User flows
These are the journeys a user takes through the Consent Dashboard. At the end of every journey the dashboard sends the user to one of your redirects.
Create a new consent
Section titled “Create a new consent”
- The user navigates from your website or app to the dashboard at
your-dashboard.com/create. - The user confirms their consent options and is automatically navigated to their Data Holder’s (a Bank or Energy provider) website.
- The user approves the consent request and is automatically navigated back to the dashboard.
- The dashboard finalises the consent and navigates the user back to your success redirect URL (default behind
ccr).
| Value | Description |
|---|---|
success redirect URL | Where the user lands on successful completion of a consent. Contact the Adatree team to configure the default. |
Error from Data Holder
Section titled “Error from Data Holder”
- The user navigates from your website or app to the dashboard at
your-dashboard.com/create. - The user confirms their consent options and is automatically navigated to their Data Holder’s website.
- The user encounters an error or cancels the consent.
- The dashboard navigates the user back to your error redirect URL (default behind
aer).
Error from Consent Dashboard
Section titled “Error from Consent Dashboard”
- The user navigates from your website or app to the dashboard at
your-dashboard.com/create. - The user encounters an error in the dashboard or cancels the consent.
- The dashboard navigates the user back to your error redirect URL (default behind
aer).
In both error flows the user is redirected to your error redirect URL. This can include a user manually cancelling their consent, a network error, or a processing error.
| Value | Example |
|---|---|
error redirect URL | https://your-company.com/some-path?error=[error]&error_description=[errorDescription]or com.your-company://app/some-path?error=[error]&error_description=[errorDescription] |
[error] is replaced with a URL-encoded error code (see below) and [errorDescription] with a URL-encoded description. For the full list of return tokens available on the error redirect, see aer.
Error codes
Section titled “Error codes”Below are the error codes that may be returned by the Consent Dashboard via the [error] token. There is currently no agreed-upon standard for the codes returned by Data Holders, so a Data Holder may return a code not listed here.
| Code | Description |
|---|---|
access_denied | This error is set by the Data Holder. It normally indicates an invalid access attempt, however, some Data Holders send this error code even if the user has authenticated and then manually cancelled the consent. |
cancelled_authentication | This error is set by the Data Holder. It indicates that the user has cancelled their authentication login or has the wrong authentication credentials. |
login_required | This error is set by the Data Holder. It indicates that the user must authenticate (log in) before the consent can proceed, but no active authentication session was found. |
usr_opt_out | A user has manually opted (cancelled) out of the consent from the Adatree Dashboard. |
usr_dh_not_listed | A user has manually clicked the data holder is not listed option and cannot proceed with the consent flow. |
invalid_request | The request is missing a required parameter, includes an invalid parameter value, or is otherwise malformed. |
invalid_resource | The target resource is invalid because it doesn’t exist. |
invalid_scope | The requested scope is invalid, unknown, or malformed. |
unauthorized_client | The client is not authorized to request an authorization code using this method. |
unsupported_response_type | The authorization server does not support obtaining an authorization code using this method. |
server_error | The authorization server encountered an unexpected condition which prevented it from fulfilling the request. |
temporarily_unavailable | The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. |