On mobile device

Use for mobile devices. Either scan QR code or on the same device using app switch. No user input is expected.

Configuration

Based on the BankID documentation found here:

https://www.bankid.com/utvecklare/guider/teknisk-integrationsguide

Authenticator type: BidOnMobileDevice

Common Authenticator configuration can be found here.

Name Description Default value Mandatory

Name	Description	Default value
`internal_http_destination`	ID of the internal http client used to talk with BankID backend.	`"default"`
`mode`	Three modes are possible: `"production"`, `"test"` & `"custom"`. Depending on the `mode`, the URL used to talk to BankID differs.	`"production"`
`custom_url`	Defines a custom BankID backend URL. Only works if `mode` is set to `"custom"`.	N/A
`custom_identifier`	When logging events, the custom_identifier lets you tag the event.	N/A
`requirement`	Specifications on client requirements based on BankID relying-party documentation.	N/A
`poll_frequency`	How often should client poll for status updates (in seconds).	`2`
`allowed_polling_for_minutes`	How many minutes is client allowed to keep polling.	`2`

internal_http_destination

ID of the internal http client used to talk with BankID backend.

"default"

mode

Three modes are possible: "production", "test" & "custom". Depending on the mode, the URL used to talk to BankID differs.

"production"

custom_url

Defines a custom BankID backend URL. Only works if mode is set to "custom".

N/A

custom_identifier

When logging events, the custom_identifier lets you tag the event.

N/A

requirement

Specifications on client requirements based on BankID relying-party documentation.

N/A

poll_frequency

How often should client poll for status updates (in seconds).

2

allowed_polling_for_minutes

How many minutes is client allowed to keep polling.

2

{
	"id": "bidomd",
	"type": "BidOnMobileDevice",
	"config": {
		"base_path": "/test/authn",
		"internal_http_destination": "bid",
		"webroot_dir": "web/authenticator/bankid/omd",
		"overlay_dir": "authenticator/bankid/bidomd/overlay"
	}
}

Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.

Logging

Apart from system logging, event logging is done when starting, completing, and failing a BankID transaction.

Event ids are:

WEB_100001, BankID authentication started
- IDENTIFIER (user trace id)
- SOURCE_ADDRESS (ip address of device starting transaction)
- CUSTOMER_IDENTIFIER (if configured)
WEB_100002, BankID authentication completed
- IDENTIFIER (user trace id)
- SOURCE_ADDRESS (ip address of the BankID device used)
- SOURCE_USER_NAME (personal number)
- CUSTOMER_IDENTIFIER (if configured)
WEB_100003, BankID authentication failed
- IDENTIFIER (user trace id)
- SOURCE_ADDRESS (ip address of the BankID device used)
- MESSAGE (information)
WEB_100004, BankID authentication canceled or expired
- IDENTIFIER (user trace id)
- SOURCE_ADDRESS (ip address of the BankID device used)

Data exposed to global state

After a user completes a transaction, the authenticator is marked as done. Data from the BankID authentication response is then put into the global state:

givenName
surname
name
personalNumber
ipAddress
ocsp
signature

Note that it is not guaranteed that all parameters hold value.

API

When communicating with the backend this describes the

General requirements

Backend communications are made using AJAX and the HTTP PUT method. Every request need a Content-Type with the value of application/json.

Getting state

Body must conform to the example below.

{
    "type": "state"
}

Starting an authentication

To start authentication send AJAX request.

{
    "type": "start",
    "data": {
    }
}

Cancel a request

A request can be canceled at any time. This is done by sending a cancel request.

{
    "type": "cancel"
}

Response from server

In general, you should expect a server response with http status code 200. Anything else is to be considered an error.

Response body will be in the form of a JSON object. Typically the response looks like:

{
    "bidstatus": "PENDING",
    "qrData": "<data for generating qr>",
    "pollFrequency": 2,
    "autostartToken": "<token>"
}

The property "bidstatus" will contain status. Depending on state additional data may be included in the answer as shown above.

Possible status messages

One of the following status codes is returned based on the current state.

ABOUT_TO_START
PENDING
COMPLETE
BID_ERROR
ERROR
OUTSTANDINGTRANSACTION,
NOCLIENT
STARTED
USERSIGN
EXPIREDTRANSACTION
STARTFAILED
CANCELLED
USERCANCEL
CERTIFICATEERR

Translation keys

Default translations provided:

English, assets/locales/en.json

{
  "bankid.omd.header": "Choose authentication method",
  "bankid.omd.change_language": "Change language",
  "bankid.omd.open_bankid_app": "Open BankID app",
  "bankid.omd.open_bankid_app_on_this_device": "Log in using BankID on this device",
  "bankid.omd.show_qr_code": "Show QR code for login",
  "bankid.omd.bankid_app_opened": "BankID app opened",
  "bankid.omd.verify_authentication": "Verifify identification",
  "bankid.omd.authentication_verified": "Identification verified",
  "bankid.omd.redirecting": "Redirecting...",
  "bankid.omd.start_bankid_app": "Start your BankID app.",
  "bankid.omd.cancel": "Cancel",
  "bankid.omd.BID_ERROR": "Unknown error. Please try again.",
  "bankid.omd.ERROR": "Unknown error. Please try again.",
  "bankid.omd.NOCLIENT": "Starting the BankID application failed",
  "bankid.omd.EXPIREDTRANSACTION": "The BankID app is not responding. Please check that the program is started and that you have internet access. If you don’t have a valid BankID you can get one from your bank. Try again.",
  "bankid.omd.STARTFAILED": "Failed to scan the QR code. The QR code is no longer valid due to a timeout.\n Check that the BankID app is up to date. If you don't have the BankID app, you need to install it and order a BankID from your internet bank. Install the app from your app store or https://install.bankid.com.",
  "bankid.omd.CANCELLED": "Action cancelled. Please try again.",
  "bankid.omd.USERCANCEL": "Action cancelled. Please try again.",
  "bankid.omd.CERTIFICATEERR": "The BankID you are trying to use is revoked or too old. Please use another BankID or order a new one from your internet bank.",
  "allow-cookies-body": "To save your language settings on this device you need to approve a language cookie.",
  "allow-cookies-button": "Approve language cookie",
  "change_language": ""
}

Swedish, assets/locales/sv.json

{
  "bankid.omd.header": "Välj inloggningsmetod",
  "bankid.omd.open_bankid_app": "Öppna BankID-appen",
  "bankid.omd.bankid_app_opened": "BankID-appen öppnad",
  "bankid.omd.open_bankid_app_on_this_device": "Logga in med BankID på den här enheten",
  "bankid.omd.show_qr_code": "Visa QR-kod för inloggning",
  "bankid.omd.verify_authentication": "Verifiera legitimering",
  "bankid.omd.authentication_verified": "Legitimeringen verifierad",
  "bankid.omd.redirecting": "Omdirigerar...",
  "bankid.omd.start_bankid_app": "Starta BankID-appen",
  "bankid.omd.cancel": "Avbryt",
  "bankid.omd.BID_ERROR": "Okänt fel. Försök igen.",
  "bankid.omd.ERROR": "Okänt fel. Försök igen.",
  "bankid.omd.NOCLIENT": "Start av BankID applikationen misslyckades",
  "bankid.omd.EXPIREDTRANSACTION": "BankID-appen svarar inte. Kontrollera att den är startad och att  du har internetanslutning. Om du inte har något giltigt BankID kan du hämta ett hos din Bank. Försök sedan igen",
  "bankid.omd.STARTFAILED": "Misslyckades att läsa av QR koden. QR-koden är inte giltig längre pga timeout.\n Kontrollera att BankID-appen är uppdaterad. Om du inte har BankID-appen måste du installera den och hämta ett BankID hos din internetbank. Installera appen från din appbutik eller https://install.bankid.com. Påbörja sedan en ny inloggning.",
  "bankid.omd.CANCELLED": "Åtgärden avbruten. Försök igen",
  "bankid.omd.USERCANCEL": "Åtgärden avbruten. Försök igen",
  "bankid.omd.CERTIFICATEERR": "Det BankID du försöker använda är för gammalt eller spärrat. Använd ett annat BankID eller hämta ett nytt hos din internetbank.",
  "allow-cookies-body": "Vill du spara dina språkinställningar på denna enhet behövs ett godkännande av  språk-cookie.",
  "allow-cookies-button": "Godkänn språk-cookie",
  "change_language": ""
}

Exposed metric

Gauges

ffidAuthnHttp_pending.name.<authenticator_id>_collect - indicates how many collect requests hans been sent out and is awaiting response

ffidAuthnHttp_pending.name.<authenticator_id>_start - indicates how many start requests hans been sent out and is awaiting response

Meters

ffidAuthnHttp_failure.name.<authenticator_id>_collect - indicates number of failed status collects.

ffidAuthnHttp_failure.name.<authenticator_id>_start - indicates number of failed bank id start.

ffidAuthnHttp_success.name.<authenticator_id>_start - indicates number of successful bank id starts

ffidAuthnHttp_success.name.<authenticator_id>_collect - indicates number of successful bank id

collects

Timers

ffidAuthnHttp_request.name.<authenticator_id>_collect - Tracks the time of a collect round trip.

ffidAuthnHttp_request.name.<authenticator_id>_start - Tracks the time of a collect round trip.

PreviousOn another device NextFreja e-ID