...
As suggested by the figure on message flow, generic logic for consent handling is performed by the OIDC Provider together with the OIDC GUI componen. The specific GUI for consent handling is on the other hand governed by external components as illustrated for the TINFO service in the example flow. Each kind of Protected Resource supported by the OIDC Provider has its own external component for consent handling. The OpenID Connect Provider from BankID uses web-client technology from BankID to reduce the surface of attack on GUIs related to consent handling. Ensuring that the consent shown to the user is not spoofed and corresponds to the authorization actually granted is key to maintain trust in the OIDC Provider. This challenge corresponds to the classical WYSIWYS-challenge associated with digital signing. Know-how from the BankID signing service is used to build a high-trust solution for consent handling in the OIDC Provider.
...