According to the Berlin Group Implementation guidelines, there can be different methods for the PSU to carry out its strong authentication. AION is supporting the following one(s):
The PSU is redirected from the TPP interface to a web browser in order to perform her/his SCA.
The PSU is directly redirected from the TPP interface to its installed mobile banking application in order to perform her/his SCA. If the mobile banking application is not installed on the PSUs device, she/he will be redirected to a web browser. The Redirect OAuth2 SCA Approach applies.
To carry out its strong authentication on the ASPSP side, the PSU will be redirected from the TPP APP through several pages within the workflow described below.
Before being redirected to the TPP App, the PSU will access a redirection screen with some context related to the given authorisation. This screen is slightly different for AIS and PIS.