🏠 Overview 🧩 Components 🧩 BankID OAuth Service

BankID OAuth Service

Component Detail

Service Layer high complexity mobilebackend
1
Dependencies
1
Dependents
5
Entities
0
Integrations

Description

Orchestrates the complete OAuth 2.0 / OIDC authentication flow with the BankID identity provider. Manages authorization code exchange, identity token validation, personnummer extraction, and account creation or linking. This service acts as the bridge between the mobile UI and the backend BankID Provider Adapter, ensuring secure token handling and proper session establishment.

Feature: BankID Authentication

bankid-oauth-service

Responsibilities

  • Construct OAuth 2.0 authorization URL with correct scopes, state, and PKCE parameters
  • Exchange authorization code for identity token via backend API
  • Extract and validate personnummer from BankID identity claims
  • Create new user account or link BankID identity to existing Meander account
  • Store authentication tokens securely and establish user session

Interfaces

buildAuthorizationUrl(): Uri
exchangeCodeForToken(authCode: String): Future<AuthResult>
extractPersonnummer(identityToken: Map): String
linkIdentityToAccount(personnummer: String, userId: String): Future<void>
createAccountFromBankId(identityClaims: Map): Future<User>
validateIdentityToken(token: String): Future<bool>
generatePkceChallenge(): PkceChallenge
handleAuthError(error: dynamic): AuthError
refreshBankIdSession(): Future<AuthResult>
revokeBankIdTokens(): Future<void>

Relationships

Dependencies (1)

Components this component depends on

infrastructure BankID Provider Adapter

Dependents (1)

Components that depend on this component

ui BankID Login Screen

Related Data Entities (5)

Data entities managed by this component

Session 16 fields core User 21 fields core Refresh Tokens 20 fields core Sessions 16 fields core Users 26 fields core