After a certain period, some bank customers, Banks, or Third Party Providers (TPPs) may prefer to revoke the consents they have given to Third-Party Providers (TPPs) to access account data. In WSO2 Open Banking, you can revoke these consents as follows:
Revoking the consents by Payment Service Users
WSO2 Open Banking Consent Manager is a self-care portal where a Payment Service Users (PSU) can view payments and revoke the consents granted for accounts. The Consent Manager portal is used in the following instances: Before you begin: Configure the Consent Management application to try out the Consent Manager Portal. Let's take a look at how you can access and sign in to the WSO2 Open Banking Consent Manager. Access the Consent Manager portal using Enter the username and password. Click Sign In and navigate to the Consent Manager portal's home page. The consent statuses for Accounts are listed down: Consents for payments are either Received or Rejected. Click Revoke to revoke the payment account. You can still find the revoked consents under the Account list. The consent status of revoked accounts is set to Revoked. A PSU can view the following information of a payment consent. You can only view the payment consents as it is impossible to revoke a payment that is authorised. Payment update details: Date and time at which the payment was made. Consent ID: The consent ID generated for the fund transaction. Permissions: The permissions can be granted to Accounts, Balances, Transactions, Available accounts, All PSD2. You have come to the end of the Consent Manager portal. You can log out once your consent revocation is executed: Click the PSU user profile that is on the top right corner. Click Logout. A confirmation message is displayed. Confirm the logout.https://<WSO2_OB_KM_HOST>:9446/consentmgt.
Consent type Description Received The consent data is received and technically correct, but it is not authorised yet. Rejected The consent is rejected as data is not authorised. Valid The consent is accepted and can GET account data. Revoked by PSU The consent is revoked by the PSU towards the ASPSP. Expired The consent is expired. The expiration time can be defined by the TPP. Terminated by TPP The consent type used when the TPP deletes the consent resource.
Revoking the consents by Customer Care Representatives
The Customer Care portal of WSO2 Open Banking allows users to revoke consents on behalf of Payment Service Users (PSUs). To do this, log in as a user that has the Customer Care Officer role enabled. For more information on roles and the users, see Configuring roles and users.
Before you begin:
Sign in to the Identity and Access Management console (
https://<WSO2_OB_KM_HOST>:9446/carbon
). Use the default super admin credentials:Username: admin@wso2.com
Password: wso2123
The above credentials are used for demo purposes only. It is recommended to change them in a production environment.
On the Main tab, click Identity > Users and Roles > Add > Add New Role and create the following user:
Domain Role Permissions Internal
CustomerCareOfficer
No permissions required. On the Main tab, click Identity > Users and Roles > Add > Add New User and create the following user:
User Roles ann@gold.com Internal/CustomerCareOfficer Click Finish.
Configuring SSO: You can configure SSO for the Customer Care Portal.
Access the Customer Care portal using
https://<WSO2_OB_KM_HOST>:9446/ccportal
.Troubleshooting
If you get hostname verification errors when accessing the Customer Care portal, add the following to the
<WSO2_OB_KM_HOME>/bin/wso2server.sh
file and restart.-Dhttpclient.hostnameVerifier="DefaultAndLocalhost" \
-Dorg.wso2.ignoreHostnameVerification=true \
Enter the username and password. Click Sign In and navigate to the Customer Care portal home page.
You can use
ann@gold.com
as the username for testing purposes.The consent type is selected as Accounts by default. You can select between the Accounts, Payments, and CBPII consents. Filter the search results using the following parameters:
User ID: The user ID created for a PSU in the online baking application. This is the same ID used to generate the Consent ID.
- The consent type is selected as
Accounts
by default. You can select between Accounts, Payments and CBPIIs. Application: The TPP applications authorized for the ASPSP are listed here. Select the TPP application that the PSU has given consent to.
Status: Select the consent status. Possible values for Accounts are: Received, Rejected, Partial Authorized, Valid, Revoked by PSU, Expired, Terminated by TPP. Possible values for payment consent are received or rejected.
Set Date Range: The date range for which the PSU’s consent is valid.
Use one or more filter options and proceed to search.You cannot revoke a payment consent.
Click Search. A list of search results is displayed as shown below. View the Account and Payment consent information by clicking the consent.
The PSU can revoke the Consent ID by clicking Revoke with a reason for revocation.