Integrating BankID (Swedish authentication service) into Flutter (Android and Ios)

Question

I'm trying to impletment Swedish bankid on one of my project. But the resources that are available on the internet is too little. Can anybody help me how to implement BankId authentication on flutter app.

Answer 1

Not sure on how much experience you have whit BankId, so maybe you already know some of the stuffs, but this is how I solved it.

The service has three main endpoints for performing verification:

/auth/start: This endpoint is used to initiate the verification process and generates a unique key, called a bankIdToken, which is returned in the form of a GUID.

/auth/status: This endpoint is used to check the status of a verification process that has been initiated with the /auth/start endpoint. The status can be "waiting" or "completed".

/auth/verify: This endpoint is used to verify the identity of a user who has completed the verification process and returns a JSON object containing information about the user.

To perform a verification, the steps are as follows:

Send a request to /auth/start to initiate the process and receive the bankIdToken. Pass the bankIdToken to /auth/verify to trigger the verification on the user's device (mobile, pc) , the status will be waiting. After the user completes the process on their device, check the status by sending a request to /auth/status that will change the status to completed. Send a request to /auth/verify to verify the user, this will return a JSON object containing user information.

You can also get testing bankid at https://demo.bankid.com/ and fake Swedish person numbers in skatteverket or https://fejka.nu/ ( GDPR Approved)

This is my flutter code whit hardcoded values

class AuthDataSource {
  Future<AuthVerifyModel> authFlow() async {
    final authStartResponse = await http.post(
      Uri.https(BASEURL, '/auth/start'),
      headers: <String, String>{
        'Content-Type': 'application/json; charset=UTF-8',
      },
      body: jsonEncode(<String, String>{
        'bankIdNumber': '198806192392',
      }),
    );
    if (authStartResponse.statusCode != 200) {
      throw ServerException();
    }
    final authStartModel =
        AuthStartModel.fromJson(jsonDecode(authStartResponse.body));

    final authStatusResponse = await http.post(
      Uri.https(BASEURL, '/auth/status'),
      headers: <String, String>{
        'Content-Type': 'application/json; charset=UTF-8',
      },
      body: jsonEncode(<String, String>{
        'bankIdToken': authStartModel.bankIdToken.toString(),
      }),
    );
    if (authStatusResponse.statusCode != 200) {
      throw ServerException();
    }

    final authVerifyResponse = await http.post(
      Uri.https(BASEURL, '/auth/verify'),
      headers: <String, String>{
        'Content-Type': 'application/json; charset=UTF-8',
      },
      body: jsonEncode(<String, String>{
        'bankIdToken': authStartModel.bankIdToken.toString()
      }),
    );
    if (authVerifyResponse.statusCode != 200) {
      throw ServerException();
    }

    return AuthVerifyModel.fromJson(jsonDecode(authVerifyResponse.body));
  }
}