Authenticate Using BankID

The BankID authentication screen launches the native BankID flow, which may be BankID on mobile (app-based) or BankID with one-time code depending on the user's setup. The app initiates a BankID session via the BankID provider client, handles the redirect or deep link callback after successful authentication, and establishes a secure session in the app. If the user's personnummer is returned by BankID, it is stored securely and optionally synced to the organization's member system.

CRITICAL story-bankid-vipps-login-peer-mentor-002 8 pts

Story Points

Critical

Priority

BankID and Vipps Login

Feature

User Story

As a Peer Mentor (Likeperson)

I want to log in using my BankID credentials

So that my identity is verified to the same high standard required by Norwegian financial and government services

Audience Summaries

BankID authentication delivers legally recognized digital identity verification to over 4 million active Norwegian users, making it the gold-standard trust signal for organizations handling sensitive volunteer and social welfare data. By integrating BankID, the platform eliminates onboarding barriers for peer mentors who already use BankID daily for banking and government services. Critically, BankID returns the user's personnummer — resolving a persistent data quality gap across partner organizations without any manual collection effort. This directly reduces administrative overhead, improves member record accuracy, and strengthens compliance posture for data-sensitive programs.

The competitive advantage is substantial: organizations using this platform gain identity assurance that rivals government-grade systems, increasing partner confidence and supporting long-term retention of the volunteer workforce.

This is a critical-priority story with significant external dependency on the BankID provider client SDK and deep link callback infrastructure. Delivery requires coordination between mobile developers, backend authentication engineers, and the secure storage adapter team. The BankID OAuth/OIDC flow involves redirect and deep link handling which must be tested on both iOS and Android, adding device-specific QA scope. Acceptance criteria cover five distinct scenarios including success, cancellation, timeout, and personnummer storage — each requiring dedicated test cases and UAT sign-off from partner organizations.

A risk to flag: BankID provider agreements and API credentials must be provisioned before development begins, and certification or approval processes may introduce timeline delays outside the team's control. Rollout should be staged, with real-device testing prioritized given the native app-switch flow.

Implementation requires integrating the BankID provider client SDK to initiate authentication sessions, handling deep link callbacks (Universal Links on iOS, App Links on Android) to resume app state after the BankID native flow completes. The session establishment flow must validate the BankID callback payload, extract the personnummer from the identity assertion if present, and persist it via the secure storage adapter (e.g., Keychain/Keystore). The user record linkage requires a backend API call to sync the personnummer to the organization's member system. Edge cases include: network interruptions mid-flow, BankID app not installed (fallback to one-time code), session token expiry, and concurrent auth attempts.

Unit tests should mock the BankID client; integration tests require a BankID sandbox environment. Ensure deep link routing does not conflict with other registered URL schemes in the app manifest.

Acceptance Criteria

Given I have selected BankID on the auth method selector, When the BankID screen loads, Then the BankID provider client initiates an authentication session
Given BankID authentication is in progress, When I complete the BankID flow in the BankID app or via one-time code, Then the deep link handler receives the callback and the app resumes the session
Given BankID authentication succeeds, When the callback is processed, Then I am navigated to the role-based home screen without additional steps
Given BankID authentication fails (user cancels or timeout), When the failure is received, Then I see a clear error message and can retry or choose a different method
Given BankID authentication succeeds and returns my personnummer, When the identity is stored, Then it is saved securely using the secure storage adapter and linked to my user record

Business Value

BankID is the most widely adopted digital identity solution in Norway with over 4 million active users. For organizations managing sensitive volunteer data and social welfare programs, BankID provides legally recognized identity assurance. A secondary benefit is that BankID can return the user's personnummer, which the partner organizations currently lack for many members—resolving a longstanding data quality problem without manual effort.

Components

BankID Authentication Screen ui
BankID Authentication Service service
BankID Provider Client infrastructure
Deep Link / OAuth Redirect Handler infrastructure
Authentication Session Manager service
User Identity Repository data
Auth Token Store data
Secure Storage Adapter infrastructure
Personnummer Confirmation Widget ui

Dependencies

Select Authentication Method on First Login critical

BankID and Vipps Login

Related Feature

Peer Mentor (Likeperson)

User Role