With the recent change caused by SCA users are now required to essentially authenticate twice - once through emails, and the second time through the app.
This is difficult not only for developers who now need to support an extra step, wait for the response and (possibly) have to poll every couple minutes but also for users who have a less than seamless experience.
My proposal would be the (optional) inclusion of a 3DS strong authentication flow.
Above is an image of the transaction style 3DS - but the 3rd party one could be styled and presented slightly differently. The important thing is that we’d be asking users to grant access through the app, and only through the app. Once they had accepted, the page would automatically update and move on to the existing redirect_uri (success URL) and potentially a new error_uri (when a user rejects access).
While my knowledge of the legal implications of SCA are limited, I do believe the in-app prompt on it’s own is sufficient to gain access to this information (given you have already had to use a magic link to get to that view).
What do people think? Monzonauts is this completely impossible or just unlikely? 