Vipps OAuth Flow
Component Detail
Description
Implements the OIDC-compatible OAuth 2.0 authorization code flow for Vipps Login, handling redirect initiation, deep-link callback processing, and identity token validation. Extracts the national registration number (personnummer) from the Vipps identity token and stores it encrypted on the user record. Reuses the same provider abstraction layer as BankID OAuth Flow, distinguished by a provider_type discriminator in Auth Provider Config.
vipps-oauth-flow
Sources & reasoning
The Vipps OAuth flow is the core service component for this feature. It handles the full OIDC authorization code flow and is the only place where the personnummer extraction - the primary data quality benefit of Vipps over email/password login - can occur. The backend handles token exchange and encryption; the mobile side manages the deep-link redirect identically to BankID.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Initiate Vipps OAuth 2.0 authorization redirect and manage state/nonce
- Process deep-link callback from Vipps app and exchange code for tokens
- Validate Vipps OIDC identity token and extract claims including personnummer
- Store encrypted personnummer on user record for membership record enrichment
- Issue platform access token and refresh token via Authentication Module
Interfaces
initiateVippsLogin(): Uri
handleCallback(code: String, state: String): AuthResult
validateIdToken(token: String): VippsIdentityClaims
storePersonnummer(userId: String, encrypted: String): void
exchangeCodeForTokens(code: String): VippsTokenResponse
Relationships
Related Data Entities (2)
Data entities managed by this component