Skip to main content
  1. Data-recipients/

User management

2 mins
Table of Contents

Registration #

Out of the box compliance #

When it comes to customer registration Wych’s OpenID compliant authentication and authorisation service - Wych Auth - provides all the necessary tools for businesses to get going with user authentication and registration.

Wych requires an end-user to be registered before a connection journey can begin. User registration can be managed by the Wych Auth system, using email address and password, social loging or by utilising a business existing SSO. As with all Wych services the out-of-box solution should work for the majority of businesses:

  1. User navigates to the app URL
  2. Web app immediately redirects to login
  3. User logs in or registers

Register by API #

It is also possible to register users and log them into the Wych Apps directly. This can enable partners to deep-link into the Wych system without requiring the user to login as they leave one system and go to the next.

Bring your own consent #

Occasionally it is necessary to integrate the consent flow into an existing application. This can be helpful when you are migrating from an existing provider, or working with providers in different regions and want to provide your users with a consistent user experience. In this case we provide access to the relevant API to retrive the necessary data to perform the connection journey. You are required to deliver for the mandatory aspects defined above. When the ‘Bring your own consent’ option is used, the new application will be required to be reviewed before it can be launched.

Login Journeys #

Token exchange (Customer) #

Given an existing User or user created via findUserByEmail

  1. Using the client credentials log in a. Call the /partner/{partnerId}/app/{appId}/users to find user
  2. Call the /partner/{partnerId}/app/{appId}/user/{userId}/token

Given an existing User or user created via findUserByEmail

  1. Using the client credentials log in a - Call the /partner/{partnerId}/app/{appId}/users to find user
  2. Call the /partner/{partnerId}/app/{appId}/user/{userId}/token
  3. Send user to link in response
  4. Exchange code for access token

Connection Journey (AU) #

Given a logged in user

  1. Query for dataholders /dataholders
  2. Create a connection /connection POST using a dataholder id and valid scopes https://consumerdatastandardsaustralia.github.io/standards/#authorisation-scopes (Also needs “openid” in the scope)
  3. Authorize connection /connection/{connectionId}/authorize POST