When using Additional Information on your website, we recommend that you get to know how Additional Information is presented for the user, depending on the different scopes you use and the state of the user. In this document, you can find information about what you should consider when using Additional Information - from a user perspective.
1. The different states of the user
The user needs to give consent to share his data with you, and this is handled by the dialogues of Additional Information. To trigger the Additional Information consent screen to enable access to this service you simply add some extra scope parameters to the authentication request to get an appropriate access token in return. This token must be used to request the data in question. Get more information about this in the technical documentation.
The user will have a different experience of Additional Information, depending on if this is the first time he meets the service, or if it is recurring use.
- The user has not enrolled to Additional Information, and will have to complete his contact information and accept terms and conditions
- The user has enrolled to Additional Information, and wants to use Additional Information to share his contact information
- The user has enrolled to Additional Information, and wants to edit his contact information in Additional Information
For more information about how Additional Information is presented to the user, look here: How Additional Information appears to the user
Note that if the user chooses to cancel the Additional Information-process by clicking the cancel-buttons, he will still be returned as a authenticated xID or BankID-user.
2. Recommended use of scopes
Merchants and customers may sign up for the Additional Information service that offers the transaction of more detailed personal information. With Additional Information, merchants can ask for information such as:
- Email address
- Postal address
- Phone number
- National Identity Number (special conditions apply)
The user completes and stores his user data with Additional Information. He then chooses if he wants to share it with other websites. He chooses if and what data he would like to share with each merchant.
We recommend that you only ask for the data you need. The user usually wonders why you need certain information, and especially with GDPR requirements coming up. Thus, we recommend that you consider what user data you need to fulfill the users actions at your website.
3. Skinning for xID and BankID
Additional Information can be used in both xID and BankID contexts. The user experience will be similar, but the skinning will be different. Additional Information will appear in the design of the identity provider that it is used with.
4. Window, redirect or iframe?
When implementing Additional Information at your website, you need to decide how you want to present the Additional Information-dialogues. These can either be presented through a window unattached to your website, an inline (iframe) implementation or through a redirect. Please also see the technical documentation on this issue.
When a Merchant initiates an authentication and Additional Information in the same request, the mode will be the same for both services.
Note that we have used the dialogue for storing contact information as an example below. The user will only see this the first time he is using Additional Information and a similar dialogue if he wants to edit his information in Additional Information. The user will mainly meet a consent dialogue at your website. See alle dialogues here: How Additional Information appears to the user
Window is the easiest implementation of Additional Information, since it requires minimal interference on your website. It also works well on mobile devices. However remember that the dialogue window might fall behind the browser window on the users desktop, and its easy to loose track of the Additional Information process for the user. Note this special use case for in-app browsers when selecting a window implementation. xID screenshots are used in this example. If used with bankID, Additional Information will appear with a BankID design.
A re-direct implementation will take control of the entire browser window, redirecting the user to the Additional Information dialogues. The user will no longer see your website until they either finish or cancel the Additional Information process. Note that the important elements of the Additional Information-dialogue, like the logo, cancel button and changing the user, become easy to ignore, due to their placement along the edges of the browser window. On the other hand, redirect works excellent on mobile phones. We recommend this implementation on mobile phones. xID screenshots are used in this example. If used with bankID, Additional Information will appear with a BankID design.
With an inline (iframe) implementation the Additional Information dialogues can either become an integrated part of your website or be placed "in front" on your website (see the example below). This way the focus is set on the dialogues and the user will have to cancel or finish the Additional Information-process to return to your website. You will have to make the frame as large as the largest dialogue, where the user adds his contact information (please see How Additional Information appears to the user), to avoid scroll in scroll at your webpage. We do not recommend iframe for mobile phones. For mobile phones we recommend to use redirect instead. xID screenshots are used in this example. If used with bankID, Additional Information will appear with a BankID design.
4. Show explanatory error messages to the user when something is wrong
When using Additional Information on your website, you need to make sure that your website properly respond to errors codes returned by Additional Information. Some errors that may occur, require a message to the end user, especially if the end result is that they are not able to share their contact information from Additional Information.
5. Choosing a proper display name
When ordering Additional Information, you also need to decide on what name of your website you want to display in the Additional Information-dialouges and the other OIDC-dialogues. The displayname will be the same for all OIDC-services. The display name will be shown in the dialogue where the user is asked if he want to use Additional Information at your website (the Consent screen in the UDD Viewer: How Additional Information appears to the user), with the following text:
<display name> har bedt om følgende informasjon:
<display name> has requested the following information:
For xID, choosing a displayname is descriped here: User experience design