Archived 2022.11.20. Content moved to error scenarios and responses.
Question
If a consumer decides to cancel during the authentication process, does the Data Holder (DH) authorisation server need to redirect them back to the third party app?
Alternatively, can the DH authorisation server show a set up canceled screen instructing the consumer to return to the app, without automatically redirecting them?
Answer
The Consumer Data Standards defer to the Open ID Connect (OIDC) normative standards for this. The OIDC core defines this behaviour in OpenID Connect Core section 3.1.2.6.
In summary, the standards state that the DH (authorisation server) responds to the Accredited Data Recipient (client) with an error outcome.
Comments
0 comments
Please sign in to leave a comment.