BankIdAuthService
Component Detail
Service Layer
medium complexity
backend
0
Dependencies
0
Dependents
2
Entities
0
Integrations
Description
Orchestrates the full BankID OIDC authentication flow from redirect initiation through identity assertion validation. Issues platform tokens via the Authentication Module upon successful verification. Optionally extracts and forwards personnummer from BankID responses for member record enrichment.
bank-id-auth-service
Sources & reasoning
Line 42 names BankID as preferred by all four organizations but explicitly defers it to Fase 2 (second phase = v1.0). Line 347 lists it in the Fase 2 delivery scope. Line 42 also notes the personnummer return benefit, motivating inclusion as should_have rather than could_have.
-
docs/source/likeperson.md · line 42Alle fire organisasjoner peker på BankID eller Vipps som foretrukket autentisering ved førstegangs innlogging
-
docs/source/likeperson.md · line 347BankID / Vipps innlogging
Responsibilities
- Build and initiate the OIDC authorization redirect to BankID
- Validate identity assertions and ID tokens returned from BankID
- Issue platform access and refresh tokens via the Authentication Module
- Extract personnummer from BankID responses when present
- Forward personnummer to member enrichment pipeline for organizations lacking this identifier
Interfaces
initiateOidcRedirect(returnUrl: string): RedirectUrl
validateIdToken(idToken: string): IdentityAssertion
issuePlatformToken(identity: IdentityAssertion): PlatformToken
extractPersonnummer(assertion: IdentityAssertion): string | null
Related Data Entities (2)
Data entities managed by this component