VippsAuthService
Component Detail
Description
Manages the full OAuth 2.0 / OpenID Connect flow with the Vipps Login provider, from constructing the authorization URL to exchanging the authorization code for tokens. Validates the returned identity token, extracts the national ID number when present, and delegates to the Authentication Module to issue a platform session token. Tracks per-organization cost attribution for the monthly Vipps provider fee.
vipps-auth-service
Sources & reasoning
Line 42 names Vipps as preferred by all four organizations, deferred to Fase 2 (= v1.0) alongside BankID. Line 379 explicitly notes the monthly Vipps cost and cost-sharing requirement, confirming it as a concrete deliverable with a commercial prerequisite that must be resolved before release.
-
docs/source/likeperson.md · line 42Alle fire organisasjoner peker på BankID eller Vipps som foretrukket autentisering ved førstegangs innlogging
-
docs/source/likeperson.md · line 379Vipps login-kostnad (350-750 kr/mnd) fordeles mellom organisasjonene - avtal modell
Responsibilities
- Construct and sign the Vipps OAuth authorization URL with correct scopes and state parameter
- Exchange the authorization code for an access token and ID token via Vipps token endpoint
- Validate the ID token signature, issuer, audience, and expiry
- Extract national ID number from the identity token payload and trigger member record enrichment
- Record Vipps authentication events for cost-sharing allocation across participating organizations
Interfaces
buildAuthorizationUrl(organizationId: string): string
exchangeCodeForTokens(code: string, state: string): VippsTokenSet
validateIdToken(idToken: string): VippsIdentityClaims
issueplatformToken(claims: VippsIdentityClaims, organizationId: string): AuthToken
recordProviderUsage(organizationId: string, eventType: string): void
Related Data Entities (2)
Data entities managed by this component