You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

The BankID IDP in the OIDC Provider is a multi-tennant service having the capability to host several BankID merchant certificates. In its default configuration all OIDC Clients share a common BankID merchant certificate associated with the BankID OIDC Service itself. Alterntively, an OIDC Client may be configured with its own BankID merchant certificate. The BankID IDP supports each of the BankID B2C Services (netcentric and mobile).

BankID via the OIDC Provider is currently restricted to authentication. Future support for BankID signing may be added.

There are several benefits for merchants integrating BankID over OIDC rather than using a legacy integration via a locally installed BankID-server:

  • The integration interface is the same for each of the BankID B2C Services  (netcentric and mobile).
  • The merchant does not need to implement any GUI for BankID on mobile since it is taken care of by the OIDC Provider itself
  • The merchant does not need to implement a selector dialog for netcentric vs. mobil since the OIDC Provider offers such a selector dialogue.
  • The integration interface is based on an industry-standard REST API being much more convenient than implementing via the legacy BankID-server.
  • The merchant may have access to Supplementary Services that are not available via the legacy BankID server.

The exact behaviour for the BankID IPD can be controlled by the OIDC Client by suppling the proper values to the login_hint parameter in requests to the Authorize endpoint:

 

login_hintDescription
"" 
"BID" 
"BID:07025312345" 
"BIM" 
"BIM:48058567:070253" 
":07025312345" 

 

 

An emtpy login hint implies that the default (or customized) GUI takes care of all interaction with the end-user to determine necessary login details.

 

The discovery/metadata endpoint returns: "login_hint_supported":"[BIM|BID][:\\d{11}][:\\d{8}][:\\d{6}] for respectively client_type, nnin, phoneNo, birthday"

 

Here are some examples with explanation:

 

  1. Netcentric BankID with user-profile - login_hint=BID:07025312345 (Norwegian national ID number/fødselsnummer)
  2. Netcentric BankID no user-profile - login_hint=BID
  3. BankID on mobile no user-profile - login_hint=BIM
  4. BankID on mobile with user-profile - login_hint=BIM:48058567:070253 (phone no and birthday DDMMYY)
  5. Some user-profile no BankID choice - login_hint=:07025312345  (numbers start with colon!)

 

In example no 5 the user is prompted for choice of BankID version, but Norwegian national number is used for BID and birthday is used for BIM (first 6 digits).


  • No labels