When a Data Holder (DH) provides only a Mobile App as the digital channel to a consumer, can the DH implement the app-to-app redirection flow for the CDR customer authentication and consent authorisation requirement?
Alternatively, in this scenario, does the data holder have to implement a mobile web browser capability outside of the DH’s mobile app to action ALL CDR customer authentication and consent authorisation requests?
Are the following redirection options supported within the CDS? Must they be implemented by the data holder to cater for the different ADR digital channel options?
ADR Digital Channel to Data Holder Digital Channel (CDR Consent Authorisation)
- Mobile web browser to Mobile web browser
- Mobile web browser to App
- App to Mobile web browser
- App to App
It is expected that Data Holders do not restrict the implementations of Accredited Data Recipients (ADRs). DHs should not assume that the ADRs implement an app based model, and should not assume an app based client.
Consequently, because the DH must allow for a web based ADR client, the DH should support the consent flow in a web browser context and provide a web based DH client.