Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Postbank BestSign Login #89

Open
michaelgreyskull opened this issue Sep 11, 2019 · 4 comments
Open

Postbank BestSign Login #89

michaelgreyskull opened this issue Sep 11, 2019 · 4 comments

Comments

@michaelgreyskull
Copy link

michaelgreyskull commented Sep 11, 2019
edited

Hello,

thank you for your great software! :)
Since Postbank has established new ways of authentication, I wanted to ask if someone already managed to do a login with python-fints using the BestSign authentication mechanism.

When you do the usual initializiation like f = FinTS3PinTanClient(BLZ, PostbankID, password, 'https://hbci.postbank.de/banking/hbci.do') and afterwards call f.get_sepa_accounts() there is this (new) error:

Dialog response: 9050 - Teilweise fehlerhaft.
Dialog response: 9999 - Dialog bereits geschlossen.
Dialog response: 9800 - Dialog ungueltig/unbekannt.

Usually a login attempt triggers the BestSign app to authorize the login but in this case, I only get the error messages.
Probably I have misconfigured (or not yet configured) something.
Has anyone connected succesfully using this BestSign method, yet?

Thanks to you!
@raphaelm
Copy link
Owner

Has anyone connected succesfully using this BestSign method, yet?

I don't think so. I don't know enough about BestSign to decide if this is a duplicate to #72, though

@michaelgreyskull
Copy link
Author

Thank you for your fast response!

It's not exactly a duplicate (that's why I opened up this issue specifically for BestSign) but definitely related as this method has been introduced due to PSD2. I hope they do not shut down the FinTS interface completely. I will contact Postbank and keep you updated.

@jahir
Copy link
Contributor

jahir commented Sep 12, 2019
edited

I don't think so. I don't know enough about BestSign to decide if this is a duplicate to #72, though

Related to #72 because of PSD2 I think, but BestSign is conceptually different to usual TAN methods: You get a push message on your smartphone that prompts you to permit the request (which you must confirm with a password or your fingerprint), so there is no TAN to enter and send back via FinTS. I have no clue how (or even if) the server notifies the client that the transaction was confirmed, though. But as I'm still able to use MobileTAN, this is currently no big issue (for me).

With your current psd2 branch it looks like this (TAN mechanism is default, i.e. 920 = BestSign):

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 251, in __enter__
    self._standing_dialog.__enter__()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 37, in __enter__
    self.init()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 74, in init
    segments.append(self.client._get_tan_segment(segments[0], '4'))
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 1156, in _get_tan_segment
    seg.tan_medium_name = self.selected_tan_medium.tan_medium_name
AttributeError: 'NoneType' object has no attribute 'tan_medium_name'

When set to 930 (MobileTAN), the results are as expected:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 250, in __enter__
    self._standing_dialog = self._get_dialog()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 269, in _get_dialog
    self._ensure_system_id()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 1111, in _ensure_system_id
    HKSYN3(SynchronizationMode.NEW_SYSTEM_ID),
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 80, in init
    retval = self.send(*segments, internal_send=True)
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 141, in send
    self.client.process_response_message(self, response, internal_send=internal_send)
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 241, in process_response_message
    self._process_response(dialog, segment, response)
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 1267, in _process_response
    raise FinTSSCARequiredError("This operation requires strong customer authentication.")
fints.exceptions.FinTSSCARequiredError: This operation requires strong customer authentication.

@j-ittner
Copy link

Actually I think this is related. BestSign can act as a TAN generator - in that case the BestSign app on the smartphone displays a 6-character TAN after successful authentication, which the user can then manually enter into the application that requested authentication.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@raphaelm @jahir @j-ittner @michaelgreyskull