Logo
  • Overview
  • Consent
  • Authenticate
  • Authorise
  • Consent Management
  • Notifications
Data Standards Body | CX Guidelines

CX Guidelines

Overview

Consent

Authenticate

Authorise

Consent Management

Notifications

Keep in touch

DSB Newsletter

Website use

Accessibility Statement

Copyright

Privacy

Disclaimer

In the spirit of reconciliation, the Data Standards Body acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples.

Consumer Experience (CX) Guidelines
/
Overview
/
CX Checklist
/
CX Guidelines
/
00. Redirect to App - general

00. Redirect to App - general

Checklist ref

2AU1.00.05

Area
2AU1. Redirect to App
Wireframe ref

05

Type
Technical Standard
Requirement level
MUST
Participant
Data Holder
Statement

Data holders MUST support Redirect to App in accordance with the Authentication Schedule, and: • Data holders MUST use a single issuer identifier per app. • Data holders MUST only support Authorization Code Flow for Redirect to App authentication. • Data holders MUST support Claimed "https" Scheme URI redirection in accordance with section 7.2 and section 8 of [RFC8252]. • After authentication, the data holder MUST continue the authorisation flow within the data holder app. • Data holders SHOULD implement additional controls to minimise the risk of enumeration attacks via the redirect page.

Reference

Security Profile, Authentication Flows, Redirect to App, Data Holders

Example

Authenticate: Redirect to App

Version introduced
1.35.0
Date introduced

22 September 2025

Date modified

Status
Active