BankID Integration Service
Component Detail
Service Layer
high complexity
backend
0
Dependencies
0
Dependents
2
Entities
0
Integrations
Description
Server-side handler for the BankID OIDC flow via a certified Norwegian broker (Criipto or Signicat). Exposes initiate and callback endpoints on the Authentication Module, validates the identity token, extracts the personnummer, and resolves or creates the associated Meander user record.
bankid-integration-service
Responsibilities
- Generate state and nonce parameters and redirect clients to the broker authorization endpoint at /auth/bankid/initiate
- Receive the authorization callback at /auth/bankid/callback and exchange the code for tokens via the broker
- Validate the id_token signature using broker JWKS and extract the personnummer (PID claim)
- Look up an existing Meander user by personnummer and auto-link on match
- Persist the personnummer on the user record and delegate session creation to the shared Auth Service
Interfaces
initiateAuth(redirectUri): AuthorizationUrl
handleCallback(code, state): BankIdIdentity
resolveIdentity(personnummer): User | null
linkIdentityToUser(userId, personnummer): void
createSessionFromBankId(userId): Session
Related Data Entities (2)
Data entities managed by this component