Skip to content

feat: add decoupled TAN and CAMT.052 support#45

Open
dtrunk90 wants to merge 4 commits intolarsdecker:masterfrom
dtrunk90:master
Open

feat: add decoupled TAN and CAMT.052 support#45
dtrunk90 wants to merge 4 commits intolarsdecker:masterfrom
dtrunk90:master

Conversation

@dtrunk90
Copy link
Copy Markdown

@dtrunk90 dtrunk90 commented Apr 21, 2026
edited
Loading

Summary

This PR adds two related features needed for Sparda Bank (and other banks using modern FinTS authentication and CAMT-based account statements):

Decoupled TAN (pushTAN / app-based authentication)

  • Implements the FinTS 3.0 decoupled TAN flow (tanProcess=2) where transaction approval happens asynchronously on a separate device (e.g. a mobile banking app)
  • Adds DecoupledTanManager with configurable polling, a full state machine (INITIATED → CHALLENGE_SENT → PENDING_CONFIRMATION → CONFIRMED / CANCELLED / TIMED_OUT / FAILED), user cancellation, and total timeout
  • Dialog gains three new methods: handleDecoupledTan(), cancelDecoupledTan(), checkDecoupledTanStatus()
  • Fixes HKTAN process code: status polling requests now correctly use process "S" instead of "4"
  • HITANS timing fields (decoupledWaitBeforeFirstStatusRequest, decoupledWaitBetweenStatusRequests) are in seconds per spec and are now correctly converted to milliseconds
  • Return codes handled: 3956 (SCA pending), 3076 (PSD2 SCA required), 0030 (order accepted / TAN confirmed)

CAMT.052 account statement support (HKCAZ/HICAZ)

  • Adds HKCAZ request segment (request CAMT account transactions)
  • Adds HICAZ response segment (binary-encoded CAMT XML payload)
  • Adds HICAZS parameter segment (server capabilities: max days, supported CAMT format)
  • Adds a regex-based parseCamt052() parser that maps CAMT.052 XML to the existing mt940-js Statement/Transaction interface, including:
    • name, description, bankReference (Verwendungszweck from <Ustrd>)
    • isCredit, isExpense, currency, amount, date, valueDate
    • id from <AcctSvcrRef> (usable as transaction ID in Firefly III etc.)
    • descriptionStructured with counterparty IBAN/BIC, EndToEndId, mandate reference, creditor ID
    • Namespace-aware tag matching (handles both plain and prefixed XML like ns2:Ntry)

Tests

  • Integration tests for the full decoupled TAN polling loop, cancellation, and status tracking
  • Unit tests for HICAZ, HICAZS, HKCAZ segment serialization/deserialization
  • Unit tests for parseCamt052 covering credit/debit transactions, balances, account identification, descriptionStructured, and namespaced XML

References

larsdecker/n8n-nodes-fints#105

dtrunk90 added 2 commits April 22, 2026 01:04
@dtrunk90
feat: add decoupled TAN support (pushTAN/app-based authentication)
ad12f5f 
Implements FinTS 3.0 decoupled TAN flow (tanProcess=2) for async app-based
approval. Adds DecoupledTanManager with configurable polling, state machine
(INITIATED→CONFIRMED), cancellation, and timeout handling. Dialog gains
handleDecoupledTan/cancelDecoupledTan/checkDecoupledTanStatus methods.
Fixes HKTAN process code to use "S" for status polling. HITANS timing fields
(seconds) are now correctly converted to ms. Integration tests updated to
reflect 0-second server values and timing-safe mock delays.
@dtrunk90
feat: add CAMT.052 account statement support (HKCAZ/HICAZ)
378b860 
Adds HKCAZ request segment, HICAZ/HICAZS response segments, and a
regex-based CAMT.052 XML parser. The parser maps CAMT fields to the
mt940-js Transaction interface including name, description, bankReference,
isCredit, isExpense, currency, counterparty IBAN/BIC, EndToEndId, mandate
reference, and creditor ID. Includes unit tests for all new segments and
the parser (namespaced XML, credit/debit, descriptionStructured).
This was referenced Apr 21, 2026
Merged
Open
@larsdecker larsdecker requested a review from Copilot April 22, 2026 04:42
Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds FinTS decoupled TAN (asynchronous/pushTAN-style) handling and introduces CAMT.052-based transaction fetching (HKCAZ/HICAZ/HICAZS) as an alternative to MT940 statements.

Changes:

  • Add new CAMT-related segments (HKCAZ request, HICAZ response, HICAZS parameter segment) plus a CAMT.052 parser and tests.
  • Implement/adjust decoupled TAN polling behavior (HKTAN process "S" for status polling; HITANS timing conversion to ms).
  • Extend Client.statements() and Dialog.sync() to detect/support CAMT transactions and route statement fetching accordingly.

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
packages/fints/src/segments/index.ts Exports newly added CAMT segment implementations.
packages/fints/src/segments/hktan.ts Allows HKTAN process "S" and serializes it like process "2" for polling.
packages/fints/src/segments/hkcaz.ts Adds HKCAZ request segment serialization for CAMT transaction fetching.
packages/fints/src/segments/hicaz.ts Adds HICAZ response segment deserialization for CAMT payload fields.
packages/fints/src/segments/hicazs.ts Adds HICAZS parameter segment deserialization (max days + format).
packages/fints/src/segments/tests/test-hkcaz.ts Tests HKCAZ serialization.
packages/fints/src/segments/tests/test-hicaz.ts Tests HICAZ deserialization cases.
packages/fints/src/segments/tests/test-hicazs.ts Tests HICAZS deserialization.
packages/fints/src/dialog.ts Tracks CAMT support/version/format from sync response (currently has critical issues).
packages/fints/src/decoupled-tan/decoupled-tan-manager.ts Uses HKTAN process "S", converts HITANS timing seconds→ms, and syncs dialog state on direct sends.
packages/fints/src/decoupled-tan/tests/test-decoupled-tan-integration.ts Adjusts integration timing and in-flight cancellation/status checks.
packages/fints/src/client.ts Adds CAMT statement path (HKCAZ/HICAZ) and decoupled TAN handling during CAMT fetch (currently has critical issues).
packages/fints/src/camt052-parser.ts Implements regex-based CAMT.052 XML → Statement/Transaction mapping (currently has a balance-date parsing issue).
packages/fints/src/tests/test-camt052-parser.ts Adds unit tests for CAMT.052 parsing (missing assertion that would catch the balance-date issue).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/fints/src/dialog.ts
Comment thread packages/fints/src/dialog.ts
Comment thread packages/fints/src/client.ts
Comment thread packages/fints/src/client.ts
Comment thread packages/fints/src/client.ts
Comment thread packages/fints/src/camt052-parser.ts Outdated
dtrunk90 added 2 commits April 22, 2026 18:03
@dtrunk90
fix: address PR review comments for CAMT.052
bb8bae9 
- Rewrite camt052-parser to use fast-xml-parser instead of regex,
  consistent with the existing v4 camt-parser; fixes balance date
  extraction for nested <Dt><Dt>YYYY-MM-DD</Dt></Dt> structure
- Inject HKCAZ touchdown into each loop iteration in
  sendCamtStatementRequest to correctly handle paginated responses
- Guard TanRequiredError handling with isDecoupledTan() so non-decoupled
  TANs are not silently consumed as push TAN challenges
- Add balance date assertions to camt052-parser tests
@dtrunk90
fix: apply prettier formatting to fix lint errors
e239208
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dtrunk90