🏠 Overview 🧩 Components 🧩 VippsCallbackHandler

VippsCallbackHandler

Component Detail

Service Layer medium complexity backend
0
Dependencies
0
Dependents
0
Entities
0
Integrations

Description

Handles the OAuth2 redirect callback from the Vipps Login portal after the user has authenticated. Verifies the state parameter to prevent CSRF attacks, delegates token exchange to VippsAuthService, and issues a Meander session token to the client. Optionally surfaces the national identity number to authorised member systems.

Feature: Vipps Authentication

vipps-callback-handler

Sources & reasoning

Priority matrix assigns BankID/Vipps to phase 2 (v1.0). Line 42 defers it from MVP. Line 379 shows explicit cost-sharing discussion confirming it is a planned real feature. Phase 2 by ordinal = v1.0. Treated symmetrically with BankID per all source references.

  • docs/source/likeperson.md · line 379
    Vipps login-kostnad (350-750 kr/mnd) fordeles mellom organisasjonene - avtal modell.
  • docs/source/likeperson.md · line 144
    BankID / Vipps innlogging | ✓ | ✓ | ✓ | ✓ | ✓ | MUST HAVE | 2
  • docs/source/likeperson.md · line 42
    MVP leveres med e-post/passord-innlogging; BankID og Vipps ruller ut i Fase 2

Responsibilities

  • Receive and parse the OAuth2 callback request including code and state parameters
  • Validate the state parameter against the value stored at authorization initiation
  • Coordinate token exchange and identity resolution via VippsAuthService
  • Issue a Meander session token and redirect the user to the appropriate post-login destination
  • Expose the national identity number to member systems that have permission to receive it

Interfaces

handleCallback(code: string, state: string, redirectUri: string): SessionToken
validateState(receivedState: string, storedState: string): boolean
surfaceNationalId(identity: VippsIdentity, orgId: string): string | null
issueSession(user: MeanderUser): SessionToken