[Openid-specs-fapi] Issue #145: Consider mobile app <-> mobile app authentication flows (openid/fapi)
issues-reply at bitbucket.org
Tue May 29 23:48:10 UTC 2018
New issue 145: Consider mobile app <-> mobile app authentication flows
We had another discussion about the EU RTS and related areas on today's call.
One point I mentioned is that at least one of the UK challenger banks is doing a mobile app -> mobile app flow which is something like:
1. open accounting app on mobile
1. user requests to make a link to their bank account
1. user is automatically switched into their mobile banking app
1. bank app asks user to allow accounting app access
1. bank app authenticates user with faceid/touchid
1. user is automatically switched back to their accounting app
(I forget which bank this was but it may have been starling.)
>From an RTS point of view it seems like a low friction flow so perhaps something we could incorporate into one of the standards; I created this ticket at Nat's request.
More information about the Openid-specs-fapi