Configuring Consent Manager

After a certain period, bank customers may need to view, update, or revoke consents they have granted to API consumer applications to access account data. Consent Manager is an application in WSO2 Open Banking that supports all these requirements and manages consents. 

Configuring Consent Manager

Before you begin, configure the Consent Manager application.

1. Go to the Identity and Access Management Console at 

   https://<WSO2_OB_IAM_HOST>:9446/carbon

2. On the Main tab, click Home > Identity > Service Providers > Add.
    
3. Select Manual Configuration.
4. Enter consentmgr as Service Provider Name. 
   
5. Click Register.
6. Click Inbound Authentication configuration > OAuth/OpenID Connect configuration > Configure. 
   

7. Set the given values for the following parameters and for other parameters, leave their default values. 

   OAuth Version	2.0
   Allowed Grant Type	Code
   Callback URL	https://<WSO2_OB_IAM_HOST>:9446/consentmgr

   

8. Scroll down and click Add.

9. 
   

   OAuth Client Key and OAuth Client Secret are generated now. 
   

Configuring Identity and Access Management 

1. Open the <IS_HOME>/repository/deployment/server/webapps/consentmgr/runtime-config.js file. 

   window.env = {
       // This option can be retrieved in "src/index.js" with "window.env.API_URL".
       SERVER_URL: 'https://localhost:9446',
       SPEC: 'AU',
       CLIENT_ID: 'BLhtk1Pvvl_lNx5B3Tt_29p_k00a',
       CLIENT_SECRET: 'QkxodGsxUHZ2bF9sTng1QjNUdF8yOXBfazAwYTo2TGJ3b2RHSFhOemY3WTRFOUk0MXRVTmlmWllh',
       BASIC_AUTH: 'YWRtaW5Ad3NvMi5jb206d3NvMjEyMw==',
       TENANT_DOMAIN: 'carbon.super',
       NUMBER_OF_CONSENTS: 25,
       VERSION: '2.0.0'
     };

2. Update the following parameters: 

   Parameter	Description
   SERVER_URL	<WSO2_OB_IAM_HOST>:<WSO2_OB_IAM_PORT>
   CLIENT_ID	The OAuth Client Key of the application.
   CLIENT_SECRET	Base64 encoded <CLIENT_ID:CLIENT_SECRET>
   BASIC_AUTH	Base64 encoded <ADMIN_USERNAME:ADMIN_PASSWORD>
   TENANT_DOMAIN	The domain name of the super tenant.
   NUMBER_OF_CONSENTS	The number of consents that are visible on the listing page, by default.

Using Consent Manager

1. Go to the Consent Manager application at

   https://<WSO2_OB_IAM_HOST>:9446/consentmgr

2. Sign in with the credentials provided by the bank.
   

   You are redirected to the homepage of the Consent Manager portal.
   

   The three tabs are as follows:

   • Active: Lists active consents that can access your account/payment information.
   • Expired: Lists expired consent that cannot access your account/payment information anymore.

   • Withdrawn: Lists the consents that you have revoked. 

     Use the  Search  bar to search consents.

View consent details

• To view consent details, click the respective Action button.
  
• You can view the details such as the associated API consumer application, consent granted date, consent expiry date, account numbers, and permissions that you have granted.
  

• View Consent Amendment History:

  This is only available as a WSO2 Update from WSO2 Open Banking Identity Server Level 2.0.0.112 onwards. For more information on updating WSO2 Open Banking, see Updating WSO2 Products.

  • The Consent Amendment History Persistence feature save consent details each time a consent is amended.

  • Consent Manager Portal displays the consent amendment history.

  • If you are implementing/customizing the Consent Manager Portal, you can use the following endpoint to retrieve consent amendment data: 

    https://<WSO2_OB_IAM_HOST>:9446/api/openbanking/consent-mgt/au/account-access-consents/consent-amendment-history/<CDR-Arrangement-ID>

Revoke a consent

• To revoke a consent, review the details and click Stop Sharing.
  
• Revoking a consent consists of 2 steps:
  • Step 1: The first step shows the impact of withdrawing the consent.
    
  • Step 2: Displays the information the consent has access to.
    
• Once you click Stop Sharing, the status of the consent changes to withdrawn. You can find this consent in the Withdrawn tab now.

Enabling the Sharing Date Display Feature

Retrieving the sharing start date and last shared date: GET https://<WSO2_OB_IAM_HOST>:9446/api/openbanking/consent-mgt/uk300/account-confirmation

To retrieve the sharing date in the consent search response, add the includeSharingDates parameter to the request when invoking the search API.

Sample CURL

curl --location --request GET 'https://localhost:9446/api/openbanking/consent-mgt/uk300/account-confirmation?clientId=Fa74fhzuNuS_w3hYA73BMB4Rfi8a&limit=25&offset=0&fromTime=2022-07-28T03:40:47+0000&toTime=2022-11-01T06:28:04+0000&excludeExpiredConsents=false&profile=individual&includeSharingDates=true' \
--header 'Accept: application/json' \
--header 'Authorization: Basic YWRtaW5Ad3NvMi5jb206d3NvMjEyMw==' \
--header 'Cache-Control: no-cache' \
--header 'Connection: Keep-Alive' \
--header 'Content-Type: application/json' \
--header 'Host: localhost:9446' \
--header 'User-Agent: Synapse-PT-HttpComponents-NIO' \
--header 'charset: utf-8' \
--header 'x-fapi-financial-id: open-bank'

The sharing start date and last shared date for each data cluster are added to the search API response.

Sample Response

{
   "metadata": {
       "count": 1,
       "offset": 0,
       "limit": 25,
       "total": 1
   },
   "List": [
{
           "ConsentId": "f8310dad-6c9a-4b0a-a6c2-efb0d75aaeb3",
           "AccountResponseData": {
               "ConsentId": "f8310dad-6c9a-4b0a-a6c2-efb0d75aaeb3",
               "Status": "Expired",
               "CreationDateTime": "2022-09-28T04:53Z",
"Permissions": [
                   "bank:accounts.basic:read",
                   "bank:accounts.detail:read",
                   "bank:payees:read",
                   "common:customer.detail:read",
                   "common:customer.basic:read",
                   "bank:regular_payments:read"
               ],
               "PermissionsWithSharingDate": [
{
“Permission”: "bank:accounts.basic:read",
“SharingStartDate”: "2022-09-29T05:53:19Z",
“LastSharedDate”: "2022-09-29T05:53:19Z",
 },
{
“Permission”:  "bank:accounts.detail:read",
“SharingStartDate”: "2022-09-29T05:53:19Z",
“LastSharedDate”: "2022-09-29T05:53:19Z",
 },
{
“Permission”: "bank:payees:read",
“SharingStartDate”: "2022-09-29T05:53:19Z",
“LastSharedDate”: "2022-09-29T05:53:19Z",
 },
{
“Permission”: "common:customer.detail:read",
“SharingStartDate”: "2022-09-29T05:53:19Z",
“LastSharedDate”: "2022-09-29T05:53:19Z",
 },
{
“Permission”: "common:customer.basic:read",
“SharingStartDate”: "2022-09-29T05:53:19Z",
“LastSharedDate”: "2022-09-29T05:53:19Z",
 },
{
“Permission”: "bank:regular_payments:read"
“SharingStartDate”: "2022-09-29T05:53:19Z",
“LastSharedDate”:" 2022-09-29T05:53:19Z",
 }
],
              
 	 "ExpirationDateTime": "2022-09-29T05:53:19Z",
               "StatusUpdateDateTime": "2022-09-29T05:53Z"
           },
           "InitiationTimestamp": "2022-09-28T04:53:20Z",
           "Status": "Expired",
           "ClientId": "Fa74fhzuNuS_w3hYA73BMB4Rfi8a",
           "UserId": "admin@wso2.com@carbon.super",
           "DebtorAccount": [
               "30080012343456"
           ],
           "ConsentGivenTimestamp": "2022-09-28T04:53:41Z",
           "CollectionMethod": "PRIMARY",
           "JointAccountsData": [],
           "SecondaryAccountsData": [],
           "Metadata": {
               "sharing_duration_value": "90000"
           }
       }
]
}

The sharing start date and last shared date are displayed as shown below:

For more information on enabling the Sharing Date Display Feature, see the Integrate Open Banking Business Intelligence documentation.