Launching
Here you find information about launching from a browser as well as from a native app in mobile.
Android
A valid result is not guaranteed to be returned from the BankID app to the RP app's activity. The RP app should rely on the collect call to obtain the result of the auth or sign order. If the BankID app is not present on the device, an android.content.ActivityNotFoundException is thrown. The RP must inform the user. Message RFA2 should be used.
On Android 5 the URI should use the bankid scheme instead of the https scheme.
Intent intent = new Intent();
intent.setAction(Intent.ACTION_VIEW);
intent.setData(Uri.parse("https://app.bankid.com/?autostarttoken=<INSERT AUTOSTARTTOKEN HERE>&redirect=null"));
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
startActivity(intent);
iOS
If the BankID app is not present on the device false is returned. The RP must inform the user. Message RFA2 should be used.
The RP app must register a universal link or a custom URL scheme to make it possible for the BankID app to re-launch RP app.
The Apple App Store review process requires login information to a demo account for the app to be approved. This can be a demo account that does not require a BankID to login, or a way to configure the app to use the BankID test environment.
let url = URL(string: "https://app.bankid.com/?autostarttoken=<INSERT AUTOSTARTTOKEN HERE>&redirect=<INSERT YOUR LINK HERE>")
UIApplication.shared.open(url!, options: [.universalLinksOnly:true]) { (success) in
// handle success/failure
}
Launching from a browser
The redirect parameter must be last in the parameter list. The autostarttoken and rpref parameters are optional.
Parameter names must be lower case.
If the BankID app is started but no matching web service call to auth or sign has been done, an error message will be displayed in the app.
App links and universal links on Android and iOS
The URL works on Chrome (Android) and Safari (iOS). The syntax is:
https://app.bankid.com/?autostarttoken=[TOKEN]&redirect=[RETURNURL]
Desktop
The URL works on PCs with all commonly used browsers. Variations exist on different platforms. The syntax is:
bankid:///?autostarttoken=[TOKEN]&redirect=[RETURNURL]
Parameters in the start URL
Parameter | Description |
---|---|
autostarttoken | Required |
Holds the autoStartToken returned from the web service call. Note that the parameter names must be lower case. |
|
Redirect | Required |
The BankID app uses the parameter redirect to launch the RP web app after completing (including cancelled) auth or sign. The redirect URL must be UTF-8 and URL encoded and should match the web address the user visits when the RP web app launches the BankID app. It may include parameters to be passed to the browser. For iOS, the redirect must have a value. For all other platforms it may be empty (“redirect=”), or set to “null” (“redirect=null”). If it is empty or null the BankID app will terminate without launching any URL and the calling application will be in focus. It is recommended to use redirect=null when possible. Note Note for Windows and macOS Note for Android Note for iOS |
|
rpref | Optional |
Relying Party reference. Not supported on mobile devices. Any reference the RP wants to use. The value will be included in the resulting signature. A typical use case is to protect a file when it is transported from a client to a server (compute hashsum of the file content in the client, include the hashsum as rpref, compare it (server side) with a hashsum of the file content computed in the server). The value must be base64 encoded, URL encoded, and 8 – 255 bytes (after encoding). rpref must be used together with autostarttoken. If autostarttoken is excluded, the content of rpref will be ignored. |
Parameter
Required
Holds the autoStartToken returned from the web service call.
Note that the parameter names must be lower case.
Required
The BankID app uses the parameter redirect to launch the RP web app after completing (including cancelled) auth or sign. The redirect URL must be UTF-8 and URL encoded and should match the web address the user visits when the RP web app launches the BankID app. It may include parameters to be passed to the browser.
For iOS, the redirect must have a value. For all other platforms it may be empty (“redirect=”), or set to “null” (“redirect=null”). If it is empty or null the BankID app will terminate without launching any URL and the calling application will be in focus. It is recommended to use redirect=null when possible.
Note
The redirect url must start with https://
Note for Windows and macOS
If redirect has a value the redirect parameter must be used together with autostarttoken. If autostarttoken is excluded, the content of redirect will be ignored and the behavior will be as if redirect=null.
Note for Android
If the user has several browsers installed on an Android device the user may be presented with a prompt to choose a browser. BankID recommends that redirect=null is used on Android. This ensures the user will return to the last used browser.
Note for iOS
Redirect=null on iOS results in the RP web or app not launching after completed auth or sign.
Optional
Relying Party reference. Not supported on mobile devices. Any reference the RP wants to use.
The value will be included in the resulting signature. A typical use case is to protect a file when it is transported from a client to a server (compute hashsum of the file content in the client, include the hashsum as rpref, compare it (server side) with a hashsum of the file content computed in the server). The value must be base64 encoded, URL encoded, and 8 – 255 bytes (after encoding). rpref must be used together with autostarttoken. If autostarttoken is excluded, the content of rpref will be ignored.
Examples
The RP wants the BankID app to open a browser with the following URL after finishing execution:
The autostarttoken is included. The start URL is:
bankid:///?autostarttoken=a4904c4c-3bb4-4e3f-8ac3-0e950e529e5f&redirect=https%3a%2f%2fdemo.bankid.com%2fnyademobanken%2fCavaClientRedirReceiver.aspx%3forderRef%3dbedea56d-7b46-47b1-890b-f787c650bc93%26returnUrl%3d.%2fCavaClientAuth.aspx%26Environment%3dKundtest