🏠 Overview 🎯 Features 🎯 BankID Authentication

BankID Authentication

Feature Detail

high complexity extracted Authentication & Access Control Confidence: 100%
3
Components
4
Shared
0
User Stories
Yes
Analyzed

Description

BankID authentication allows users to sign in to Meander using their Norwegian digital identity credential, removing the need for platform-specific passwords. The feature integrates with the BankID OIDC service, handles the redirect-based OAuth flow on mobile and web, and links the returned identity to the user's Meander account. A secondary benefit is that the BankID flow can surface national identity numbers back to member management systems that currently lack them for many registered volunteers. Planned for Phase 2 after MVP validation with email/password.

Sources & reasoning

Priority matrix line 144 assigns BankID/Vipps to phase 2 with MUST HAVE priority. Phase 2 maps to v1.0 by ordinal position. Line 42 explicitly defers it from MVP. All four organisations confirmed preference in workshops (line 40-42), making v1.0 the correct and evidence-backed target release.

  • docs/source/likeperson.md · line 40-42
    Alle fire organisasjoner peker på BankID eller Vipps som foretrukket autentisering ved førstegangs innlogging
  • docs/source/likeperson.md · line 144
    BankID / Vipps innlogging | ✓ | ✓ | ✓ | ✓ | ✓ | MUST HAVE | 2

Analysis

Business Value

All four partner organisations named BankID as their preferred long-term authentication method. Norwegian users are already familiar with BankID from banking and government services, eliminating onboarding friction and reducing password-reset support volume. The identity assurance inherent in BankID raises trust levels for accounts handling encrypted assignments and financial reimbursement claims. Strategically, the national identity number returned by the BankID flow closes a data gap that affects Bufdir reporting accuracy across all organisations. Cost sharing between organisations must be agreed before rollout; the per-month licensing model was flagged alongside Vipps in workshop notes.

Implementation Notes

Implemented inside the Authentication Module as a second credential provider registered against the same stable sign-in contract, so mobile and admin portal consumers require no changes. The mobile app launches an ASWebAuthenticationSession (iOS) or Custom Tab (Android) for the BankID redirect flow and receives the authorization code callback. The backend exchanges the code for tokens via BankID's OIDC token endpoint. National identity number handling requires explicit GDPR and data-processing agreement review before storage. Per-organisation activation should be gated via the module toggle system so organisations that have not confirmed cost sharing cannot accidentally incur billing.

Components (7)

User Interface (1)

ui BankIdLoginScreen medium

Service Layer (2)

service BankIdCallbackHandler medium service BankIdService medium

Shared Components

These components are reused across multiple features

User Stories

No user stories have been generated for this feature yet.