BankIdService
Component Detail
Service Layer
medium complexity
backend
0
Dependencies
0
Dependents
0
Entities
0
Integrations
Description
Manages the server-side integration with the BankID OIDC provider. Constructs authorization URLs, exchanges authorization codes for tokens, and validates ID tokens returned from BankID. Resolves the authenticated identity to an existing Meander user account or surfaces the national identity number for downstream member management.
bank-id-service
Sources & reasoning
Priority matrix line 144 assigns BankID/Vipps to phase 2 with MUST HAVE priority. Phase 2 maps to v1.0 by ordinal position. Line 42 explicitly defers it from MVP. All four organisations confirmed preference in workshops (line 40-42), making v1.0 the correct and evidence-backed target release.
-
docs/source/likeperson.md · line 40-42Alle fire organisasjoner peker på BankID eller Vipps som foretrukket autentisering ved førstegangs innlogging
-
docs/source/likeperson.md · line 144BankID / Vipps innlogging | ✓ | ✓ | ✓ | ✓ | ✓ | MUST HAVE | 2
Responsibilities
- Build and sign the OIDC authorization request URL with correct scopes and state parameter
- Exchange the authorization code for access and ID tokens via the BankID token endpoint
- Validate ID token signature, issuer, audience, and expiry
- Link the BankID subject identifier to the Meander user account
- Extract and store the national identity number when present in the token claims
Interfaces
buildAuthorizationUrl(redirectUri: string): string
exchangeCodeForTokens(code: string, state: string): OidcTokenSet
validateIdToken(idToken: string): BankIdClaims
linkIdentityToUser(claims: BankIdClaims): User