Strategy for authentication using Swedish BankID.

This authentication strategy provides integration with Swedish BankID, supporting both QR code (cross-device) and same-device authentication flows.

Features

• QR code-based authentication for desktop users
• Same-device authentication for mobile users
• Automatic user creation/update via upsert pattern
• Session binding for security
• Order expiration and cleanup

Configuration

Configure the strategy in your user resource:

authentication do
  strategies do
    bank_id do
      order_resource MyApp.Accounts.BankIDOrder
      personal_number_field :personal_number
      given_name_field :given_name
      surname_field :surname
      verified_at_field :bankid_verified_at
      ip_address_field :ip_address
      order_ttl 180
      poll_interval 2000
    end
  end
end

User Resource Requirements

Your user resource must have:

• An identity on the configured identity_field (default: :personal_number)
• Tokens enabled
• The required attribute fields configured above

Order Resource

You must create an order resource to track BankID authentication sessions. See AshAuthentication.BankID.OrderResource for details.

Security

• QR start secrets are never sent to the client
• Orders are bound to Phoenix sessions
• Orders expire after the configured TTL (default: 3 minutes)
• Orders are single-use (marked as consumed after completion)