nemiah
Show TAN methods
Hello,
I noticed when I use phpFinTS with my VR bank account I get 4 TAN methods back and show them. For example I not see SecureGo plus which I have. When I choose SecureGo it also works nevertheless.
But when I use the same bank data with my bank software MoneyMoney I see some more - even SecureGo plus. Even TAN methods which I don't have appear there.
Will phpFinTS always show the latest TAN methods that belong to a user? If so, why is SecureGo plus missing then?
Will phpFinTS always show the latest TAN methods that belong to a user?
The phpFinTS library shows all the TAN modes that are available to the user according to the server's response. More specifically:
- The BPD contains a list of all TAN modes that the bank supports, independent of the user. This should contain the "missing ones" -- you can verify this by doing
print_r($fints->getBpd()->allTanModes). - From that list, the library only returns the subset available to the user according to the user data. You can inspect that subset with
print_r($fints->allowedTanModes).
If so, why is SecureGo plus missing then?
My guess is that it's not on the allowlist from that second step above. So the new question is: Why does MoneyMoney show it?
- It's possible that MoneyMoney just blindly shows all of the TAN modes from the BPD and disregards the user-specific data. (This theory is especially plausible if MoneyMoney prompts you to select the TAN mode before you've provided your username and password to log in.)
- It's also possible that the bank server delivers a different set of allowable TAN modes to MoneyMoney (perhaps they recognize its client ID or perhaps MoneyMoney uses an older/newer protocol version that makes the server react differently). If you want to debug deeper into this, you need to log the FinTS traffic with both applications (use
$fints->setLogger()for phpFinTS) and search for3920, which is the serialized identifier of the data element that contains the allowed TAN methods.
