BankID Provider Adapter
Component Detail
Infrastructure
high complexity
backend
0
Dependencies
1
Dependents
0
Entities
0
Integrations
Description
Abstracts communication with the certified Norwegian BankID broker (e.g., Criipto or BankID Norge) behind a standardized interface. Handles OAuth endpoint configuration, token exchange HTTP calls, JWKS-based token signature verification, and broker-specific quirks. Designed to allow swapping between BankID brokers without changing upstream service logic, supporting both sandbox and production environments.
bankid-provider-adapter
Responsibilities
- Configure and manage BankID broker endpoints (authorize, token, JWKS, userinfo)
- Execute HTTP token exchange with proper client credentials and PKCE verifier
- Verify identity token signatures using JWKS endpoint and RSA/EC key validation
- Parse BankID-specific identity claims including personnummer (national ID)
- Support sandbox environment for development and testing without real BankID credentials
Interfaces
getAuthorizationEndpoint(): String
getTokenEndpoint(): String
exchangeAuthorizationCode(code: String, codeVerifier: String): Future<TokenResponse>
verifyTokenSignature(token: String): Future<bool>
parseIdentityClaims(token: String): Map<String, dynamic>
getJwksKeys(): Future<List<JsonWebKey>>
getUserInfo(accessToken: String): Future<Map>
isSandboxMode(): bool
getProviderConfig(): BankIdConfig
healthCheck(): Future<bool>