This section and is sub-pages contains information regarding user experience design. Here, you'll find information about how BankID is presented to the end user, as well as some tips and tricks to keep in mind while setting up your BankID implementation.
A note on Identity providers
BankID currently offer two identity providers for end users:
- BankID Netcentric relies on a code device (issued to end user from their issuing bank) and a personal password, which the end user sets in the online bank. Some issuing banks have developed their own mobile-apps that replace their code device
- BankID on Mobile will prompt the end user to check a transaction reference on their phone, as well as entering a PIN-code
We are also currently working on a third IDP-option: a BankID App (BAPP). This is in a rollout phase now and will become more available during Q2 and Q3 2020.
For more information, please refer to our website.
Basic flow: End-user dialogues
As described in the message flow details of the authorization code grant, the end user interacts with BankID in three different stages, depending on the scopes given to indicate which service is requested.
- IDP selector: The end user selects the desired BankID identity provider (if the OIDC Client has not already requested a particular IDP via the
login_hintparameter) - Authentication: The end user provides credentials for the selected IDP method
- Consent dialogues: The end user provides consent to share data with the merchant (if requested by the merchant
More information about the end user dialogues and flows can be found here: https://brand.vipps.no/d/DgLepABXUPY4/markedspakker#/markedspakker/bankid-identifisering
1 IDP selector
After initializing the authorize request, the end user will be shown the IDP selector dialogue, where the end user is given the choice between the supported identity providers. As described in the documentation for the authroize endpoint, the merchant may buypass this dialogue by including a login_hint parameter to pre-select either BankID Netcentric or BankID on Mobile. See Login Hints under identity providers for more details.
2 Authentication
After the end user has selected their preferred IDP, or in the case of preselection through login hints, the end user will authenticate with this IDP. As described in the section for identity providers, we currently offer BankID Netcentric and BankID on Mobile.
| Step | BankID Netcentric | BankID on Mobile |
|---|---|---|
Identifier Something that the end user "is" |
End user types their national identity number |
End user types their mobile number and birth date |
OTP Something that the end user "has" |
End user supplies their one-time password, retrieved from their BankID code device |
End user is shown reference words and is asked to check their mobile phone. If the reference words coincide, they can move on to next and final step |
Password Something that the end user "knows" |
End user supplies their personal password, which is managed at their issuing bank website |
End user types their personal PIN code |
Consent dialogues
If the merchant has requested access to end user data that's not contained in the ID Token (see userinfo for more), the end user will be shown consent dialogues for sharing these data points after they have authenticated. Pleaase see consent dialogues for more details on this.
Further notes
This release of the OIDC Provider does not support pure app-based applications using a completely embedded (API-based) user-experience. A future release may include such support either via deep-linking between the OIDC Client app and a designated OIDC Provider App, or via integration of a OIDC Provider SDK into the OIDC Client app.