README
¶
🇸🇪 BankID
Relying Party (RP) service
To install the CLI app with which to interact with the package
go install github.com/nicolaa5/bankid/cmd/bankid
Who is this repository for?
You can use this repo if you're using BankID in your organization for one of the following purposes:
- Authenticating users to use your services
- Signing documents, transactions or payments related to your organization
Test Setup
[!IMPORTANT]
The personnummer you use for the Test BankID has to be valid. See the following list for Personnummers that are valid
- Set up Mobile BankID on your phone (Android/iOS) or the BankID Security Application on your computer with a test configuration
- Create a Test BankID at https://demo.bankid.com that are accepted by BankID
- Run the CLI program with
bankid auth --testin order to test authentication with your Test BankID
Examples
// Provide certificate and URL
b, err := bankid.New(bankid.Config{
URL: bankid.BankIDURL,
Certificate: bankid.Certificate{
Passphrase: passphrase,
SSLCertificate: sslCert,
},
})
// Send authenticate request to BankID
authResponse, err := b.Auth(ctx, bankid.AuthRequest{
EndUserIP: ip,
Requirement: &bankid.Requirement{
PersonalNumber: personNummer,
},
})
// Poll for the status of the order
collectResponse, err := b.Collect(ctx, bankid.CollectRequest{
OrderRef: authResponse.OrderRef,
})
fmt.Println(collectResponse)
// Success case
// {
// "orderRef": "5cc86d87-ded0-43c3-8ce8-7693710a0092",
// "status": "complete",
// "completionData": {
// "user": {
// "personalNumber": "199510221287",
// "name": "John Doe",
// "givenName": "John",
// "surname": "Doe"
// },
// ...
// }
// }
Documentation
¶
Index ¶
- Constants
- Variables
- func CertificateFromPath(path string) ([]byte, error)
- func GenerateQrPayload(qrStartSecret string, qrStartToken string, timeInSeconds int) (string, error)
- type AuthRequest
- type AuthResponse
- type BankID
- type BankIDError
- type CancelRequest
- type CancelResponse
- type Certificate
- type CollectRequest
- type CollectResponse
- type CompletionData
- type Config
- type Device
- type ErrorCode
- type ErrorResponseBody
- type HintCode
- type InputInvalidError
- type PhoneAuthRequest
- type PhoneAuthResponse
- type PhoneSignRequest
- type PhoneSignResponse
- type ProcessOption
- type RequestBody
- type RequestConfig
- type RequestParameters
- type RequiredInputMissingError
- type Requirement
- type ResponseBody
- type SignRequest
- type SignResponse
- type Status
- type User
- type ValidateOption
Constants ¶
View Source
const ( BankIDURL = "https://appapi2.bankid.com/rp/v6.0" BankIDTestUrl = "https://appapi2.test.bankid.com/rp/v6.0" BankIDTestPassphrase = "qwerty123" )
View Source
const ( RAF1 = "The user cancelled." RFA4 = "An identification or signing for this personal number is already started. Please try again." RFA5 = "Internal error. Please try again." RFA22 = "Unknown error. Please try again." )
Variables ¶
View Source
var ( //go:embed certs/ca_prod.crt CAProdCertificate []byte //go:embed certs/ca_test.crt CATestCertificate []byte //go:embed certs/FPTestcert4_20230629.p12 SSLTestCertificate []byte )
View Source
var ( // RP must inform the user that an auth or sign order is already in progress for the user. // Message RFA4 should be used. ErrAlreadyInProgress = BankIDError{ StatusCode: 400, Details: RFA4, ErrorCode: AlreadyInProgress, } // If an unknown errorCode is returned, RP should inform the user. Message RFA22 should be used. // RP should update their implementation to support the new errorCode as soon as possible. ErrUnknownErrorCode = BankIDError{ StatusCode: 501, Details: RFA22, ErrorCode: UnknownErrorCode, } // RP must not automatically try again. This error may occur if the processing at RP or the communication is too slow. // RP must inform the user. Message RFA5 should be used. ErrRequestTimeout = BankIDError{ StatusCode: 408, Details: RFA5, ErrorCode: RequestTimeout, } // RP must not automatically try again. RP must inform the user. // Message RFA5 should be used. ErrInternalError = BankIDError{ StatusCode: 500, Details: RFA5, ErrorCode: InternalError, } // RP may try again without informing the user. If this error is returned repeatedly, RP must inform the user. // Message RFA5 should be used. ErrMaintenance = BankIDError{ StatusCode: 503, Details: RFA5, ErrorCode: Maintenance, } // RP must not try the same request again. This is an internal error within the RP's system and must not be communicated to the user as a BankID error. ErrInvalidParameters = BankIDError{ StatusCode: 400, Details: "Invalid parameter. Invalid use of method. Potential causes include using an orderRef that previously resulted in a completed or failed order, orderRef that is too old, using the wrong certificate, oversized content, or non-JSON bodies. Internal error within the RP's system.", ErrorCode: InvalidParameters, } ErrUnauthorized = BankIDError{ StatusCode: 403, Details: "RP does not have access to the service. Internal error within the RP's system.", ErrorCode: Unauthorized, } // RP must not try the same request again. This is an internal error within the RP's system and must not be communicated to the user as a BankID error. ErrNotFound = BankIDError{ StatusCode: 404, Details: "An erroneous URL path was used. Internal error within the RP's system.", ErrorCode: NotFound, } // RP must not try the same request again. This is an internal error within the RP's system and must not be communicated to the user as a BankID error. ErrMethodNotAllowed = BankIDError{ StatusCode: 405, Details: "Only http method POST is allowed. Internal error within the RP's system.", ErrorCode: MethodNotAllowed, } // RP must not try the same request again. This is an internal error within the RP's system and must not be communicated to the user as a BankID error. ErrUnsupportedMediaType = BankIDError{ StatusCode: 415, Details: "Adding a 'charset' parameter after 'application/json' is not allowed. Internal error within the RP's system.", ErrorCode: UnsupportedMediaType, } )
Functions ¶
func CertificateFromPath ¶ added in v1.1.0
func GenerateQrPayload ¶ added in v1.1.0
func GenerateQrPayload(qrStartSecret string, qrStartToken string, timeInSeconds int) (string, error)
Generates the string that needs to be encoded into a QR code. The following pattern is used as a link in the QR code
`bankid.qrStartToken.time.qrAuthCode`
BankID documentation: https://www.bankid.com/en/utvecklare/guider/teknisk-integrationsguide/qrkoder
Types ¶
type AuthRequest ¶
type AuthRequest struct {
// Required: The user IP address as seen by RP. String. IPv4 and IPv6 is allowed.
// Correct IP address must be the IP address representing the user agent (the end user device) as seen by the RP.
// In case of inbound proxy, special considerations may need to be taken into account to get the correct address.
// In some use cases the IP address is not available, for instance in voice-based services.
// In these cases, the internal representation of those systems’ IP address may be used.
EndUserIP string `json:"endUserIp"`
// Optional: Requirements on how the auth order must be performed.
Requirement *Requirement `json:"requirement,omitempty"`
// Optional: Text displayed to the user during authentication with BankID, with the purpose of providing context for the authentication
// and to enable users to detect identification errors and averting fraud attempts.
// The text can be formatted using CR, LF and CRLF for new lines. The text must be encoded as UTF-8 and then base 64 encoded. 1—1 500 characters after base 64 encoding.
UserVisibleData string `json:"userVisibleData,omitempty"`
// Optional: Data is not displayed to the user. String. The value must be base 64-encoded. 1-1 500 characters after base 64-encoding.
UserNonVisibleData string `json:"userNonVisibleData,omitempty"`
// Optional: If present, and set to “simpleMarkdownV1”, this parameter indicates that userVisibleData holds formatting characters which,
// will potentially make the text displayed to the user nicer to look at.
// For instructions check out https://www.bankid.com/utvecklare/guider/formatera-text
UserVisibleDataFormat string `json:"userVisibleDataFormat,omitempty"`
}
func (AuthRequest) Marshal ¶
func (r AuthRequest) Marshal() ([]byte, error)
type AuthResponse ¶
type AuthResponse struct {
// Used to collect the status of the order.
OrderRef string `json:"orderRef"`
// Used to compile the start url according to launching.
// See https://www.bankid.com/utvecklare/guider/teknisk-integrationsguide/programstart
AutoStartToken string `json:"autoStartToken"`
// Used to compute the animated QR code.
QrStartToken string `json:"qrStartToken"`
// Used to compute the animated QR code.
QrStartSecret string `json:"qrStartSecret"`
}
Response received from the auth endpoint, example of the response body:
{
"orderRef": "4820e3da-fbd7-45c0-aa1c-9d28d308c63b",
"autoStartToken": "f5071e97-ad0c-45ff-bc05-ca4bd8f14f84",
"qrStartToken": "a9002853-0445-4021-be15-9e373b71634a",
"qrStartSecret": "1238c8af-66d1-4c4a-8c00-b77deabeea98"
}
func (AuthResponse) Unmarshal ¶
func (r AuthResponse) Unmarshal(data []byte) error
type BankID ¶
type BankID interface {
// 🗝️ Initiates an authentication order.
// Use the collect method to query the status of the order. If the request is successful the response includes:
// - orderRef
// - autoStartToken
// - qrStartToken
// - qrStartSecret
//
// Documentation: https://www.bankid.com/en/utvecklare/guider/teknisk-integrationsguide/graenssnittsbeskrivning/auth
//
// Request flow:
// - Starting the request: `hintCode: outstandingTransaction`
// - User needs to provide the pin to authenticate themselves: `hintCode: userSign`
// - User has authenticated themselves successfully: `status: complete`
Auth(ctx context.Context, request AuthRequest) (*AuthResponse, error)
// 🖋️ Initiates an signing order.
// Use the collect method to query the status of the order. If the request is successful the response includes:
// - orderRef
// - autoStartToken
// - qrStartToken
// - qrStartSecret
//
// Documentation: https://www.bankid.com/en/utvecklare/guider/teknisk-integrationsguide/graenssnittsbeskrivning/sign
//
// Request flow:
// - Starting the request: `hintCode: outstandingTransaction`
// - User needs to provide the pin to sign the document: `hintCode: userSign`
// - User has signed the document successfully: `status: complete`
Sign(ctx context.Context, request SignRequest) (*SignResponse, error)
// 🗝️ Initiates an authentication order when the user is talking to the RP over the phone.
// Use the collect method to query the status of the order.
//
// Documentation: https://www.bankid.com/en/utvecklare/guider/teknisk-integrationsguide/graenssnittsbeskrivning/phone-auth
//
// Request flow:
// - Starting the request: `hintCode: outstandingTransaction`
// - User needs to confirm that they called, or were called by RP: `hintCode: userCallConfirm`
// - User needs to provide the pin to authenticate themselves: `hintCode: userSign`
// - User has authenticated themselves successfully: `status: complete`
PhoneAuth(ctx context.Context, request PhoneAuthRequest) (*PhoneAuthResponse, error)
// 🖋️ Initiates an signing order when the user is talking to the RP over the phone.
// Use the collect method to query the status of the order.
//
// Documentation: https://www.bankid.com/en/utvecklare/guider/teknisk-integrationsguide/graenssnittsbeskrivning/phone-sign
//
// Request flow:
// - Starting the request: `hintCode: outstandingTransaction`
// - User needs to confirm that they called, or were called by RP: `hintCode: userCallConfirm`
// - User needs to provide the pin to sign the document: `hintCode: userSign`
// - User has signed the document successfully: `status: complete`
PhoneSign(ctx context.Context, request PhoneSignRequest) (*PhoneSignResponse, error)
// 🫳 Collects the result of a sign or auth order using orderRef as reference.
// RP should keep on calling collect every two seconds if status is pending.
// RP must abort if status indicates failed. The user identity is returned when complete.
//
// Documentation: https://www.bankid.com/en/utvecklare/guider/teknisk-integrationsguide/graenssnittsbeskrivning/collect
Collect(ctx context.Context, request CollectRequest) (*CollectResponse, error)
// 🫳 Continuously calls the /collect endpoint (every 2 seconds) in a goroutine for as long as the order is pending
// Collects the result of a sign or auth order using orderRef as reference
// Will result in a succeeded or failed authentication. The user identity is returned when complete.
//
// Documentation: https://www.bankid.com/en/utvecklare/guider/teknisk-integrationsguide/graenssnittsbeskrivning/collect
//
// Example:
// req := bankid.CollectRequest{
// OrderRef: authResponse.OrderRef,
// }
//
// go b.CollectRoutine(ctx, req, response)
//
// for {
// select {
// case collectResponse, ok := <-response:
// // work with CollectResponse
// case <-ctx.Done():
// return
// }
// }
CollectRoutine(ctx context.Context, request CollectRequest, response chan *CollectResponse)
// ✋ Cancels an ongoing sign or auth order.
// This is typically used if the user cancels the order in your service or app.
//
// Documentation: https://www.bankid.com/en/utvecklare/guider/teknisk-integrationsguide/graenssnittsbeskrivning/cancel
Cancel(ctx context.Context, request CancelRequest) (*CancelResponse, error)
}
BankID is an interface for interacting with the BankID API. You can use it to authenticate users and sign using BankID. Documentation: https://www.bankid.com/en/utvecklare
func NewTestDefault ¶ added in v1.1.0
Returns a default Test BankID interface with SSL/CA certificates and password
type BankIDError ¶
type BankIDError struct {
StatusCode int `json:"statusCode,omitempty"`
Details string `json:"details,omitempty"`
ErrorCode ErrorCode `json:"errorCode,omitempty"`
}
BankIDError is an error returned by BankID that should be communicated to the enduser, or handled by the RP.
func (BankIDError) Error ¶
func (r BankIDError) Error() string
type CancelRequest ¶
type CancelRequest struct {
// The orderRef returned from auth or sign.
OrderRef string `json:"orderRef"`
}
Cancels an ongoing sign or auth order. This is typically used if the user cancels the order in your service or app.
func (CancelRequest) Marshal ¶
func (r CancelRequest) Marshal() ([]byte, error)
type CancelResponse ¶
type CancelResponse struct{}
A successful response contains an empty JSON object.
func (CancelResponse) Unmarshal ¶
func (r CancelResponse) Unmarshal(data []byte) error
type Certificate ¶
type Certificate struct {
// Required: The password for your SSLCertificate
Passphrase string `json:"passphrase"`
// Required if SSLCertificatePath is not provided: Your organization's certificate signed by a trusted certificate authority (cert has .p12 extension).
// Provided by the bank (the trusted CA) that you sign an agreement with, see https://www.bankid.com/en/foretag/kontakt-foeretag
SSLCertificate []byte `json:"sslCertificate"`
// Optional: A CA root certificate. This lib has uses the BankID root certificate as the default
CACertificate []byte `json:"caCertificate"`
// Required if SSLCertificate is not provided: The path to your organization's certificate signed by a trusted certificate authority (cert has .p12 extension).
SSLCertificatePath string `json:"sslCertificatePath"`
// Optional: The path to the BankID root certificate
CACertificatePath string `json:"caCertificatePath"`
}
This certificate is used to authenticate the RP service to the BankID API.
func (Certificate) Validate ¶ added in v1.1.0
func (c Certificate) Validate() error
type CollectRequest ¶
type CollectRequest struct {
// The orderRef returned from auth or sign.
OrderRef string `json:"orderRef"`
}
Collects the result of a sign or auth order using orderRef as reference. RP should keep on calling collect every two seconds if status is pending. RP must abort if status indicates failed. The user identity is returned when complete.
func (CollectRequest) Marshal ¶
func (r CollectRequest) Marshal() ([]byte, error)
type CollectResponse ¶
type CollectResponse struct {
OrderRef string `json:"orderRef"`
Status Status `json:"status,omitempty"`
HintCode HintCode `json:"hintCode,omitempty"`
CompletionData CompletionData `json:"completionData,omitempty"`
}
Response received from the collect endpoint, example of the collect response body:
{
"orderRef": "b7e32e4f-0c1f-472b-9111-40dc856464b4",
"status": "pending",
"hintCode": "outstandingTransaction"
}
func (CollectResponse) Unmarshal ¶
func (r CollectResponse) Unmarshal(data []byte) error
type CompletionData ¶
type Config ¶ added in v1.1.0
type Config struct {
// Required: The SSL & CA certificate for the client.
Certificate
// Optional: The URL to BankID API, can be set to the test or production endpoint.
// Default: "https://appapi2.bankid.com/rp/v6.0"
URL string `json:"url"`
// Optional: The timeout for the request to BankID API in seconds.
// Default: 5
Timeout int `json:"timeout"`
}
func (*Config) UseDefault ¶ added in v1.1.0
func (c *Config) UseDefault()
Ensures input data is set based on BankID requirements or leaves the input unchanged if it's valid or optional
type ErrorCode ¶
type ErrorCode string
const ( AlreadyInProgress ErrorCode = "alreadyInProgress" UnknownErrorCode ErrorCode = "unknownErrorCode" RequestTimeout ErrorCode = "requestTimeout" InternalError ErrorCode = "internalError" Maintenance ErrorCode = "maintenance" InvalidParameters ErrorCode = "invalidParameters" NotFound ErrorCode = "notFound" MethodNotAllowed ErrorCode = "methodNotAllowed" UnsupportedMediaType ErrorCode = "unsupportedMediaType" )
type ErrorResponseBody ¶
type HintCode ¶
type HintCode string
const ( // Order is pending. The BankID app has not yet received the order. The hintCode will later change to noClient, started or userSign. OutstandingTransaction HintCode = "outstandingTransaction" // Order is pending. The client has not yet received the order. NoClient HintCode = "noClient" // Order is pending. A BankID client has launched with autostarttoken but a usable ID has not yet been found in the client. // When the client launches there may be a short delay until all IDs are registered. The user may not have any usable IDs, or is yet to insert their smart card. Started HintCode = "started" // Order is pending. A client has launched and received the order but additional steps for providing MRTD information is required to proceed with the order. UserMrtd HintCode = "userMrtd" // Order is waiting for the user to confirm that they have received this order while in a call with the RP. UserCallConfirm HintCode = "userCallConfirm" // Order is pending. The BankID client has received the order. UserSign HintCode = "userSign" // The order has expired. The BankID security app/program did not launch, the user did not finalize the signing or the RP called collect too late. ExpiredTransaction HintCode = "expiredTransaction" // This error is returned if: // 1. The user has entered the wrong PIN code too many times. The BankID cannot be used. // 2. The user’s BankID is blocked. // 3. The user’s BankID is invalid. CertificateErr HintCode = "certificateErr" // The order was cancelled by the user. userCancel may also be returned in some rare cases related to other user interactions. UserCancel HintCode = "userCancel" // The order was cancelled. The system received a new order for the user. Cancelled HintCode = "cancelled" // The user did not provide their ID or the client did not launch within a certain time limit. Potential // causes are: // 1. RP did not use autoStartToken when launching the BankID security app. RP must correct this in their implementation. // 2. Client software was not installed or other problem with the user’s device. StartFailed HintCode = "startFailed" )
type InputInvalidError ¶ added in v1.1.0
type InputInvalidError struct {
Message string
}
InputInvalidError is an error returned when a user provided input is invalid.
func (InputInvalidError) Error ¶ added in v1.1.0
func (r InputInvalidError) Error() string
type PhoneAuthRequest ¶
type PhoneAuthRequest struct {
// Required: The personal number of the user. String. 12 digits.
PersonalNumber string `json:"personalNumber"`
// Required: Indicate if the user or the RP initiated the phone call.
// - user: user called the RP
// - RP: RP called the user
CallInitiator string `json:"callInitiator"`
// Optional: Requirements on how the auth order must be performed.
Requirement *Requirement `json:"requirement,omitempty"`
// Optional: Text displayed to the user during authentication with BankID, with the purpose of providing context for the authentication
// and to enable users to detect identification errors and averting fraud attempts.
// The text can be formatted using CR, LF and CRLF for new lines. The text must be encoded as UTF-8 and then base 64 encoded. 1—1 500 characters after base 64 encoding.
UserVisibleData string `json:"userVisibleData,omitempty"`
// Optional: Data is not displayed to the user. String. The value must be base 64-encoded. 1-1 500 characters after base 64-encoding.
UserNonVisibleData string `json:"userNonVisibleData,omitempty"`
// Optional: If present, and set to “simpleMarkdownV1”, this parameter indicates that userVisibleData holds formatting characters which,
// will potentially make the text displayed to the user nicer to look at.
// For instructions check out https://www.bankid.com/utvecklare/guider/formatera-text
UserVisibleDataFormat string `json:"userVisibleDataFormat,omitempty"`
}
Initiates an authentication order when the user is talking to the RP over the phone. Use the collect method to query the status of the order.
func (PhoneAuthRequest) Marshal ¶
func (r PhoneAuthRequest) Marshal() ([]byte, error)
type PhoneAuthResponse ¶
type PhoneAuthResponse struct {
// Used to collect the status of the order.
OrderRef string `json:"orderRef"`
}
func (PhoneAuthResponse) Unmarshal ¶
func (r PhoneAuthResponse) Unmarshal(data []byte) error
type PhoneSignRequest ¶
type PhoneSignRequest struct {
// Required: The personal number of the user. String. 12 digits.
PersonalNumber string `json:"personalNumber"`
// Required: Indicate if the user or the RP initiated the phone call.
// - user: user called the RP
// - RP: RP called the user
CallInitiator string `json:"callInitiator"`
// Optional: Requirements on how the auth order must be performed. See section Requirements below for more details.
Requirement *Requirement `json:"requirement,omitempty"`
// Required: Text to be displayed to the user. String. The text can be formatted using CR, LF and CRLF for new lines.
// The text must be encoded as UTF-8 and then base 64 encoded. 1 – 40,000 characters after base 64 encoding.
UserVisibleData string `json:"userVisibleData,omitempty"`
// Optional: Data is not displayed to the user. String. The value must be base 64-encoded. 1-1 500 characters after base 64-encoding.
UserNonVisibleData string `json:"userNonVisibleData,omitempty"`
// Optional: If present, and set to “simpleMarkdownV1”, this parameter indicates that userVisibleData holds formatting characters which,
// will potentially make the text displayed to the user nicer to look at.
// For instructions check out https://www.bankid.com/utvecklare/guider/formatera-text
UserVisibleDataFormat string `json:"userVisibleDataFormat,omitempty"`
}
func (PhoneSignRequest) Marshal ¶
func (r PhoneSignRequest) Marshal() ([]byte, error)
type PhoneSignResponse ¶
type PhoneSignResponse struct {
// Used to collect the status of the order.
OrderRef string `json:"orderRef"`
}
func (PhoneSignResponse) Unmarshal ¶
func (r PhoneSignResponse) Unmarshal(data []byte) error
type ProcessOption ¶ added in v1.1.0
type ProcessOption func(RequestBody) (RequestBody, error)
type RequestBody ¶
type RequestBody interface {
// Marshal returns the JSON encoded body of the request.
Marshal() ([]byte, error)
}
RequestBody is an interface for all BankID requests.
type RequestConfig ¶
RequestConfig contains the required config for each request to BankID
- HTTP1.1 is required.
- All methods are accessed using HTTP POST.
- HTTP header 'Content-Type' must be set to 'application/json'.
type RequestParameters ¶
type RequestParameters struct {
Path string
Config *RequestConfig
Body RequestBody
}
type RequiredInputMissingError ¶ added in v1.1.0
type RequiredInputMissingError struct {
Message string
}
RequiredInputMissingError is an error returned when a required input is missing.
func (RequiredInputMissingError) Error ¶ added in v1.1.0
func (r RequiredInputMissingError) Error() string
type Requirement ¶
type Requirement struct {
// Users are required to sign the transaction with their PIN code, even if they have biometrics activated.
// - Default: False, the user is not required to use pin code.
Pincode bool `json:"pincode,omitempty"`
// If present, and set to "true", the client needs to provide MRTD (Machine readable travel document) information to complete the order.
// Only Swedish passports and national ID cards are supported.
// - Default: The client does not need to provide MRTD information to complete the order.
MRTD bool `json:"mrtd,omitempty"`
// - "class1" (default) – The transaction must be performed using a card reader where the PIN code is entered on a computer keyboard, or a card reader of higher class.
// - "class2" – The transaction must be performed using a card reader where the PIN code is entered on the reader, or a reader of higher class.
// - "<"no value">" – defaults to "class1". This condition should be combined with a certificatePolicies for a smart card to avoid undefined behaviour.
// - Default: No card reader required.
CardReader string `json:"cardReader,omitempty"`
// The oid in certificate policies in the user certificate. List of String.
// One wildcard ”” is allowed from position 5 and forward ie. 1.2.752.78.
// The values for production BankIDs are:
// - "1.2.752.78.1.1" - BankID on file
// - "1.2.752.78.1.2" - BankID on smart card
// - "1.2.752.78.1.5" - Mobile BankID
// The values for test BankIDs are:
// - "1.2.3.4.5" - BankID on file
// - "1.2.3.4.10" - BankID on smart card
// - "1.2.3.4.25" - Mobile BankID
// - “1.2.752.60.1.6” - Test BankID for some BankID Banks
// Default: If no set certificate policies, the following are default in the:
// Production system
// - 1.2.752.78.1.1
// - 1.2.752.78.1.2
// - 1.2.752.78.1.5
// - 1.2.752.71.1.3
// Test system:
// - 1.2.3.4.5
// - 1.2.3.4.10
// - 1.2.3.4.25
// - 1.2.752.60.1.6
// - 1.2.752.71.1.3
// If any certificate policy is set all default policies are dismissed.
CertificatePolicies []string `json:"certificatePolicies,omitempty"`
// A personal identification number to be used to complete the transaction.
// If a BankID with another personal number attempts to sign the transaction, it fails.
PersonalNumber string `json:"personalNumber,omitempty"`
}
RP may use the requirement parameter to describe how a signature must be created and verified. A typical use case is to require Mobile BankID or a certain card reader. The following table describes requirements, their possible values and defaults.
type ResponseBody ¶
type ResponseBody interface {
// Unmarshal parses the JSON-encoded data and stores the result in the value pointed to by v.
Unmarshal(data []byte) error
}
ResponseBody is an interface for all successfull BankID responses.
type SignRequest ¶
type SignRequest struct {
// Required: The user IP address as seen by RP. String. IPv4 and IPv6 is allowed.
// Correct IP address must be the IP address representing the user agent (the end user device) as seen by the RP. In case of inbound proxy, special considerations may need to be taken into account to get the correct address.
// In some use cases the IP address is not available, for instance in voice-based services. In these cases, the internal representation of those systems’ IP address may be used.
EndUserIP string `json:"endUserIp"`
// Required: Text to be displayed to the user. String. The text can be formatted using CR, LF and CRLF for new lines.
// The text must be encoded as UTF-8 and then base 64 encoded. 1 – 40,000 characters after base 64 encoding.
UserVisibleData string `json:"userVisibleData"`
// Optional: Requirements on how the auth order must be performed. See section Requirements below for more details.
Requirement *Requirement `json:"requirement,omitempty"`
// Optional: Data is not displayed to the user. String. The value must be base 64-encoded. 1-1 500 characters after base 64-encoding.
UserNonVisibleData string `json:"userNonVisibleData,omitempty"`
// Optional: If present, and set to “simpleMarkdownV1”, this parameter indicates that userVisibleData holds formatting characters which,
// will potentially make the text displayed to the user nicer to look at.
// For instructions check out https://www.bankid.com/utvecklare/guider/formatera-text
UserVisibleDataFormat string `json:"userVisibleDataFormat,omitempty"`
}
func (SignRequest) Marshal ¶
func (r SignRequest) Marshal() ([]byte, error)
type SignResponse ¶
type SignResponse struct {
// Used to collect the status of the order.
OrderRef string `json:"orderRef"`
// Used to compile the start url according to launching.
// See https://www.bankid.com/utvecklare/guider/teknisk-integrationsguide/programstart
AutoStartToken string `json:"autoStartToken"`
// Used to compute the animated QR code.
QrStartToken string `json:"qrStartToken"`
// Used to compute the animated QR code.
QrStartSecret string `json:"qrStartSecret"`
}
func (SignResponse) Unmarshal ¶
func (r SignResponse) Unmarshal(data []byte) error
type ValidateOption ¶ added in v1.1.0
type ValidateOption func() error
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.