bankid

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 4, 2025 License: MIT Imports: 9 Imported by: 0

README

GitHub tag GitHub code size in bytes

Go-bankid is a client supporting BankID's API for performing identifications, digital signatures and much more. BankID is probably norhtern Europe's largest player in the digital ID industry. It allows the user to carry a fully trusted digital ID to prove their identidy online, opening up many possibilities in digital infrastructure.

This client is written using BankID's public documentation available at developers.bankid.com. Please explore to know more. The majority of the documentation in this library is taken straight from their page, only with some rephrasing to fit the context.

BankID has two environments, production and test. The former is used in real world application while the latter is used for testing integrations with their systems. This library supports both via NewProd and NewTest respectively.

The main package (bankid) is a work in progress, but all main functionality should be done. It is still not tested. packages ocsp, qr and signature will come in the future and contain nice-to-have functionality with treating some of the data returned by BankID.

Documentation

Overview

TODO: Document package

Index

Constants

View Source 
const (
	RFA1_SWE   = "Starta BankID-appen."
	RFA2_SWE   = "Du verkar inte ha BankID-appen. Installera den och skaffa ett BankID."
	RFA3_SWE   = "Åtgärden avbröts. Försök igen."
	RFA4_SWE   = "En identifiering eller underskrift pågår redan för ditt personnummer. Försök igen."
	RFA5_SWE   = "Något gick fel. Försök igen."
	RFA6_SWE   = "Åtgärden avbröts."
	RFA8_SWE   = "BankID-appen svarar inte. Kontrollera att den är startad och att du har internetanslutning. Försök sedan igen."
	RFA9_SWE   = "Skriv in din säkerhetskod i BankID-appen och välj Identifiera eller Skriv under."
	RFA13_SWE  = "Försöker starta BankID-appen."
	RFA15A_SWE = "" /* 147-byte string literal not displayed */
	RFA15B_SWE = "Söker efter BankID. Säkerställ att du har ett gitligt BankID på den här enheten."
	RFA16_SWE  = "Ditt BankID är för gammalt eller spärrat. Använd ett annat BankID eller skaffa ett nytt hos din bank."
	RFA17A_SWE = "Du verkar inte ha BankID-appen/programmet. Installera den och skaffa ett BankID hos din bank."
	RFA17B_SWE = "Misslyckades att läsa av QR-koden. Starta BankID-appen och läs av QR-koden."
	RFA19_SWE  = "Vill du använda BankID på den här datorn eller ett Mobilt BankID?"
	RFA20_SWE  = "Vill du använda BankID på den här enheten eller på en annan enhet?"
	RFA21_SWE  = "En identifiering eller underskrift pågår."
	RFA22_SWE  = "Något gick fel. Försök igen."
	RFA23_SWE  = "Fotografera och läs av din ID-handling med BankID-appen."

	RFA1_ENG   = "Start your BankID app. "
	RFA2_ENG   = "You don't seem to have the BankID app. Install the app and get a BankID."
	RFA3_ENG   = "The action was cancelled. Please try again."
	RFA4_ENG   = "An identification or signature is already in progress for your personal identity number. Please try again."
	RFA5_ENG   = "Something went wrong. Please try again."
	RFA6_ENG   = "The action was cancelled."
	RFA8_ENG   = "The BankID app is not responding. Please check that it’s started and that you have internet access. Try again."
	RFA9_ENG   = "Enter your security code in the BankID app and select Identify or Sign."
	RFA13_ENG  = "Trying to start your BankID app."
	RFA15A_ENG = "" /* 149-byte string literal not displayed */
	RFA15B_ENG = "Searching for BankID. Make sure you have a valid BankID on this device."
	RFA16_ENG  = "Your BankID is blocked or too old. Please use another BankID or get a new one from your bank."
	RFA17A_ENG = "You don't seem to have the BankID app/program. Please install it and get a BankID from your bank."
	RFA17B_ENG = "Failed to scan the QR code. Start the BankID app and scan the QR code."
	RFA19_ENG  = "Would you like to use BankID on this computer, or a Mobile BankID?"
	RFA20_ENG  = "Do you want to use BankID on this device or another device?"
	RFA21_ENG  = "An identification or signing is in progress."
	RFA22_ENG  = "Something went wrong. Please try again."
	RFA23_ENG  = "Take a photo of, and scan, you ID document with the BankID app."
)

Recommended user messages

View Source 
const (
	ProdURL = "https://appapi2.bankid.com"
	TestURL = "https://appapi2.test.bankid.com"
)
View Source 
const SupportedAPIVersion = "v6.0"

The currently supported version of the BankID API. See https://developers.bankid.com/api-references/auth--sign/overview for more information.

Variables

This section is empty.

Functions

This section is empty.

Types

type App 

type App struct {
	// The identifier of your application.
	//
	// This is the package name on Android and the bundle identifier on iOS.
	//
	// It is vital to use the correct value. If your service does not supply the correct value legitimate orders might be blocked.
	AppIdentifier string `json:"appIdentifier,omitempty"`
	// The device operating system where your app is running.
	DeviceOS string `json:"deviceOS,omitempty"`
	// The identifier of the device your client is running on
	//
	// This is used to uniquely identify the device and should be a value that is not tied to a single user of the device. Preferably, it should remain the same even if your app is reinstalled.
	DeviceIdentifier string `json:"deviceIdentifier,omitempty"`
	// The model of the device your app is running on.
	DeviceModelName string `json:"deviceModelName,omitempty"`
}

App contains additional data included when creating an order from your app.

When starting an order from your app client this data may be included in the request.

You can send the parameter web or app, not both. If providing this parameter, at least one of its members must be specified.

type AuthOpts 

type AuthOpts struct {
	// Additional data included when creating an order from your app.
	App *App
	// Whether a risk indicator should be included in the collect response when the order completes. If a risk indicator is required for the order to complete, for example, if a risk requirement is applied, the returnRisk property is ignored, and a risk indicator is always included; otherwise a default value of false is used. The risk indication requires that the endUserIp is correct. Please note that the assessed risk will not be returned if the order was blocked, which may happen if a risk requirement is set.
	ReturnRisk bool
	// Orders started on the same device as where the user's BankID is stored (started with autostart token) will call this URL when the order is completed.
	//
	// Any return URL provided in the start URL when the BankID app was launched will be ignored. If the user has a version of the BankID app that does not support getting the returnUrl from the server, the order will be cancelled and the user will be asked to update their app.
	//
	// The return URL you provide should include a nonce to the session. When the user returns to your app or web page, your service should verify that the order was completed successfully and that the device receiving the returnUrl is the same device that started the order.
	//
	// Using this parameter will make your service more secure and strengthen the channel binding between you and the user.
	//
	// Ensure that the cookie or user IP address has not changed from the starting page to the returnUrl page.
	ReturnURL string
	// Data that you wish to include but not display to the user.
	//
	// The value must be base 64-encoded.
	UserNonVisibleData string
	// Text displayed to the user during the order.
	//
	// The purpose is to provide context, thereby enabling the user to detect identification errors and avert fraud attempts.
	//
	// The text can be formatted using CR, LF and CRLF for new lines. The text must be encoded as UTF-8 and then base 64 encoded.
	UserVisibleData string
	// If present and set to "simpleMarkdownV1", this parameter indicates that userVisibleData holds formatting characters.
	UserVisibleDataFormat UserVisibleDataFormat
	// Additional data included when creating an order from your web page.
	Web *Web
	// Requirements on how the authentication order must be performed.
	Requirement *Requirement
}

AuthOpts contains options to augument your identification order.

If ReturnRisk is set to true a risk indicator will be included in the collect response when the order completes. If a risk indicator is required for the order to complete, for example, if a risk requirement is applied, the returnRisk property is ignored, and a risk indicator is always included; otherwise a default value of false is used. The risk indication requires that the endUserIp is correct. Please note that the assessed risk will not be returned if the order was blocked, which may happen if a risk requirement is set.

type AuthResp 

type AuthResp struct {
	OrderRef       string `json:"orderRef"`       // A reference ID for an order. This is used to query the status of the order or to cancel it.
	AutoStartToken string `json:"autoStartToken"` // Used to compile the start URL.
	QRStartToken   string `json:"qrStartToken"`   // Used to compute the animated QR code.
	QRStartSecret  string `json:"qrStartSecret"`  // Used to compute the animated QR code.
}

An AuthResp is a successful response from the creation of an identification order.

type BankIDClient 

type BankIDClient struct {
	*http.Client //TODO: Why is this embedded?
	URL          string
}

func NewProd 

func NewProd(cfg Config) (BankIDClient, error)

New creates a new [bankIDClient] that can be used with production BankIDs.

func NewTest 

func NewTest(cfg Config) (BankIDClient, error)

New creates a new [bankIDClient] that can be used with test BankIDs.

func (BankIDClient) Auth 

func (c BankIDClient) Auth(ctx context.Context, endUserIP string, opts *AuthOpts) (AuthResp, error)

Auth initiates an identification order.

endUserIP is mandatory and is the user IP address as it is seen by your service. IPv4 and IPv6 are allowed. Make sure that the IP address you include as endUserIp is the address of your end user's device, not the internal address of any reverse proxy between you and the end user. In use cases where the IP address is not available, e. g. for voice-based services, the internal representation of those systems' IP address is ok to use.

Use opts to augument your identification order. Otherwise pass nil.

func (BankIDClient) Cancel 

func (c BankIDClient) Cancel(ctx context.Context, orderRef string) error

Cancel cancels an ongoing signature, authentication or payment order.

This is typically used if the user cancels the order in your service or app.

func (BankIDClient) Collect 

func (c BankIDClient) Collect(ctx context.Context, orderRef string) (CollectResp, error)

Collect collects information and status of an ongoing order.

Collects the result of an order using orderRef as reference.

Your service should continue calling collect every two seconds if the status reported is is pending. Your service must abort if the status is failed.

The user identity is returned when complete.

func (BankIDClient) Payment 

func (c BankIDClient) Payment(ctx context.Context, endUserIP string, userVisibleTransaction UserVisibleTransaction, opts *PaymentOpts) (PaymentResp, error)

Payment initiates an payment order.

endUserIP is mandatory and is the user IP address as it is seen by your service. IPv4 and IPv6 are allowed. Make sure that the IP address you include as endUserIp is the address of your end user's device, not the internal address of any reverse proxy between you and the end user. In use cases where the IP address is not available, e. g. for voice-based services, the internal representation of those systems' IP address is ok to use.

userVisibleTransaction is mandatory and contains information about the transaction being approved.

Use opts to augument your identification order. Otherwise pass nil.

func (BankIDClient) PhoneAuth 

func (c BankIDClient) PhoneAuth(ctx context.Context, callInitiator CallInitiator, opts *PhoneAuthOpts) (PhoneAuthResp, error)

PhoneAuth initiates an phone identification order.

callInitiator is mandatory and indicates if the user or your organization initiated the phone call.

Use opts to augument your identification order. Otherwise pass nil.

func (BankIDClient) PhoneSign 

func (c BankIDClient) PhoneSign(ctx context.Context, callInitiator CallInitiator, userVisibleData string, opts *PhoneSignOpts) (PhoneSignResp, error)

PhoneSign initiates an phone signing order.

callInitiator is mandatory and indicates if the user or your organization initiated the phone call.

userVisibleData is mandatory and is the text displayed to the user during the order. The purpose is to provide context, thereby enabling the user to detect identification errors and avert fraud attempts. The text can be formatted using CR, LF and CRLF for new lines. The text must be encoded as UTF-8 and then base 64 encoded.

Use opts to augument your identification order. Otherwise pass nil.

func (BankIDClient) Sign 

func (c BankIDClient) Sign(ctx context.Context, endUserIP string, userVisibleData string, opts *SignOpts) (SignResp, error)

Sign initiates an signing order.

endUserIP is mandatory and is the user IP address as it is seen by your service. IPv4 and IPv6 are allowed. Make sure that the IP address you include as endUserIp is the address of your end user's device, not the internal address of any reverse proxy between you and the end user. In use cases where the IP address is not available, e. g. for voice-based services, the internal representation of those systems' IP address is ok to use.

userVisibleData is mandatory and is the text displayed to the user during the order. The purpose is to provide context, thereby enabling the user to detect identification errors and avert fraud attempts. The text can be formatted using CR, LF and CRLF for new lines. The text must be encoded as UTF-8 and then base 64 encoded.

Use opts to augument your identification order. Otherwise pass nil.

type CallInitiator 

type CallInitiator string

CallInitiator indicates if the user or your organization initiated the phone call. 

const (
	UserInitiator CallInitiator = "user" // The user called your organization.
	RPInitiator   CallInitiator = "RP"   // Your organization called the user.
)

type CardReader 

type CardReader string

Whether the user needs to complete the order using a card reader for the signature.

This condition should always be combined with a certificatePolicies for a smart card to avoid undefined behaviour. 

const (
	Class1 CardReader = "class1" // The order must be confirmed with a card reader where the PIN code is entered on a computer keyboard, or a card reader of higher class.
	Class2 CardReader = "class2" // The order must be confirmed with a card reader where the PIN code is entered on the reader.
)

type CertificatePolicy 

type CertificatePolicy string

A CertificatePolicy restricts the method with which an identification or signing can be performed. It matches the OID in certificate policies in the user certificate.

When using one of the BankID on card policies, the cardReader requirement can be used to further restrict the type of card reader allowed. If no cardReader requirement is passed, all supported kinds of card readers are permitted. 

const (
	ProdBankIDOnFile             CertificatePolicy = "1.2.752.78.1.1"
	ProdBankIDOnCard             CertificatePolicy = "1.2.752.78.1.2"
	ProdMobileBankID             CertificatePolicy = "1.2.752.78.1.5"
	TestBankIDOnFile             CertificatePolicy = "1.2.3.4.5"
	TestBankIDOnCard             CertificatePolicy = "1.2.3.4.10"
	TestMobileBankID             CertificatePolicy = "1.2.3.4.25"
	TestBankIDForSomeBankIDBanks CertificatePolicy = "1.2.752.60.1.6"
)

type Client 

type Client interface {
	Auth(ctx context.Context, endUserIP string, opts *AuthOpts) (AuthResp, error)
	Sign(ctx context.Context, endUserIP string, userVisibleData string, opts *SignOpts) (SignResp, error)
	Payment(ctx context.Context, endUserIP string, userVisibleTransaction UserVisibleTransaction, opts *PaymentOpts) (PaymentResp, error)
	PhoneAuth(ctx context.Context, callInitiator CallInitiator, opts *PhoneAuthOpts) (PhoneAuthResp, error)
	PhoneSign(ctx context.Context, callInitiator CallInitiator, userVisibleData string, opts *PhoneSignOpts) (PhoneSignResp, error)
	Collect(ctx context.Context, orderRef string) (CollectResp, error)
	Cancel(ctx context.Context, orderRef string) error
}

type CollectResp 

type CollectResp struct {
	OrderRef       string          `json:"orderRef"`                 // A reference ID for an order. This is used to query the status of the order or to cancel it.
	Status         Status          `json:"status"`                   // The current status of the order.
	HintCode       HintCode        `json:"hintCode,omitempty"`       // Used to provide the user with details and instructions.
	CompletionData *CompletionData `json:"completionData,omitempty"` // Information about the user and the completed order.
}

A CollectResp is a successful response from the querying the order status with a collect request.

type CompletionData 

type CompletionData struct {
	// Information related to the user.
	User *User `json:"user,omitempty"`
	// Information related to the device.
	Device *Device `json:"device,omitempty"`
	// Information about additional verifications that were part of the order.
	StepUp *StepUp `json:"stepUp,omitempty"`
	// The date the BankID was issued to the user.
	//
	// The issue date is expressed using ISO 8601 date format with a UTC time zone offset.
	BankIDIssueDate string `json:"bankIdIssueDate,omitempty"`
	// The signature that is the result of the order.
	//
	// This is a base 64 encoded XML signature string.
	Signature string `json:"signature,omitempty"`
	// The OCSP response.
	//
	// This is a base 64 encoded OCSP response.
	//
	// The OCSP response is signed by a certificate that has the same issuer as the certificate being verified, and it has a nonce extension. The nonce is calculated as:
	// 	- SHA-1 hash over the base 64 XML signature encoded as UTF-8.
	// 	- 12 random bytes added after the hash.
	//
	// The nonce is 32 bytes (20 + 12).
	OCSPResponse string `json:"ocspResponse,omitempty"`
	// Indicates the risk level of the order based on data available in the order.
	Risk Risk `json:"risk,omitempty"`
}

CompletionData contains information about the user and the completed order.

The user has completed the order. completionData includes the signature, user information and the OCSP response. You should verify user information to proceed. You should retain completion data for future reference, compliance and audit purposes..

type Config 

type Config struct {
	RootCA     []byte // The root certificate authority of the BankID service.
	ClientCert []byte // The certificate of your client. Ordered from the bank you have your BankID agreement with.
	ClientKey  []byte // Your client certificate's private key.
}

A Config is used to configure a [bankIDClient].

type Device 

type Device struct {
	// The IP address of the user agent as the BankID server sees it.
	//
	// When an order is started with autoStartToken you can check that it matches the IP you service observes to ensure session fixation.
	IPAddress string `json:"ipAddress,omitempty"`
	// Unique hardware identifier for the user's device.
	UHI string `json:"uhi,omitempty"`
}

Device contains information related to the device.

type HintCode 

type HintCode string

A HintCode is used to provide the user with details and instructions. 

const (
	OutstandingTransaction HintCode = "outstandingTransaction"
	NoClient               HintCode = "noClient"
	Started                HintCode = "started"
	UserMRTD               HintCode = "userMrtd"
	UserCallConfirm        HintCode = "userCallConfirm"
	UserSign               HintCode = "userSign"
)

These hintCides declare the state when an order is pending. You should use the hintCode to provide the user with details and instructions and keep calling collect until order fails or is complete. 

const (
	ExpiredTransaction     HintCode = "expiredTransaction"
	CertificateErr         HintCode = "certificateErr"
	UserCancel             HintCode = "userCancel"
	Cancelled              HintCode = "cancelled"
	StartFailed            HintCode = "startFailed"
	UserDeclinedCall       HintCode = "userDeclinedCall"
	NotSupportedByUserApp  HintCode = "notSupportedByUserApp"
	TransactionRiskBlocked HintCode = "transactionRiskBlocked"
)

These hintCodes declare the final state when an order fails. You should use the hintCode to provide the user with details and instructions. The same orderRef must not be used for additional collect requests.

type Money 

type Money struct {
	// The monetary amount of the payment.
	//
	// The string can contain one decimal separator which must be ",". The rest of the input must be numbers.
	//
	// Examples: "1000,00", "100,000", "100", "0".
	Amount string `json:"amount"`
	// The currency of the payment.
	//
	// This must be an ISO 4217 alphabetic currency code.
	Currency string `json:"currency"`
}

Money sets monetary amount for the payment. If the transactionType is "npa" this isn't allowed to be set.

type PaymentOpts 

type PaymentOpts struct {
	// Additional data included when creating an order from your app.
	App *App
	// Whether a risk indicator should be included in the collect response when the order completes. If a risk indicator is required for the order to complete, for example, if a risk requirement is applied, the returnRisk property is ignored, and a risk indicator is always included; otherwise a default value of false is used. The risk indication requires that the endUserIp is correct. Please note that the assessed risk will not be returned if the order was blocked, which may happen if a risk requirement is set.
	ReturnRisk bool
	// Orders started on the same device as where the user's BankID is stored (started with autostart token) will call this URL when the order is completed.
	//
	// Any return URL provided in the start URL when the BankID app was launched will be ignored. If the user has a version of the BankID app that does not support getting the returnUrl from the server, the order will be cancelled and the user will be asked to update their app.
	//
	// The return URL you provide should include a nonce to the session. When the user returns to your app or web page, your service should verify that the order was completed successfully and that the device receiving the returnUrl is the same device that started the order.
	//
	// Using this parameter will make your service more secure and strengthen the channel binding between you and the user.
	//
	// Ensure that the cookie or user IP address has not changed from the starting page to the returnUrl page.
	ReturnURL string
	// Indicate to the risk assessment system that the payment has a higher risk or is unusual for the user.
	RiskFlags []RiskFlag
	// Data that you wish to include but not display to the user.
	//
	// The value must be base 64-encoded.
	UserNonVisibleData string
	// Text displayed to the user during the order.
	//
	// The purpose is to provide context, thereby enabling the user to detect identification errors and avert fraud attempts.
	//
	// The text can be formatted using CR, LF and CRLF for new lines. The text must be encoded as UTF-8 and then base 64 encoded.
	UserVisibleData string
	// If present and set to "simpleMarkdownV1", this parameter indicates that userVisibleData holds formatting characters.
	UserVisibleDataFormat UserVisibleDataFormat
	// Additional data included when creating an order from your web page.
	Web *Web
	// Requirements on how the authentication order must be performed.
	Requirement *Requirement
}

PaymentOpts contains options to augument your payment order.

type PaymentResp 

type PaymentResp struct {
	OrderRef       string `json:"orderRef"`       // A reference ID for an order. This is used to query the status of the order or to cancel it.
	AutoStartToken string `json:"autoStartToken"` // Used to compile the start URL.
	QRStartToken   string `json:"qrStartToken"`   // Used to compute the animated QR code.
	QRStartSecret  string `json:"qrStartSecret"`  // Used to compute the animated QR code.
}

A PaymentResp is a successful response from the creation of a payment order.

type PhoneAuthOpts 

type PhoneAuthOpts struct {
	// The ID number of the user.
	//
	// The ID number is a Swedish national identification number (12 digits).
	PersonalNumber string
	// Data that you wish to include but not display to the user.
	//
	// The value must be base 64-encoded.
	UserNonVisibleData string
	// Text displayed to the user during the order.
	//
	// The purpose is to provide context, thereby enabling the user to detect identification errors and avert fraud attempts.
	//
	// The text can be formatted using CR, LF and CRLF for new lines. The text must be encoded as UTF-8 and then base 64 encoded.
	UserVisibleData string
	// If present and set to "simpleMarkdownV1", this parameter indicates that userVisibleData holds formatting characters.
	UserVisibleDataFormat UserVisibleDataFormat
	// Requirements on how the authentication order must be performed.
	Requirement *PhoneRequirement
}

PhoneAuthOpts contains options to augument your phone identification order.

type PhoneAuthResp 

type PhoneAuthResp struct {
	OrderRef string `json:"orderRef"` // A reference ID for an order. This is used to query the status of the order or to cancel it.
}

A PhoneAuthResp is a successful response from the creation of a phone identification order.

type PhoneRequirement 

type PhoneRequirement struct {
	CardReader          CardReader          `json:"cardReader,omitempty"`          // Whether the user needs to complete the order using a card reader for the signature.
	CertificatePolicies []CertificatePolicy `json:"certificatePolicies,omitempty"` // The OID in certificate policies in the user certificate.
	PinCode             bool                `json:"pinCode,omitempty"`             // Users are required to confirm the order with their security code even if they have biometrics activated.
}

PhoneRequirement contains requirements on how the authentication order must be performed.

type PhoneSignOpts 

type PhoneSignOpts struct {
	// The ID number of the user. The ID number is a Swedish national identification number (12 digits).
	PersonalNumber string
	// Data that you wish to include but not display to the user.
	//
	// The value must be base 64-encoded.
	UserNonVisibleData string
	// If present and set to "simpleMarkdownV1", this parameter indicates that userVisibleData holds formatting characters.
	UserVisibleDataFormat UserVisibleDataFormat
	// Requirements on how the authentication order must be performed.
	Requirement *PhoneRequirement
}

PhoneSignOpts contains options to augument your phone signing order.

type PhoneSignResp 

type PhoneSignResp struct {
	OrderRef string `json:"orderRef"` // A reference ID for an order. This is used to query the status of the order or to cancel it.
}

A PhoneSignResp is a successful response from the creation of a phone signing order.

type Recipient 

type Recipient struct {
	// The name of the recipient of the payment.
	//
	// For the transaction type "card", this is the merchant name.
	Name string `json:"name"`
}

Recipient contains informtion about the recipient of the payment.

type Requirement 

type Requirement struct {
	CardReader          CardReader          `json:"cardReader,omitempty"`          // Whether the user needs to complete the order using a card reader for the signature.
	CertificatePolicies []CertificatePolicy `json:"certificatePolicies,omitempty"` // The OID in certificate policies in the user certificate.
	MRTD                bool                `json:"mrtd,omitempty"`                // Whether the user needs to confirm their identity with a valid Swedish passport or national ID card to complete the order.
	PersonalNumber      string              `json:"personalNumber,omitempty"`      // The personal identity number allowed to confirm the identification.
	PinCode             bool                `json:"pinCode,omitempty"`
}

Requirement contains requirements on how the authentication order must be performed.

type Risk 

type Risk string

Risk indicates the risk level of the order based on data available in the order.

This is only returned if requested in the order, and it may be absent if the risk could not be calculated.

If you have sent the correct endUserIp and additional data, a risk indication with the value "high" means there are signs of the channel binding being compromised, or other highly concerning circumstances.. 

const (
	Low      Risk = "low"      // No or low risk identified in the available order data.
	Moderate Risk = "moderate" // Might require further action, investigation or follow-up by you based on the order data.
	High     Risk = "high"     // The order should be blocked or cancelled by you and needs further action, investigation or follow-up. This value will only be returned if you have requested to have the risk assement to be provided, but not supplied a risk condition.
)

type RiskFlag 

type RiskFlag string

A RiskFlag indicates to the risk assessment system that the payment has a higher risk or is unusual for the user. 

const (
	NewCard                  RiskFlag = "newCard"
	NewCustomer              RiskFlag = "newCustomer"
	NewRecipient             RiskFlag = "newRecipient"
	HighRiskRecipient        RiskFlag = "highRiskRecipient"
	LargeAmount              RiskFlag = "largeAmount"
	ForeignCurrency          RiskFlag = "foreignCurrency"
	CryptoCurrencyPurchase   RiskFlag = "cryptoCurrencyPurchase"
	MoneyTransfer            RiskFlag = "moneyTransfer"
	OverseasTransaction      RiskFlag = "overseasTransaction"
	RecurringPayment         RiskFlag = "recurringPayment"
	SuspiciousPaymentPattern RiskFlag = "suspiciousPaymentPattern"
	Other                    RiskFlag = "other"
)

type SignOpts 

type SignOpts struct {
	// Additional data included when creating an order from your app.
	App *App
	// Whether a risk indicator should be included in the collect response when the order completes. If a risk indicator is required for the order to complete, for example, if a risk requirement is applied, the returnRisk property is ignored, and a risk indicator is always included; otherwise a default value of false is used. The risk indication requires that the endUserIp is correct. Please note that the assessed risk will not be returned if the order was blocked, which may happen if a risk requirement is set.
	ReturnRisk bool
	// Orders started on the same device as where the user's BankID is stored (started with autostart token) will call this URL when the order is completed.
	//
	// Any return URL provided in the start URL when the BankID app was launched will be ignored. If the user has a version of the BankID app that does not support getting the returnUrl from the server, the order will be cancelled and the user will be asked to update their app.
	//
	// The return URL you provide should include a nonce to the session. When the user returns to your app or web page, your service should verify that the order was completed successfully and that the device receiving the returnUrl is the same device that started the order.
	//
	// Using this parameter will make your service more secure and strengthen the channel binding between you and the user.
	//
	// Ensure that the cookie or user IP address has not changed from the starting page to the returnUrl page.
	ReturnURL string
	// Data that you wish to include but not display to the user.
	//
	// The value must be base 64-encoded.
	UserNonVisibleData string
	// If present and set to "simpleMarkdownV1", this parameter indicates that userVisibleData holds formatting characters.
	UserVisibleDataFormat UserVisibleDataFormat
	// Additional data included when creating an order from your web page.
	Web *Web
	// Requirements on how the authentication order must be performed.
	Requirement *Requirement
}

SignOpts contains options to augument your signing order.

type SignResp 

type SignResp struct {
	OrderRef       string `json:"orderRef"`       // A reference ID for an order. This is used to query the status of the order or to cancel it.
	AutoStartToken string `json:"autoStartToken"` // Used to compile the start URL.
	QRStartToken   string `json:"qrStartToken"`   // Used to compute the animated QR code.
	QRStartSecret  string `json:"qrStartSecret"`  // Used to compute the animated QR code.
}

A SignResp is a successful response from the creation of a signing order.

type Status 

type Status string

Status indicates the current status of the order. 

const (
	Pending  Status = "pending"  // The order is being processed. hintCode describes the status of the order.
	Complete Status = "complete" // The order is complete. completionData holds user information.
	Failed   Status = "failed"   // Something went wrong with the order. hintCode describes the error.
)

type StepUp 

type StepUp struct {
	MRTD bool `json:"mrtd,omitempty"` // Whether an MRTD check was performed before the order was completed.
}

StepUp contains information about additional verifications that were part of the order.

type TransactionType 

type TransactionType string

A TransactionType is the type of a transaction. 

const (
	Card TransactionType = "card" // Card payment.
	NPA  TransactionType = "npa"  // Non-payment authentication.
)

type User 

type User struct {
	PersonalNumber string `json:"personalNumber,omitempty"` // The ID number of the user. The ID number is a Swedish national identification number (12 digits).
	Name           string `json:"name,omitempty"`           // The first and last name of the user.
	GivenName      string `json:"givenName,omitempty"`      // The first name of the user.
	Surname        string `json:"surname,omitempty"`        // The surname of the user.
}

User contains information related to the user.

type UserVisibleDataFormat 

type UserVisibleDataFormat string

UserVisibleDataFormat inticates If present and set to "simpleMarkdownV1", this parameter indicates that userVisibleData holds formatting characters. 

const (
	Plaintext        UserVisibleDataFormat = "plaintext"        // userVisibleData contains base 64 encoded text using a sub-set of UTF-8 and CR, LF or CRLF for line breaks.
	SimpleMarkdownV1 UserVisibleDataFormat = "simpleMarkdownV1" // userVisibleData contains Simple Markdown version 1.
)

type UserVisibleTransaction 

type UserVisibleTransaction struct {
	TransactionType TransactionType `json:"transactionType"`       // The type of a transaction.
	Recipient       Recipient       `json:"recipient"`             // The recipient of the payment.
	Money           *Money          `json:"money,omitempty"`       // Object that sets monetary amount for the payment.
	RiskWarning     string          `json:"riskWarning,omitempty"` // Indicate to the user that the payment has higher risk or is unusual for the user.
}

UserVisibleTransaction contains information about the transaction being approved.

type Web 

type Web struct {
	// The identifier of the device running your client.
	//
	// Do not use a session cookie. Use a separate cookie or the hash of one.
	//
	// This value should be unique to the user's browser and persist across sessions.
	DeviceIdentifier string `json:"deviceIdentifier,omitempty"`
	// The domain that starts the BankID app.
	//
	// This should generally be your domain name followed by the public suffix, which will generally be the top level domain.
	//
	// Only the digits 0 to 9, the letters a to z, dot (".") and dash ("-") are allowed. When using an International Domain Name, the string must be punycode encoded.
	ReferringDomain string `json:"referringDomain,omitempty"`
	// The user agent of the user interacting with your web page.
	UserAgent string `json:"userAgent,omitempty"`
}

Web contains additional data included when creating an order from your web page.

When starting an order from your web page this data may be included in the request.

You can send the parameter web or app, not both. If providing this parameter, at least one of its members must be specified.

Source Files

View all Source files

Directories

Path Synopsis
TODO: Document package
 TODO: Document package
TODO: Document package
 TODO: Document package
TODO: Document package
 TODO: Document package

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.