Supporting Open Banking
Listening for the OAuth signal
- iOS: The SDK will listen for the signal and launch the system browser when needed.
- Android: The SDK will listen for the signal and launch the system browser when needed.
-
JS SDK: When used in a browser the OAuth flow will be handled automatically. If integrating in a
different context when instantiating the SDK, provide theopenBankingRedirectoption with
your custom app scheme or universal link. Once an OAuth flow is triggered, a message will be posted to
the window with atypeproperty ofoauthUrland aurlproperty
containing the URL that needs to be launched.
WKWebView .Chase Bank cuts off redirects that are initiated through a WKWebView instance. A consent URL should be launched from within a native browser. The URL should not be launched from within unsecured containers that allow the mobile app to intercept user input, and thus intercept user credentials.
Below is an example of the changes required for integrations utilizing React Native. If you use another cross-platform framework, implementation of this change will vary.
If your React Native app is currently opening the consent URL within an instance of WebView, you need to make code changes in your integration.
To ensure your integration will meet the requirements, take the following steps:
1. Ensure you are able to receive events in React Native from the WebView
window.addEventListener('message', (event) => {
window.ReactNativeWebView.postMessage(JSON.stringify(event.data));
}, false);
2. Handle the message event, looking for an event with a type property of `oauthUrl`. Once the message is received, open the URL supplied on the `url` property in the native browser.
onMessage={message => {
const {type, data} = JSON.parse(message.nativeEvent.data);
if (type === 'oauthUrl') {
Linking.canOpenURL(data.url).then(supported => {
if (supported) {
Linking.openURL(data.url);
} else {
console.log("Don't know how to open URI: " + data.url);
}
});
}
}}
3. After the user has logged in, they will be sent back to your app’s scheme or universal link that you have previously configured, and the flow will resume.
Continuing to open the consent URL from within a WebView instance will result in blocked request from Chase along with many other data providers due to security vulnerabilities.
Handling the return signal
The webview will continue polling while the user is going through the OAuth flow. The webview should not be
destroyed when the OAuth URL is launched and should be returned to the screen once the return signal is
received.
External Documentation
Setting up custom scheme
-
iOS:
Defining a Custom URL Scheme for your app -
Android:
Create Deep Links to App Content -
React Native:
Deep linking
Setting up Universal Link
-
iOS:
Supporting Associated Domains -
Android:
Create Deep Links to App Content,
and
Verify Android App Links -
React Native: See above
(Deep linking)
Testing Open Banking
To test enrolling via open banking, search the institution list for “DAG OAuth” and use the following credentials:
| Description | Username | Password |
|---|---|---|
| Full account and routing number | Certegy.site16441.3 |
site16441.3 |
| Missing account or routing number | Certegy.site16441.4 |
site16441.4 |