Archived 2022.11.20. Content moved to error scenarios and responses.

Question

The Consumer Data Standards (CDS) prescribe certain authentication and authorisation standards and requirements. In the Data Holder (DH) authorisation flow, following the confirmation page that showcases accounts, scopes, and the dates that a client consents to, is it acceptable to add a dialog box requesting the client to confirm the consent?

This is to achieve compliance against Web Content Accessibility Guidelines (WCAG) 3.3.4 as the proposed dialog box would work as an error prevention measure. 

Answer

Yes, this is an acceptable approach under the CDS and is currently implemented by some DHs.

Question

When critical errors are encountered during the Data Holder authorisation flow that cause the flow to break, is it acceptable to present a dialog box to the user stating that the authorisation cannot continue. For example, repeated use of an incorrect One Time Pin (OTP) would break the flow.

The user could then be redirected to the Accredited Data Recipient if they acknowledge the error.

Answer

Yes, this is an acceptable approach under the CDS.