This article provides a high-level overview of OAuth, a form of user authentication used by the majority of Plaid’s European integrations.
What is OAuth?
Plaid’s PSD2-compliant European integrations use a protocol called OAuth 2.0 (Open Authorization) that allows users to share their financial data without giving Plaid access to their bank login credentials. Users can then revoke access to their data at any time via their bank’s website, or extend access via Link update mode.
For a full list of Plaid’s European integrations that use OAuth, please make a call to our
/institutions/get endpoint with your desired
country_codes and the
oauth option set to
true. The response for all institutions also includes an
oauth field, which indicates whether or not Plaid uses OAuth to authenticate users for that institution.
What does OAuth look like for Plaid users?
When users select an OAuth-enabled institution in Link, they are brought to an authentication page hosted by the institution – for example, if the user is linking their Lloyds Bank account, they will be directed to a login page hosted by Lloyds Bank. Here’s an example of what that sequence looks like (note that the appearance of the authentication page differs by institution):
Once the user successfully authenticates, the institution sends Plaid authorization tokens that we use to retrieve the user’s financial data.
Users generally need to refresh their access-consent after a certain amount of time (determined by the institution – 90 days is most common). To see when a user will need to re-authenticate, make a request to the
/item/get endpoint and see the
consent_expiration_time field. Plaid will also send a
PENDING_EXPIRATION webhook one week before a user’s access-consent is set to expire. In order to continue receiving data for that user, ensure they re-authenticate via Link update mode prior to that date.
If one of your users is having trouble linking their account for an OAuth-enabled institution, here are some steps that you can take to troubleshoot the issue:
- Ensure that your Plaid integration is fully set up to handle OAuth. There are some additional steps that you’ll need to take to make sure that OAuth login flows complete successfully – please see this section of our docs for more information.
- Ensure that your user can successfully log directly into their bank website. If they can’t, instruct them to contact their bank’s support team and then try again.
- Ensure that your user is attempting to connect to the correct bank within Link. Some institutions, like HSBC and Barclays, have separated access to different account types (e.g. business versus personal) into multiple institutions.
- If your user is persistently running into an error on the bank’s OAuth login page or when redirected back to Plaid Link, please let us know here. When creating an OAuth support case, include a screenshot of your user’s experience (with any sensitive data redacted), and please describe the issue in detail, which will enable us to help restore your user’s connection as quickly as possible.