Open Banking and open-source client-side software is a poor fit (btw, the "open" is a sham, there's nothing open about it).
Open Banking is implemented as a set of REST APIs using oAuth offered either by the banks directly (if you have the necessary regulatory approval) or by a gatekeeper such as TrueLayer/Plaid/etc (and I believe you can piggyback off their license, so no regulatory approval necessary).
Consuming oAuth APIs relies on guarding a client ID & the associated secret which would be impossible in an open-source app (or any client-side app for that matter, since extracting those is merely a reverse-engineering problem), therefore out-of-the-box Open Banking support is impossible.
However, nothing prevents them from developing the integration and let the end-user provide their own client ID/secret from their own accounts, and I believe most of these Open Banking providers have a free dev plan that can nevertheless connect to real accounts and would be enough for this.
In Germany, we have HBCI/FinTS, it's basically a standardised protocol to do "home-banking", and it works really well. I use an open source Java app, Hibiscus [0], and it connects to all my accounts and downloads the transactions. I can also make transfers in the software and they're pushed to the respective banks.
It's almost what I imagine client-server Open Banking could have been.
There's also the EBICS protocol, but that is more for B2B, server-server communication I believe.
In the EU and UK, banks are required to impose onerous security and authentication requirements on third party software before granting account access. The rules are designed to protect consumers from insecure or malicious software but unfortunately a side effect is that open source projects are quite unlikely to be able to comply. The most we can hope for is usually that a bank lets you manually download statements as OFX. HSBC does that for example but some other banks/ credit card providers only give you QIF or CSV.
One commenter mentioned aqbanking, which is open-source and can navigate various kinds of 2FA shenanigans via the FinTS protocol. For example, it communicates to my card reader via USB, and relays the resulting TAN back to the bank server.
Nextgrid|2 years ago
Open Banking is implemented as a set of REST APIs using oAuth offered either by the banks directly (if you have the necessary regulatory approval) or by a gatekeeper such as TrueLayer/Plaid/etc (and I believe you can piggyback off their license, so no regulatory approval necessary).
Consuming oAuth APIs relies on guarding a client ID & the associated secret which would be impossible in an open-source app (or any client-side app for that matter, since extracting those is merely a reverse-engineering problem), therefore out-of-the-box Open Banking support is impossible.
However, nothing prevents them from developing the integration and let the end-user provide their own client ID/secret from their own accounts, and I believe most of these Open Banking providers have a free dev plan that can nevertheless connect to real accounts and would be enough for this.
amaccuish|2 years ago
It's almost what I imagine client-server Open Banking could have been.
There's also the EBICS protocol, but that is more for B2B, server-server communication I believe.
[0] https://github.com/willuhn/hibiscus/tree/master
NoboruWataya|2 years ago
Hackbraten|2 years ago