BankIdCallbackHandler - Meander Platform - Likeperson App

Infrastructure medium complexity backend

Dependencies

Dependents

Entities

Integrations

Description

Receives and processes the OIDC callback from the BankID identity provider after the user completes authentication. Validates the authorization code and state parameter, then delegates token exchange and identity validation to BankIdAuthService. Acts as the secure boundary between the external BankID infrastructure and the internal platform.

Feature: BankID Authentication

bank-id-callback-handler

Sources & reasoning

Line 42 names BankID as preferred by all four organizations but explicitly defers it to Fase 2 (second phase = v1.0). Line 347 lists it in the Fase 2 delivery scope. Line 42 also notes the personnummer return benefit, motivating inclusion as should_have rather than could_have.

docs/source/likeperson.md · line 42

Alle fire organisasjoner peker på BankID eller Vipps som foretrukket autentisering ved førstegangs innlogging
docs/source/likeperson.md · line 347

BankID / Vipps innlogging

Responsibilities

Receive OIDC callback HTTP requests from BankID
Validate state parameter to prevent CSRF attacks
Exchange authorization code for tokens via BankID token endpoint
Delegate identity assertion validation to BankIdAuthService
Return platform session token to client on success or structured error on failure

Interfaces

handleCallback(code: string, state: string): CallbackResult

exchangeCodeForTokens(code: string): OidcTokenSet

validateState(state: string, sessionState: string): boolean