public async Task <ActionResult <BankIdLoginApiInitializeResponse> > InitializeAsync(BankIdLoginApiInitializeRequest request)
{
var unprotectedLoginOptions = _loginOptionsProtector.Unprotect(request.LoginOptions);
SwedishPersonalIdentityNumber personalIdentityNumber;
if (unprotectedLoginOptions.IsAutoLogin())
{
personalIdentityNumber = unprotectedLoginOptions.PersonalIdentityNumber;
}
else
{
if (!SwedishPersonalIdentityNumber.TryParse(request.PersonalIdentityNumber, out personalIdentityNumber))
{
return(BadRequest(new
{
PersonalIdentityNumber = "Invalid PersonalIdentityNumber."
}));
}
}
AuthResponse authResponse;
try
{
var authRequest = GetAuthRequest(personalIdentityNumber, unprotectedLoginOptions);
authResponse = await _bankIdApiClient.AuthAsync(authRequest);
}
catch (BankIdApiException bankIdApiException)
{
_logger.BankIdAuthFailure(personalIdentityNumber, bankIdApiException);
var errorStatusMessage = GetStatusMessage(bankIdApiException);
return(BadRequest(new BankIdLoginApiErrorResponse(errorStatusMessage)));
}
var orderRef = authResponse.OrderRef;
var protectedOrderRef = _orderRefProtector.Protect(new BankIdOrderRef(orderRef));
_logger.BankIdAuthSuccess(personalIdentityNumber, orderRef);
if (unprotectedLoginOptions.AutoLaunch)
{
var detectedDevice = _bankIdSupportedDeviceDetector.Detect(HttpContext.Request.Headers["User-Agent"]);
var bankIdRedirectUri = GetBankIdRedirectUri(request, protectedOrderRef, authResponse, detectedDevice);
var response = detectedDevice.IsIos
? BankIdLoginApiInitializeResponse.AutoLaunch(protectedOrderRef, bankIdRedirectUri, false)
: BankIdLoginApiInitializeResponse.AutoLaunchAndCheckStatus(protectedOrderRef, bankIdRedirectUri, detectedDevice.IsAndroid);
return(Ok(response));
}
return(Ok(BankIdLoginApiInitializeResponse.ManualLaunch(protectedOrderRef)));
}
public async Task <ActionResult <BankIdLoginApiInitializeResponse> > Initialize(BankIdLoginApiInitializeRequest request)
{
if (string.IsNullOrWhiteSpace(request.LoginOptions))
{
throw new ArgumentNullException(nameof(request.LoginOptions));
}
if (string.IsNullOrWhiteSpace(request.ReturnUrl))
{
throw new ArgumentNullException(nameof(request.ReturnUrl));
}
var unprotectedLoginOptions = _loginOptionsProtector.Unprotect(request.LoginOptions);
SwedishPersonalIdentityNumber?personalIdentityNumber = null;
if (unprotectedLoginOptions.IsAutoLogin())
{
if (!unprotectedLoginOptions.AllowChangingPersonalIdentityNumber)
{
personalIdentityNumber = unprotectedLoginOptions.PersonalIdentityNumber;
}
}
else
{
if (!SwedishPersonalIdentityNumber.TryParse(request.PersonalIdentityNumber, out personalIdentityNumber))
{
return(BadRequest(new
{
PersonalIdentityNumber = "Invalid PersonalIdentityNumber."
}));
}
}
AuthResponse authResponse;
try
{
var authRequest = GetAuthRequest(personalIdentityNumber, unprotectedLoginOptions);
authResponse = await _bankIdApiClient.AuthAsync(authRequest);
}
catch (BankIdApiException bankIdApiException)
{
_logger.BankIdAuthFailure(personalIdentityNumber, bankIdApiException);
var errorStatusMessage = GetStatusMessage(bankIdApiException);
return(BadRequest(new BankIdLoginApiErrorResponse(errorStatusMessage)));
}
var orderRef = authResponse.OrderRef;
var protectedOrderRef = _orderRefProtector.Protect(new BankIdOrderRef(orderRef));
_logger.BankIdAuthSuccess(personalIdentityNumber, orderRef);
if (unprotectedLoginOptions.AutoLaunch)
{
var detectedDevice = _bankIdSupportedDeviceDetector.Detect(HttpContext.Request.Headers["User-Agent"]);
var bankIdRedirectUri = GetBankIdRedirectUri(request, authResponse, detectedDevice);
// Don't check for status if the browser will reload on return
var response = BrowserWillReloadPageOnReturnRedirect(detectedDevice)
? BankIdLoginApiInitializeResponse.AutoLaunch(protectedOrderRef, bankIdRedirectUri, false)
: BankIdLoginApiInitializeResponse.AutoLaunchAndCheckStatus(protectedOrderRef, bankIdRedirectUri, BrowserMightNotAutoLaunch(detectedDevice));
return(Ok(response));
}
if (unprotectedLoginOptions.UseQrCode)
{
var qrCode = _qrCodeGenerator.GenerateQrCodeAsBase64(authResponse.AutoStartToken);
return(Ok(BankIdLoginApiInitializeResponse.ManualLaunch(protectedOrderRef, qrCode)));
}
return(Ok(BankIdLoginApiInitializeResponse.ManualLaunch(protectedOrderRef)));
}
public async Task <ActionResult <BankIdLoginApiInitializeResponse> > Initialize(BankIdLoginApiInitializeRequest request)
{
if (string.IsNullOrWhiteSpace(request.LoginOptions))
{
throw new ArgumentNullException(nameof(request.LoginOptions));
}
if (string.IsNullOrWhiteSpace(request.ReturnUrl))
{
throw new ArgumentNullException(nameof(request.ReturnUrl));
}
var unprotectedLoginOptions = _loginOptionsProtector.Unprotect(request.LoginOptions);
PersonalIdentityNumber?personalIdentityNumber = null;
if (unprotectedLoginOptions.IsAutoLogin())
{
if (!unprotectedLoginOptions.AllowChangingPersonalIdentityNumber)
{
personalIdentityNumber = unprotectedLoginOptions.PersonalIdentityNumber;
}
}
else
{
if (!PersonalIdentityNumber.TryParse(request.PersonalIdentityNumber, StrictMode.Off, out personalIdentityNumber))
{
return(BadRequestJsonResult(new
{
PersonalIdentityNumber = "Invalid PersonalIdentityNumber."
}));
}
}
var detectedUserDevice = GetDetectedUserDevice();
AuthResponse authResponse;
try
{
var authRequest = await GetAuthRequest(personalIdentityNumber, unprotectedLoginOptions);
authResponse = await _bankIdApiClient.AuthAsync(authRequest);
}
catch (BankIdApiException bankIdApiException)
{
await _bankIdEventTrigger.TriggerAsync(new BankIdAuthErrorEvent(personalIdentityNumber, bankIdApiException, detectedUserDevice, unprotectedLoginOptions));
var errorStatusMessage = GetStatusMessage(bankIdApiException);
return(BadRequestJsonResult(new BankIdLoginApiErrorResponse(errorStatusMessage)));
}
var orderRef = authResponse.OrderRef;
var protectedOrderRef = _orderRefProtector.Protect(new BankIdOrderRef(orderRef));
await _bankIdEventTrigger.TriggerAsync(new BankIdAuthSuccessEvent(personalIdentityNumber, orderRef, detectedUserDevice, unprotectedLoginOptions));
if (unprotectedLoginOptions.SameDevice)
{
var launchInfo = GetBankIdLaunchInfo(request, authResponse);
// Don't check for status if the browser will reload on return
if (launchInfo.DeviceWillReloadPageOnReturnFromBankIdApp)
{
return(OkJsonResult(BankIdLoginApiInitializeResponse.AutoLaunch(protectedOrderRef, launchInfo.LaunchUrl, launchInfo.DeviceMightRequireUserInteractionToLaunchBankIdApp)));
}
else
{
return(OkJsonResult(BankIdLoginApiInitializeResponse.AutoLaunchAndCheckStatus(protectedOrderRef, launchInfo.LaunchUrl, launchInfo.DeviceMightRequireUserInteractionToLaunchBankIdApp)));
}
}
if (unprotectedLoginOptions.UseQrCode)
{
var qrCode = _qrCodeGenerator.GenerateQrCodeAsBase64(authResponse.AutoStartToken);
return(OkJsonResult(BankIdLoginApiInitializeResponse.ManualLaunch(protectedOrderRef, qrCode)));
}
return(OkJsonResult(BankIdLoginApiInitializeResponse.ManualLaunch(protectedOrderRef)));
}