Decoupled/MFA banks (e.g. VR Bank in Holstein) were hard-blocked because the
authorize flow aborted whenever auth_methods[0] was DECOUPLED. Enable Banking's
hosted /auth page actually coordinates decoupled SCA and redirects back with a
code, so route these banks through it instead:
- Provider#start_authorization accepts and forwards an auth_method param
- EnableBankingItem#select_auth_method picks the best method
(REDIRECT > DECOUPLED > EMBEDDED), filtering by psu_type and skipping hidden
methods
- Shared begin_authorization! re-fetches ASPSP metadata on each authorize and
reauthorize, so the method is always re-derived (no persistence required)
- Remove the DECOUPLED block in the controller
Also stop the integration from constantly reporting "session expired":
- Only a session-level GET /sessions 401/404 flips the connection to
requires_update; per-account 401/404 are retried and no longer kill the
whole connection
- Reconcile session_expires_at from the API's access.valid_until on every sync
- Treat an expired session as a graceful requires_update state instead of
raising a bare error
No schema changes. Adds covering tests.
* fix(enable_banking): match bank list search against BIC, not just name
Bank-search filter on the Enable Banking bank-selection modal only indexed
`aspsp[:name]`, so users searching by BIC code (e.g. `INGDDEFF`) got no
results even when the bank was rendered in the list. Switch the per-item
data attribute to a `name + BIC` haystack and read from it in the Stimulus
controller, so either token matches.
Refs #1814
* style(bank_search): apply Biome formatting to forEach callback (#1874 review)
