🏠 Overview 🧩 Components 🧩 VippsAuthService

VippsAuthService

Component Detail

Service Layer medium complexity backend
0
Dependencies
0
Dependents
0
Entities
0
Integrations

Description

Orchestrates the OAuth2/OIDC authentication flow with the Vipps Login API on the backend. Constructs authorization URLs, exchanges authorization codes for tokens, validates ID tokens, and maps the Vipps identity to a Meander user account. Handles per-organisation licensing activation checks before allowing the flow to proceed.

Feature: Vipps Authentication

vipps-auth-service

Sources & reasoning

Priority matrix assigns BankID/Vipps to phase 2 (v1.0). Line 42 defers it from MVP. Line 379 shows explicit cost-sharing discussion confirming it is a planned real feature. Phase 2 by ordinal = v1.0. Treated symmetrically with BankID per all source references.

  • docs/source/likeperson.md · line 379
    Vipps login-kostnad (350-750 kr/mnd) fordeles mellom organisasjonene - avtal modell.
  • docs/source/likeperson.md · line 144
    BankID / Vipps innlogging | ✓ | ✓ | ✓ | ✓ | ✓ | MUST HAVE | 2
  • docs/source/likeperson.md · line 42
    MVP leveres med e-post/passord-innlogging; BankID og Vipps ruller ut i Fase 2

Responsibilities

  • Build and sign the OAuth2 authorization request URL with correct scopes and state parameter
  • Exchange the authorization code for access, refresh, and ID tokens via Vipps token endpoint
  • Validate the OIDC ID token signature, issuer, audience, and expiry
  • Map the verified Vipps subject identifier to an existing or newly created Meander user
  • Enforce organisation-level Vipps licensing activation before initiating any flow

Interfaces

buildAuthorizationUrl(orgId: string, redirectUri: string): string
exchangeCodeForTokens(code: string, state: string): VippsTokenSet
validateIdToken(idToken: string): VippsIdentity
resolveOrCreateUser(identity: VippsIdentity): MeanderUser
isVippsEnabledForOrg(orgId: string): boolean