These guidelines provide examples for when Redirect to App is unable to be used for the purposes of CDR authentication, and Decoupled Authentication is not supported.
Overview
The Fallback Authentication Framework relates to the Fallback Authentication Flows section of the Authentication Schedule Standards. These standards apply where Redirect to App is unable to be used for the purposes of CDR authentication, and Decoupled Authentication is not supported. In such cases, data holders are required to continue providing support for Redirect to Web with One Time Password (OTP) flow.
All data holders and data recipients must implement the relevant redirect to app standards by 10 May 2027. If implemented prior to this date, CDR participants will also need to meet other relevant standards, such as the Fallback Authentication Flows outlined in this guidance.
Wireframes and guidelines
Note: The wireframes shown are examples of how to implement key rules, standards, and guidelines. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.
The following wireframes show an example of the Fallback Authentication Framework.
Download open source asset
Open sources design assets are created in Figma for the purposes of assisting implementation. This Figma file contains annotated wireframes and working prototypes for Fallback Authentication Framework.
Item | File | Date released | Version introduced |
|---|---|---|---|
2AU0. Fallback Authentication Framework v1.35.0.2025.09.22 | 2AU0. Fallback Authentication Framework v1.35.0.2025.09.22.fig | September 22, 2025 | 1.35.0 |
For past versions, refer to Change log.
About this page
References
The artefacts on this page were informed by the following sources.
Title | Author | Date published | URL | Type |
|---|---|---|---|---|
Change Request 700: CX Guidelines | Redirect to App (R2A) CX Guidelines Changes | Data Standards Body (DSB) | June 5, 2025 | github.com | Consultations |
Consultation Draft 369: Redirect to App - Draft Standards | Data Standards Body (DSB) | April 4, 2025 | github.com | Consultations |
Decision Proposal 327: Authentication Uplift Phase 1 | Data Standards Body (DSB) | August 29, 2023 | github.com | Consultations |
Noting Paper 326: Authentication Uplift Context | Data Standards Body (DSB) | August 29, 2023 | github.com | Consultations |
Authentication Uplift - Comparison Report | Data Standards Body (DSB) | June 21, 2023 | cx.dsb.gov.au | Research |
Decoupled Research Report | Data Standards Body (DSB) | May 28, 2023 | cx.dsb.gov.au | Research |
Noting Paper 296: Offline Customer Authentication | Data Standards Body (DSB) | March 17, 2023 | github.com | Consultations |
App/Browser-to-App Research Report | Data Standards Body (DSB) | December 15, 2022 | cx.dsb.gov.au | Research |
One Time Password Research Report | Data Standards Body (DSB) | December 15, 2022 | cx.dsb.gov.au | Research |
Noting Paper 280: The CX of Authentication Uplift | Data Standards Body (DSB) | December 7, 2022 | github.com | Consultations |
CDR Support Portal: Offline Customer Guidance | Australian Competition and Consumer Commission (ACCC) | April 6, 2022 | cdr-support.zendesk.com | Guidance |
Phase 2, Stream 3 Research Report | Tobias | July 31, 2019 | cx.dsb.gov.au | Research |
Last updated
This page was updated @September 22, 2025
Have your say
Community consultations and maintenance are part of our ongoing process. Here’s how you can get involved:
- Request new Guidelines or changes to existing Guidelines through the CX Guidelines Consultation process
- Request new Standards or changes to existing Standards through the Standards Maintenance process
- Log a ticket for any questions about the rules, standards, or guidelines through the CDR Support Portal
- Email your feedback to cx@dsb.gov.au
Quick links to CX Guidelines:
Overview
Consent
Authenticate
Authorise
Consent Management
Notifications
Accessibility statement
→ cx@dsb.gov.au → cx.dsb.gov.au | cds.gov.au