User experience

The OIDC Provider from BankID requires user interaction at three stages in its flow as illustrated below:

1. Selection of IDP-service by the end-user if the OIDC Client has not already requested a particular IDP via the login_hint parameter
2. Entry of required userID and credentials for the designated IDP.
3. Display and accept of consent for the requested VAS service(s).

The dialogues shown above corresponds to the default user-experience that comes with the OIDC Provider for the combination of BankID as IDP-service and TINFO as VAS-service. The OIDC Provider offers a default user-experience also for other combinations of IDP and VAS. Note that restrictions may apply on how the OIDC Provider can implement a default user-experience for or stage 2 and/or 3 depending on the security policies for the IDP and/or VAS(s) in question.

This release of the OIDC Provider supports web-based OIDC Client applications using browser re-direction to govern user-experience. This includes support for app-based OIDC Client applications using web-views. The OIDC Client is in either case in control on how and where each of the involved dialoges is integrated with the OIDC Client application. Three common user-experience alternatives are as follows: 

• Redirect: Redirect of the entire application page
• Inline: Re-direct of an iframe embedded in the application (mother) page
• Window: Re-direct of a pop-up (window) from the application (mother) page

The JS Connector may simplify the frontend integration with the OIDC Provider.

This release of the OIDC Provider also supports hybrid scenarios in which the OIDC Client application itself is web-based whereas the involved IDP and/or VAS are app-based. This is referred to as a decoupled user-experience.