Page Refresh Issue in Consent Flow with OBConsentServlet

[aka4rKO]

The oauth2_authz.do page is unable to refresh properly during the consent flow. When navigating through the login and OTP pages, the flow redirects to oauth2_authz.do. Based on the web.xml configuration, it is mapped to the OBConsentServlet:

<servlet-mapping>
    <servlet-name>OBConsentServlet</servlet-name>
    <url-pattern>/oauth2_authz.do</url-pattern>
</servlet-mapping>

The OBConsentServlet determines whether to navigate to ob_cds_profile_selection.jsp or ob_cds_account_selection.jsp based on the preSelectedProfileId. The servlet forwards the request using the following code[1]:
dispatcher.forward(originalRequest, response);
This forward operation occurs server-side, meaning the browser is unaware of the forwarding, and the URL in the browser remains unchanged.

When the page is refreshed, it navigates back to the OBConsentServlet and attempts to validate the authorization using the same key. Since this key has already been used, an error is triggered.

[1]

financial-services-accelerator/open-banking-accelerator/internal-apis/internal-webapps/com.wso2.openbanking.authentication.webapp/src/main/java/com/wso2/openbanking/accelerator/authentication/webapp/OBConsentServlet.java

Line 173 in aa73cf2

dispatcher.forward(originalRequest, response);