These guidelines provide examples for when Redirect to App is unable to be used for the purposes of CDR authentication, and Decoupled Authentication is not supported.
<aside>
The Fallback Authentication Framework relates to the Fallback Authentication Flows section of the Authentication Schedule Standards. These standards apply where Redirect to App is unable to be used for the purposes of CDR authentication, and Decoupled Authentication is not supported. In such cases, data holders are required to continue providing support for Redirect to Web with One Time Password (OTP) flow.
All data holders and data recipients must implement the relevant redirect to app standards by 10 May 2027. If implemented prior to this date, CDR participants will also need to meet other relevant standards, such as the Fallback Authentication Flows outlined in this guidance.
<aside> <img src="/icons/info-alternate_gray.svg" alt="/icons/info-alternate_gray.svg" width="40px" />
Note: The wireframes shown are examples of how to implement key rules, standards, and guidelines. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.
</aside>
The following wireframes show an example of the Fallback Authentication Framework.
https://embed.figma.com/design/jcxgMAW8w71slj4c6powiB/WIP25-MI24-|-2AU0.-Fallback-Authentication-Framework-v1.XX.X.2025.09.XX?node-id=424-0&embed-host=notion&footer=false&theme=system