Skip to content

Testing

BankID with biometrics is available for testing in the CURRENT test environment.

If you are a new member of a team that is already testing BankID with biometrics, and just need your own personal test user and BankID test app, you only need to register a test user.

Enabling BankID with biometrics in your test client

  1. Get in touch with BankID OIDC to register test client and enable BankID Substantial for your test client in BankID OIDC. If BankID Substantial is not enabled, you will get a BankID High High authentication.
  2. When initiating a login, pass BIS as login hint, where you’d otherwise pass BIM for BankID Mobile or BID for net centric.
  3. Verify the returned id token:
    • The amr claim is set to BIS, indicating the usage of BankID Substantial
    • The acr claim includes LOA=3, which represents Level of Assurance 3, indicating the trust level of the authentication.

Register a test user

Test users can be registered at the registration authority (RA): https://ra-preprod.bankidnorge.no/#/generate

In the tab "Test number generator" you can generate a Norwegian national identity number (NNIN) for your test user. Select "End User" and "Male/Female" and press "Generate number".

Remember to copy the generated NNIN as you will need it later. It's not saved any other place.

  • In "Order new BankID", check for "Netcentric".
  • Enter your test user's name.
  • Enter your BankID Friendly Name (doesn't matter what this is).
  • Under "Ha Services", check for “BankID TestBank”.
  • Press “Order”.
  • In “Contact Info”, press edit.
  • Enter phone number and email (doesn't matter what this is, no SMS or email will be sent here).
  • Click “Save”

How to access to the BankID preprod app (only necessary for testing the CIBA flow)

There exists a version of the BankID App connected to the CURRENT test environment called the BankID preprod app. The app can be used for testing onboarding and authentications for BankID with biometrics. It provides understanding of the full user journey.

However, please note that if you are not specifically testing authentication with the CIBA method, it is not necessary to get access to the BankID preprod app for developing and testing authentication functionalities.

  1. Request access to the BankID preprod app in the support portal. If you do not have access to the portal, your BankID partner can raise a request on your behalf.

  2. After getting access, proceed to activate the BankID preprod app using the national identification number associated with your test user. Be aware that there can be a delay of up to one hour between creating the test user and being able to activate the app with said user.

    Passwords and notifications for your BankID test user

    The one-time password is otp and the password is qwer1234 for all BankIDs issued by ra-preprod. Be aware that it may take up to an hour for the test user to become active.

    During the activation process you'll receive notifications (SMS and email codes) on https://toba-preprod.bankidapis.no/test-events?nnin=INSERT_YOUR_TEST_NNIN_HERE. You will not get them on the phone number or email you registered in the RA.

  3. After activating the app, navigate to the "My BankID" tab in the app. From there, you will see a button allowing you to register for BankID with biometrics. Recall that the one-time password for test users is otp, and the password is qwer1234.

When this is all done you can start authentications in the BankID with biometrics test helper https://bidaletheiacurrent-tester.azurewebsites.net/ using the norwegian national identity number of your test user and approve it using the BankID preprod app.

BankID OIDC test helper

BankID OIDC test helper is available at https://util.bankidnorge.no/oidc-testclient/

By entering BIS as the login hint, you’ll get a BankID Substantial authentication.

There is also a permission_token field to provide pre-registered context information.

If you are unsure which assurance level you get, or if your client is still using BankID High, verify that the acr claim includes LOA=3. This represents Level of Assurance 3, indicating substantial trust level of the authentication.

BankID with biometrics' test helper

The BankID with biometrics test helper is available at https://bidaletheiacurrent-tester.azurewebsites.net/

Enabling a virtual authenticator in Google Chrome (not necessary for MacOs)

This step is not necessary if you are using MacOs as MacOs has a built-in virtual authenticator.

Setup a compatible virtual authenticator in Google Chrome by performing the following steps:

  1. Open the Chrome tab which requires the authenticator https://bidaletheiacurrent-tester.azurewebsites.net/
  2. Open DevTools
  3. Click More Options > More tools > WebAuthn to open the WebAuthn tab.
  4. Enable "Enable Virtual Authenticator Environment"
  5. New Authenticator:
    • Protocol: ctap2
    • Transport: internal
    • Supports Resident Keys: true
    • Supports User Verification: true

Note: When registering or authenticating using a virtual authenticator, you will not be prompted to approve access to the FIDO Key. Using an iOS or Android device will trigger this prompt.

How to register your user for BankID with Biometrics

Start the registration by clicking "Sign up with Aletheia" in the BankID Substantial test helper.

During the signup, you will be prompted for an Norwegian National Identity Number (NNIN), use the NNIN of a test user as described in the section "Test users".

Note: Signing up will create and store a FIDO key in your browser and link this FIDO key to a BankID identity. However, to create a FIDO key, an authenticator device must be available in the browser from which you are signing up. This authenticator transport must be internal and it must support user verification. Authenticators found in iOS and Android devices will normally satisfy these requirements. However, when testing BIS from a non-Android a non-iOS device, such as a desktop, you may use a virtual authenticator.

Testing an regular authentication

After registering, you may now test authentications by clicking "Log in with Aletheia" in the BankID with biometrics test helper.

Note: Performing an authentication using BankID with biometrics requires that you use the same browser (or browser tab if using a virtual authenticator) as you did when signing up. If you attempt to perform an authentication on a browser that does not have a registered FIDO key, this will trigger a step-up to BankID High.

Testing the CIBA flow

If you want to test the CIBA (client initiated backchannel authentication) flow we assume that you have created a test user as described in Register a test user. Testing the CIBA flow also requires you to download the BankID app (preprod) and activate the app with your test person's identification number (Norwegian national identification number). See Get access to the BankID preprod app for details.

Service level

As the BankID Substantial backend scales to zero for cost reasons, it might time out during cold starts. Retrying a few times should help. The system is not set up for external load or performance testing.