Skip to content

Testing

BankID with biometrics is available for testing in the current test environment.

Register a test user

To test BankID with biometrics, you'll need a test user. Test users can be registered at the preprod registration authority (RA).

Generate a Norwegian national identity number

Start by generating a Norwegian national identity number (NNIN) for your test user. You can do this by vising this URL, and clicking "Generate number".

Make a note of the NNIN

Remember to copy the generated NNIN and save it somewhere, as you will need it later. It's not saved any other place.

Create the test user

After generating the nnin, you should now see a form for creating a BankID test user with the NNIN you generated. Follow these steps to create the user:

  • In "Order new BankID", check "Netcentric".
  • Enter your test user's first and last name.
  • Enter your BankID Friendly Name (doesn't matter what this is).
  • Under "Ha Services", check for “BankID TestBank”.
  • Press “Order”.
  • In “Contact Info”, press edit.
  • Enter phone number and email (doesn't matter what this is, no SMS or email will be sent here).
  • Click “Save”

Your BankID test user should now have been created. However, note that it may take up to one hour before the user is available to test with.

Get access to the BankID preprod app

The "preprod" version of the BankID app is connected to the current test environment, and can be used for testing both the onboarding and authentication flows for BankID with biometrics. This means you can use the preprod app to gain a full understanding of the user journey.

Are you sure you need to test the app?

If you are not implementing in your own native applications or using the CIBA flow, it should not be necessary to test using the BankID preprod app.

Follow these steps to get access to the BankID preprod app:

  1. Request access to the BankID preprod app in the support portal. If you do not have access to the portal, your BankID partner can raise a request on your behalf.

  2. After getting access, proceed to activate the BankID preprod app using the national identification number associated with your test user. Recall the test user may not be available until one hour has passed since creation.

    Passwords and notifications for your BankID test user

    The one-time password is otp and the password is qwer1234 for all BankIDs issued by ra-preprod.

    During the activation process you'll receive notifications (SMS and email codes) on https://toba-preprod.bankidapis.no/test-events?nnin=INSERT_YOUR_TEST_NNIN_HERE. You will not get them on the phone number or email you registered in the RA.

  3. After activating the app, navigate to the "My BankID" tab in the app. From there, you will see a button allowing you to register for BankID with biometrics. Recall that the one-time password for test users is otp, and the password is qwer1234.

When this is all done you can start authentications in the BankID with biometrics test helper https://bidaletheiacurrent-tester.azurewebsites.net/ using the norwegian national identity number of your test user and approve it using the BankID preprod app.

BankID OIDC test helper

BankID OIDC test helper is available at https://util.bankidnorge.no/oidc-testclient/

By entering BIS as the login hint, you'll get a BankID Substantial authentication.

There is also a permission_token field to provide pre-registered context information.

If you are unsure which assurance level you get, or if your client is still using BankID High, verify that the acr claim includes LOA=3. This represents Level of Assurance 3, indicating substantial trust level of the authentication.

BankID with biometrics' test helper

The BankID with biometrics test helper is available at https://bidaletheiacurrent-tester.azurewebsites.net/

Enabling a virtual authenticator in Google Chrome (not necessary for MacOs)

This step is not necessary if you are using MacOs as MacOs has a built-in virtual authenticator.

Setup a compatible virtual authenticator in Google Chrome by performing the following steps:

  1. Open the Chrome tab which requires the authenticator https://bidaletheiacurrent-tester.azurewebsites.net/
  2. Open DevTools
  3. Click More Options > More tools > WebAuthn to open the WebAuthn tab.
  4. Enable "Enable Virtual Authenticator Environment"
  5. New Authenticator:
    • Protocol: ctap2
    • Transport: internal
    • Supports Resident Keys: true
    • Supports User Verification: true

Note: When registering or authenticating using a virtual authenticator, you will not be prompted to approve access to the FIDO Key. Using an iOS or Android device will trigger this prompt.

How to register your user for BankID with biometrics

Start the registration by clicking "Sign up with Aletheia" in the BankID Substantial test helper.

During the signup, you will be prompted for an Norwegian National Identity Number (NNIN), use the NNIN of a test user as described in the section "Test users".

Note: Signing up will create and store a FIDO key in your browser and link this FIDO key to a BankID identity. However, to create a FIDO key, an authenticator device must be available in the browser from which you are signing up. This authenticator transport must be internal and it must support user verification. Authenticators found in iOS and Android devices will normally satisfy these requirements. However, when testing BIS from a non-Android a non-iOS device, such as a desktop, you may use a virtual authenticator.

Testing a regular authentication

After registering, you may now test authentications by clicking "Log in with Aletheia" in the BankID with biometrics test helper.

Note: Performing an authentication using BankID with biometrics requires that you use the same browser (or browser tab if using a virtual authenticator) as you did when signing up. If you attempt to perform an authentication on a browser that does not have a registered FIDO key, this will trigger a step-up to BankID High.

Testing the CIBA flow

If you want to test the CIBA (client initiated backchannel authentication) flow we assume that you have created a test user as described in Register a test user. Testing the CIBA flow also requires you to download the BankID app (preprod) and activate the app with your test person's identification number (Norwegian national identification number). See Get access to the BankID preprod app for details.

Service level

As the BankID Substantial backend scales to zero for cost reasons, it might time out during cold starts. Retrying a few times should help. The system is not set up for external load or performance testing.