๐Ÿ  Overview โ€บ ๐ŸŽฏ Features โ€บ๐ŸŽฏ Vipps Authentication

Vipps Authentication

Feature Detail

high complexity extracted Authentication & Access Control Confidence: 100%
3
Components
4
Shared
0
User Stories
Yes
Analyzed

Description

Vipps authentication enables users to sign in to Meander using their Vipps account, the widely-used Norwegian mobile payment and identity service. The feature integrates with the Vipps Login API using an OAuth2/OIDC flow, returns a verified identity linked to the user's Meander account, and can surface national identity numbers to member systems. Vipps carries a monthly per-organisation licensing fee of 350-750 NOK whose cost-sharing model must be agreed between organisations before activation. Planned for Phase 2 alongside BankID authentication.

Sources & reasoning

Priority matrix assigns BankID/Vipps to phase 2 (v1.0). Line 42 defers it from MVP. Line 379 shows explicit cost-sharing discussion confirming it is a planned real feature. Phase 2 by ordinal = v1.0. Treated symmetrically with BankID per all source references.

  • docs/source/likeperson.md ยท line 379
    Vipps login-kostnad (350-750 kr/mnd) fordeles mellom organisasjonene - avtal modell.
  • docs/source/likeperson.md ยท line 144
    BankID / Vipps innlogging | โœ“ | โœ“ | โœ“ | โœ“ | โœ“ | MUST HAVE | 2
  • docs/source/likeperson.md ยท line 42
    MVP leveres med e-post/passord-innlogging; BankID og Vipps ruller ut i Fase 2

Analysis

Business Value

Vipps is installed on the majority of Norwegian smartphones and offers a lower barrier to entry than BankID for users who are less familiar with digital identity services but use Vipps daily for payments. Offering both BankID and Vipps maximises authentication coverage across the full user demographic, including elderly volunteers and users with lower digital literacy - a stated concern for NHF and HLF. The national identity number returned by Vipps resolves the same member data gap as BankID. The explicit cost discussion in workshop notes (line 379) confirms this is a real operational feature with financial implications that must be resolved before rollout, not a speculative item.

Implementation Notes

Implemented inside the Authentication Module as a third credential provider alongside BankID, using the same stable sign-in contract so consumers need no changes. The mobile app uses a Vipps deep-link or in-app browser for the OAuth2 redirect and handles the callback token. Vipps Login requires merchant registration and approval of openid, phone, and address scopes. Per-organisation activation must be gated via the module toggle system so the fee is not triggered before cost sharing is agreed. National identity number storage shares the same GDPR review process as the BankID implementation. Scope negotiation with Vipps and merchant approval should be started in parallel with BankID integration.

Components (7)

User Interface (1)

ui VippsLoginScreen medium

Service Layer (2)

service VippsAuthService medium service VippsCallbackHandler medium

Shared Components

These components are reused across multiple features

User Stories

No user stories have been generated for this feature yet.