Criipto
  1. eIDs
  2. Norwegian Vipps

JWT/Token example

{
"identityscheme": "novippslogin",
Overall eID used to authenticate
"nameidentifier": "75dca5991ad74a0981c092d424b82fbc",
Legacy format of 'sub'
"sub": "{75dca599-1ad7-4a09-81c0-92d424b82fbc}",
Persistent pseudonym. Uniquely identifies an eID user (per Criipto Verify tenant)
"address": {
"street_address": "BOKS 6300, ETTERSTAD",
"postal_code": "0603",
"region": "OSLO",
"country": "NO",
"formatted": "BOKS 6300, ETTERSTAD\n0603\nOSLO\nNO"
},
An OpenID Connect standard address claim
"birthdate": "1955-09-82",
"emailaddress": "mikkel@criipto.com",
"mobilephone": "4748059940",
"socialno": "10098235846",
Social security number
"family_name": "Ggacbs",
An OpenID Connect standard claim
"given_name": "Mlihgw",
An OpenID Connect standard claim
"name": "Mlihgw Ggacbs",
"country": "NO"
}

Test users

In order to test Vipps Login you need to install the Vipps app in a special test version on your device. Follow the Vipps guide with instructions on how to set up test apps.

In order to test you also need a test phone number. Write to support@criipto.com and put something like "Vipps Login test number" in the subject line.

Available data / scopes

Username is always made available.

For applications configured to use a static scope strategy, address, email, phone and birthdate are always made available. You can also configure your tenant so it requests SSN as well.

For applications configured to use a dynamic scope strategy, the following scope tokens can be supplied: address, email, phone, birthdate and ssn (scope=openid phone email...).

Example (partial) authorize request with scopes

https://YOUR_SUBDOMAIN.criipto.id/oauth2/authorize?scope=openid phone ssn&...

Alternatively, you can send them in the login_hint

https://YOUR_SUBDOMAIN.criipto.id/oauth2/authorize?...&login_hint=scope:phone scope:ssn&...

which can be a useful if you are working with technology that does not let you control the scope value.

Ordering Norwegian Vipps Login

To start accepting real users to log in with the Norwegian Vipps app, you must first request a set of secret keys - so-called client credentials from Vipps AS.

Prerequisites for ordering

In order to apply for the Vipps Login client credentials for a company you must meet the basic requirements:

  • Your company must be registered in the central Norwegian business registry, Brønnøysundregistrene
  • The person that will sign the contract must be in possession of a Norwegian BankID
  • You must have completed step 5 in the Getting ready for production guide. You will need the production domain when registering with Vipps.

Ordering the client credentials

Before you can order the credentials from Vipps you will need to have created a production domain in Criipto Verify as describe in the Getting ready for production guide).

Once you have set up the production domain go to the Identity sources section and take note of the URL displayed. It must be supplied when ordering the client credentials.

NO Vipps setup

To order the actual credentials please go to the Vipps order page located at https://vippsbedrift.no/signup/logginnmedvipps and fill out the form as described.

Note that the bears some resemblance to the form used to order Vipps for payment so please consider the notes below when filling out the form:

  • The filed labelled "Navn på salgssted slik det vil vises for kunden i Vipps-appen" is to be filled out with the name that should appear in the Vipps app when a user logs in
  • In the section labelled "Organisasjonens kontaktinformasjon" please enter the name and details of the person that will receive the secret keys. This person will also be granted access to the Vipps administration portal

Next steps

After you have order the client credentials by filling out the online agreement it is proccessed by Vipps. And if you are approved, the designated contact person will receive the credentials.

Once you have received the client credentials, they must be entered into the Criipto Verify management UI, as indicated in the above image, to configure your NO Vipps Login integration.