Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show TAN methods #375

Open
lindstrom79 opened this issue Jul 13, 2022 · 3 comments
Open

Show TAN methods #375

lindstrom79 opened this issue Jul 13, 2022 · 3 comments

Comments

@lindstrom79
Copy link

lindstrom79 commented Jul 13, 2022
edited

Hello,

I noticed when I use phpFinTS with my VR bank account I get 4 TAN methods back and show them. For example I not see SecureGo plus which I have. When I choose SecureGo it also works nevertheless.

But when I use the same bank data with my bank software MoneyMoney I see some more - even SecureGo plus. Even TAN methods which I don't have appear there.

Will phpFinTS always show the latest TAN methods that belong to a user? If so, why is SecureGo plus missing then?

Screenshot 2022-07-12 at 09 58 53
Screenshot 2022-07-13 at 07 52 06
@uxxman
Copy link

uxxman commented Jul 13, 2022

had the same question 👍🏻

@Philipp91
Copy link
Contributor

Will phpFinTS always show the latest TAN methods that belong to a user?

The phpFinTS library shows all the TAN modes that are available to the user according to the server's response. More specifically:

  1. The BPD contains a list of all TAN modes that the bank supports, independent of the user. This should contain the "missing ones" -- you can verify this by doing print_r($fints->getBpd()->allTanModes).
  2. From that list, the library only returns the subset available to the user according to the user data. You can inspect that subset with print_r($fints->allowedTanModes).

If so, why is SecureGo plus missing then?

My guess is that it's not on the allowlist from that second step above. So the new question is: Why does MoneyMoney show it?

  • It's possible that MoneyMoney just blindly shows all of the TAN modes from the BPD and disregards the user-specific data. (This theory is especially plausible if MoneyMoney prompts you to select the TAN mode before you've provided your username and password to log in.)
  • It's also possible that the bank server delivers a different set of allowable TAN modes to MoneyMoney (perhaps they recognize its client ID or perhaps MoneyMoney uses an older/newer protocol version that makes the server react differently). If you want to debug deeper into this, you need to log the FinTS traffic with both applications (use $fints->setLogger() for phpFinTS) and search for 3920, which is the serialized identifier of the data element that contains the allowed TAN methods.

@Philipp91
Copy link
Contributor

Did you figure out the reason here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Philipp91 @uxxman @lindstrom79