According to the Berlin Group Implementation guidelines, there can be different methods for the PSU to carry out its strong authentication. AION is supporting the following one(s):

Redirect OAuth2 SCA Approach

The PSU is redirected from the TPP interface to a web browser in order to perform her/his SCA.

Redirect App2App SCA Approach based on Universal Links

The PSU is directly redirected from the TPP interface to its installed mobile banking application in order to perform her/his SCA. If the mobile banking application is not installed on the PSUs device, she/he will be redirected to a web browser. The Redirect OAuth2 SCA Approach applies.

Redirect OAuth2 SCA Approach

To carry out its strong authentication on the ASPSP side, the PSU will be redirected from the TPP APP through several pages within the workflow described below.

Login Screen

AIS Signature Screen

Before being redirected to the TPP App, the PSU will access a redirection screen with some context related to the given authorisation. This screen is slightly different for AIS and PIS.

PIS Signature Screen

AIS Redirection Screen

PIS Redirection Screen