python-fints icon indicating copy to clipboard operation
python-fints copied to clipboard
verified publisher icon raphaelm

Postbank BestSign Login

Open michaelgreyskull opened this issue 6 years ago • 4 comments

Hello,

thank you for your great software! :) Since Postbank has established new ways of authentication, I wanted to ask if someone already managed to do a login with python-fints using the BestSign authentication mechanism.

When you do the usual initializiation like f = FinTS3PinTanClient(BLZ, PostbankID, password, 'https://hbci.postbank.de/banking/hbci.do') and afterwards call f.get_sepa_accounts() there is this (new) error:

Dialog response: 9050 - Teilweise fehlerhaft. Dialog response: 9999 - Dialog bereits geschlossen. Dialog response: 9800 - Dialog ungueltig/unbekannt.

Usually a login attempt triggers the BestSign app to authorize the login but in this case, I only get the error messages. Probably I have misconfigured (or not yet configured) something. Has anyone connected succesfully using this BestSign method, yet?

Thanks to you!

michaelgreyskull avatar Sep 11 '19 10:09 michaelgreyskull

Has anyone connected succesfully using this BestSign method, yet?

I don't think so. I don't know enough about BestSign to decide if this is a duplicate to #72, though

raphaelm avatar Sep 11 '19 12:09 raphaelm

Thank you for your fast response!

It's not exactly a duplicate (that's why I opened up this issue specifically for BestSign) but definitely related as this method has been introduced due to PSD2. I hope they do not shut down the FinTS interface completely. I will contact Postbank and keep you updated.

michaelgreyskull avatar Sep 11 '19 15:09 michaelgreyskull

I don't think so. I don't know enough about BestSign to decide if this is a duplicate to #72, though

Related to #72 because of PSD2 I think, but BestSign is conceptually different to usual TAN methods: You get a push message on your smartphone that prompts you to permit the request (which you must confirm with a password or your fingerprint), so there is no TAN to enter and send back via FinTS. I have no clue how (or even if) the server notifies the client that the transaction was confirmed, though. But as I'm still able to use MobileTAN, this is currently no big issue (for me).

With your current psd2 branch it looks like this (TAN mechanism is default, i.e. 920 = BestSign):

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 251, in __enter__
    self._standing_dialog.__enter__()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 37, in __enter__
    self.init()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 74, in init
    segments.append(self.client._get_tan_segment(segments[0], '4'))
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 1156, in _get_tan_segment
    seg.tan_medium_name = self.selected_tan_medium.tan_medium_name
AttributeError: 'NoneType' object has no attribute 'tan_medium_name'

When set to 930 (MobileTAN), the results are as expected:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 250, in __enter__
    self._standing_dialog = self._get_dialog()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 269, in _get_dialog
    self._ensure_system_id()
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 1111, in _ensure_system_id
    HKSYN3(SynchronizationMode.NEW_SYSTEM_ID),
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 80, in init
    retval = self.send(*segments, internal_send=True)
  File "/home/fints/.local/lib/python3.7/site-packages/fints/dialog.py", line 141, in send
    self.client.process_response_message(self, response, internal_send=internal_send)
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 241, in process_response_message
    self._process_response(dialog, segment, response)
  File "/home/fints/.local/lib/python3.7/site-packages/fints/client.py", line 1267, in _process_response
    raise FinTSSCARequiredError("This operation requires strong customer authentication.")
fints.exceptions.FinTSSCARequiredError: This operation requires strong customer authentication.

jahir avatar Sep 12 '19 14:09 jahir

Actually I think this is related. BestSign can act as a TAN generator - in that case the BestSign app on the smartphone displays a 6-character TAN after successful authentication, which the user can then manually enter into the application that requested authentication.

j-ittner avatar Sep 12 '19 14:09 j-ittner