Consent Flow Cancellation Error Handling
Consent flow scenarios
Case 1: Success
Case 2: Consumer selects cancel on data provider-owned consent screen
Case 3: Consumer selects cancel on Akoya-owned account selection screen or closes the browser
Case 4: Consumer abandons the Akoya-owned account selection screen, doesn’t make any selection, and the screen times out
Case 5: Account List API errors out
During consumer sign-up, consent, and account selection flow various non-success paths may occur. Let's take a look at some scenarios you may encounter.
Consent flow scenarios
For more information about OAuth 2.0 error handling, see the "Error response" section of OAuth 2.0 Simplified.
Case 1: Success
Consumer is authenticated with data provider.
Consumer provides consent on data provider owned consent screen.
The provider sends an OAuth grant code to Akoya. Akoya requests a provider token. In exchange for the OAuth grant code, the provider issues Akoya tokens.
Consumer authorizes the accounts on Akoya owned account selection UI.
Akoya redirects to the data recipient successfully.
Case 2: Consumer selects cancel on data provider-owned consent screen
Consumer is authenticated with data provider.
Consumer does not provide consent on data provider owned consent screen but clicks on cancel button.
Data provider neither generates nor shares a token with Akoya.
Data provider generates an error response and redirects the consumer to Akoya.
Data provider sends the error as query parameters in the redirect to Akoya per OAuth 2.0 standard.
Akoya shows a page with a “Connection Issue” message.
When consumer selects cancel on that error page, Akoya redirects consumer to the recipient with the same OAuth standard error.
Case 3: Consumer selects cancel on Akoya-owned account selection screen or closes the browser
Consumer is authenticated with data provider.
Consumer provides consent on data provider owned consent screen.
The provider sends an OAuth grant code to Akoya. Akoya requests a provider token. In exchange for the OAuth grant code, the provider issues Akoya tokens.
Consumers clicks on the cancel button on the Akoya owned account selection UI.
Akoya redirects to the data recipient with appropriate error description.
Case 4: Consumer abandons the Akoya-owned account selection screen, doesn’t make any selection, and the screen times out
Consumer is authenticated with data provider.
Consumer provides consent on data provider owned consent screen.
The provider sends an OAuth grant code to Akoya. Akoya requests a provider token. In exchange for the OAuth grant code, the provider issues Akoya tokens.
Consumer does not do anything, abandons the Akoya owned account selection UI, and it times out.
Akoya redirects to the data recipient with appropriate error description.
Case 5: Account List API errors out
Consumer is authenticated with data provider.
Consumer provides consent on data provider owned consent screen.
The provider sends an OAuth grant code to Akoya. Akoya requests a provider token. In exchange for the OAuth grant code, the provider issues Akoya tokens.
Account List API fails/errors out and Akoya is not able to display any account information of the consumer on the account selection UI. An error message is displayed to the consumer. A “Cancel” button is presented to the consumer which will redirect to recipient with error.
Akoya redirects to the data recipient with appropriate error description.
Table of contents
Consent flow scenarios
Case 1: Success
Case 2: Consumer selects cancel on data provider-owned consent screen
Case 3: Consumer selects cancel on Akoya-owned account selection screen or closes the browser
Case 4: Consumer abandons the Akoya-owned account selection screen, doesn’t make any selection, and the screen times out
Case 5: Account List API errors out