Open Banking

Supporting Open Banking

Listening for the OAuth signal

iOS: The SDK will listen for the signal and launch the system browser when needed.
Android: The SDK will listen for the signal and launch the system browser when needed.
JS SDK: When used in a browser the OAuth flow will be handled automatically. If integrating in a
different context when instantiating the SDK, provide the openBankingRedirect option with
your custom app scheme or universal link. Once an OAuth flow is triggered, a message will be posted to
the window with a type property of oauthUrl and a url property
containing the URL that needs to be launched.

NOTE: Cross-platform implementation using WKWebView .

Chase Bank cuts off redirects that are initiated through a WKWebView instance. A consent URL should be launched from within a native browser. The URL should not be launched from within unsecured containers that allow the mobile app to intercept user input, and thus intercept user credentials.

Below is an example of the changes required for integrations utilizing React Native. If you use another cross-platform framework, implementation of this change will vary.

If your React Native app is currently opening the consent URL within an instance of WebView, you need to make code changes in your integration.

To ensure your integration will meet the requirements, take the following steps:

1. Ensure you are able to receive events in React Native from the WebView

window.addEventListener('message', (event) => {
    window.ReactNativeWebView.postMessage(JSON.stringify(event.data));
}, false);

2. Handle the message event, looking for an event with a type property of `oauthUrl`. Once the message is received, open the URL supplied on the `url` property in the native browser.

NOTE: The WebView should not be destroyed upon opening the URL. The same WebView needs to be open once the redirect is followed.

onMessage={message => {
    const {type, data} = JSON.parse(message.nativeEvent.data);
    if (type === 'oauthUrl') {
        Linking.canOpenURL(data.url).then(supported => {
            if (supported) {
                Linking.openURL(data.url);
            } else {
                console.log("Don't know how to open URI: " + data.url);
            }
        });
    }
}}

3. After the user has logged in, they will be sent back to your app’s scheme or universal link that you have previously configured, and the flow will resume.

Continuing to open the consent URL from within a WebView instance will result in blocked request from Chase along with many other data providers due to security vulnerabilities.

Handling the return signal

The webview will continue polling while the user is going through the OAuth flow. The webview should not be
destroyed when the OAuth URL is launched and should be returned to the screen once the return signal is
received.

External Documentation

Setting up custom scheme

iOS:
Defining a Custom URL Scheme for your app
Android:
Create Deep Links to App Content
React Native:
Deep linking

Setting up Universal Link

iOS:
Supporting Associated Domains
Android:
Create Deep Links to App Content,
and
Verify Android App Links
React Native: See above
(Deep linking)

Testing Open Banking

To test enrolling via open banking, search the institution list for “DAG OAuth” and use the following credentials:

Description	Username	Password
Full account and routing number	`Certegy.site16441.3`	`site16441.3`
Missing account or routing number	`Certegy.site16441.4`	`site16441.4`

BankPay