BankID Authentication

BankID eliminates the largest onboarding friction for Norwegian users: creating and memorizing a separate password. The identity verification it provides closes a real operational gap - all three workshop organizations reported that member databases are missing personnummer for many users, and BankID login supplies that field automatically on first authentication, improving data quality without any manual coordinator effort. Offering government-grade authentication also increases organizational trust in the platform's security posture when handling sensitive peer mentor and assignment data across multiple tenants.

BankID integration uses a certified Norwegian broker (Criipto or Signicat) over OpenID Connect / OAuth 2.0. The Authentication Module adds /auth/bankid/initiate and /auth/bankid/callback endpoints. On successful callback the module extracts the personnummer from the identity token and stores it on the user record; if no match is found the user is prompted to link to an existing account or create a new one. The broker handles all BankID UI and device compatibility. The auth module's provider extension point is designed at MVP so adding BankID requires no changes to the core session or token schema.