Work in progress
This page is under re-construction
The default GUI experience of the BankID OIDC Service can be overridded and replaced by a customized implementation as described in the following.
Please see source code on GitHub for an example on how to implement such a GUI customization. (TODO: Publish such an example)
GUI customization demands that OIDC Client is configured with a specific "presentationURL" paramter with the OIDC Service overriding the URL of the landing page for the default GUI.
Any GUI implementation (called "BidViewer" in the below diagramme) will interoperate with the BankID OIDC Service (the "BINAS Realm") as following:
The authentication alternatives are
- BIM: BankID på Mobil and
- BID: Netcentric BankID.
The initial request to BidView will contain two parameters:
- sid - a session ID which must be used in all communication with BankID OIDC.
- oidcAuthenticationUrl - base address of the BankID OIDC API. The GUI implementation must use REST-services exposed by this API.
Here is a list of REST endpoints to be used by BidView (GUI) whith explanations:
This is a polling function to be notified when a BankID på Mobil authentication has ended (hopefully with success).
Http status code 200 is used to indicate that BankID OIDC has got the terminating "verifyAuth" or "handleError" notifications.
Http status code 204 is returned while the authentication is still in process.
When the BidView (GUI) is called, with sid (session ID) as parameter, it can send a queryGUI request to get session based info in return:
Start the merchant back end session for Banklagret BankID.
Initiate a BankID på Mobile authentication
When the GUI shall build the consent screen this REST-call is needed to retrieve information.
Input: sid -session ID
This is used for handling the user canceling out of BankID authentication or concent screen notifying BankID OIDC backend.
Input is sid - session ID.
To be able to display a concent screen like the one below, some extra information needs to be stored connected to each scope used by the OIDC Client. BankID OIDC will only give a list of scope names/IDs that requires user's consent. A description for each of those needs to be provided in the appropriate locale.