0

I have created a web app with a button to log in using bank id. Clicking the button the browser will post a request to the backend (using javascript fetch) for a bank-id login. The backend in its turn, will post to bank-id to initiate a bank-id login. If using their mobiles, users will now switch from the browser to the bank-id app and do their authentication. When the user has signed in, bank-id will return a success result to the backend and it will complete the call and return the result to the browser.

This works perfectly on android, but on mobile iOS the browser (safari atleast) seems to clean up the connection that javascript fetch made to the backend most of the time when the user switches to the bank-id app and the browser is no longer in focus. Sometimes it works and the connection is kept open, but most of the times not.

Does anyone have a solution to this? Is it possible to make the iOS browser keep the connection open when switching apps. Or does anyone have a suggestion for a different design?

(Bankid is a solution for digital signatures that is used extensively to authenticate in Sweden)

mortb
  • 9,361
  • 3
  • 26
  • 44
  • iOS only allows background networking in very limited situations. All connections for any app will be closed after 30 seconds max. Background networking is the most battery intensive thing that can be done on iOS so it is restricted. I'm not familiar with bank-id or know anything about the setup you are using, but if the user has to return to the webpage, I would imagine the webpage needs to be able to close the connection when the user leaves and reopen when they return. Maybe using websockets with a session rather than hoping a POST request will return in time – Simon McLoughlin Oct 05 '21 at 15:57
  • @Simon McLoughlin thanks for your input. Yes it seems that iOS is less forgiving for idle connections than android. Websockets would need much rework, but it might be an option – mortb Oct 05 '21 at 20:36

1 Answers1

1

Create a custom url scheme for your app. When starting the BankID application, use the redirect parameter to let the BankID application call back to your app.

https://app.bankid.com/?autostarttoken=[TOKEN]&redirect=[RETURNURL]
smuda
  • 101
  • 4
  • Thanks! I will try that in my solution – mortb Oct 06 '21 at 06:48
  • A few extra questions that you maybe would be able to answer: 1) Will bankid callback to the same browser window / tab or open a new window? 2) will bankid callback to the same browser app or the default browser in the case that the user is not using his default browser app? – mortb Oct 06 '21 at 09:42
  • 1
    The BankID app does not (and cannot) control how the url callback is handled by iOS and browser. That means if you use an ordinary https-address as redirect parameter, iOS will open the default browser. You may need to [craft the url to specifically start a specific browser, for example "googlechromes://www.example.com"](https://developer.chrome.com/docs/multidevice/ios/links/). – smuda Oct 07 '21 at 02:30
  • 1
    If the browser is Safari, it will open a new tab and loose all your cookies. Therefor you need to recreate the session on the servier-side from the url (with a session parameter). – smuda Oct 07 '21 at 02:31
  • Watching the network tab while logging in with bankid at a well known Swedish site I saw that they seem to be polling their backend from the page that initiated the post for bankid for responses. I tested to implement a solution like that which seems to work. It will allow me to control which browser window I will continue in and not having to write a login landing page making it less complicated to re-tailor my current solution. – mortb Oct 07 '21 at 10:28
  • @smuda To get around that, you can use redirect=https://mysite_url#random_hash As long as the hash is not currently used, the same tab will open instead of a new one. This is Safari specific :) – Furedal Dec 15 '21 at 14:25
  • @Furedal I did not know that, thanks! Got a link where I can read more? – smuda Dec 16 '21 at 18:59
  • Can anybody got working example on GitHub? – Lukasz D Jan 11 '22 at 20:02