consent page, see Customise the consent page to persist bank-specific information.
See the diagram below to find how the API calls are made. Authentication Web App
is the component that a user must replace with the bank's consent page.
Follow the below steps to integrate the bank's consent page :
Open the
<WSO2_OB_IAM_HOME>/repository/conf/deployment.toml
file.Update the URLs for OAuth2 and OIDC consent pages:
Note By default, values are set to the consent page that WSO2 Open Banking supports.
Code Block language xml [oauth.endpoints] oauth2_consent_page = "${carbon.protocol}://<WSO2_OB_IAM_HOST>:${carbon.management.port}/ob/authenticationendpoint/oauth2_authz.do" oidc_consent_page = "${carbon.protocol}://<WSO2_OB_IAM_HOST>:${carbon.management.port}/ob/authenticationendpoint/oauth2_consent.do"
Note | ||
---|---|---|
| ||
By default, the consent page is displayed after the authentication steps in WSO2 Open Banking. In some use cases, banks wish to add another authentication step after the consent page is displayed. In that case, the data on the consent page that needs to be persisted is not saved until the authentication step is completed. Therefore,
|
Customise Account Retrieval
Multiexcerpt include | ||||
---|---|---|---|---|
|