BankID OAuth Flow
Component Detail
Description
Implements the BankID OIDC authorization code flow with PKCE for the Flutter mobile app. Generates the code verifier and challenge, launches the BankID app via deep link, receives the authorization callback URI, exchanges the authorization code for tokens via the backend, and extracts the national identifier (fødselsnummer) from the identity token for encrypted storage.
bankid-oauth-flow
Sources & reasoning
Core service implementing the full BankID OIDC/OAuth 2.0 authorization code flow with PKCE as required by the feature implementation notes. The Flutter app initiates the PKCE challenge, deep-links to the BankID native app, and handles the callback - all logic that belongs in a single dedicated service. National identifier extraction enables the retroactive membership record enrichment cited as a key business value.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Generate PKCE code verifier and challenge for each authorization request
- Construct the BankID authorization URL and launch the BankID app via deep link
- Handle the OAuth callback URI and extract the authorization code
- Exchange authorization code for access and identity tokens via the backend auth endpoint
- Extract the national identifier from identity token claims and pass it for encrypted storage
Interfaces
initiateLogin() → Future<AuthResult>
handleCallbackUri(Uri callbackUri) → Future<String>
exchangeCode(String code, String codeVerifier) → Future<TokenSet>
extractNationalIdentifier(String idToken) → String
linkNationalIdentifierToAccount(String userId, String encryptedNin) → Future<void>
Relationships
Related Data Entities (2)
Data entities managed by this component