From 9ca5fe87909945ecc961a3e8a4d332d7f1433a33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20=C3=96rneholm?= Date: Tue, 12 Nov 2019 20:18:45 +0100 Subject: [PATCH] Add info on Cookies --- README.md | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9b471354..5c0d5979 100644 --- a/README.md +++ b/README.md @@ -183,6 +183,10 @@ Yes! They are available here. Please note that IdentityServer.ClientSample uses * IdentityServer.ClientSample: [https://al-samples-mvcclient.azurewebsites.net](https://al-samples-mvcclient.azurewebsites.net) * IdentityServer.ServerSample: [https://al-samples-identityserver.azurewebsites.net](https://al-samples-identityserver.azurewebsites.net) +### Can I use Active Login to get support for BankID or GrandID in Azure AD (Active Directory) B2C? + +Yes you can! Azure AD B2C supports using cusotm identity providers that supports [Open ID Connect](https://docs.microsoft.com/sv-se/azure/active-directory-b2c/active-directory-b2c-reference-oidc). If you deploy Active Login as part of Identity Server (see our samples) you can configure your Azure AD B2C to federate to that instance and by doing so get BankID and/or GrandID support. + ### Can I prepopulate the personal identity number for the user? Yes you can! If you provide an authentication property item named `swedishPersonalIdentityNumber` (available as constants `BankIdAuthenticationConstants.AuthenticationPropertyItemSwedishPersonalIdentityNumber` or `GrandIdAuthenticationConstants.AuthenticationPropertyItemSwedishPersonalIdentityNumber`) that value will be used and sent to BankID/GrandID. @@ -233,15 +237,28 @@ public class GrandIdApiClient : IGrandIdApiClient } ``` +### Do Active Login Issue any cookies? + +Yes, the `*.AspNetCore` packages will issue cookies to make the auth flow work. + +The cookies are called: + +- BankId: `__ActiveLogin.BankIdState` +- GrandId: `__ActiveLogin.GrandIdState` + +The cookies are there to store state during the auth process, as the user will/might be redirected during the flow. The cookies are session based only and will be deleted once the auth process is finished and/or when the user closes the browser. + +Because they are strictly related to temp storage during auth, you should not have to inform the user about these specific cookies (according to the [EU "cookie law"](https://www.cookielaw.org/the-cookie-law/)). + +With the current implementaiton (following the convention from Microsoft ASP.NET Core) the usage of cookies is not optional. + +A more technical deep dive of the cookies can be found in [this issue](https://github.com/ActiveLogin/ActiveLogin.Authentication/issues/156). + ### Why are the names sometimes capitalized? It seems that the name for some persons are returned in all capitalized letters (like `ALICE SMITH`), the data is probably stored that way at BankID. We have choosen not to normalize the capitalization of the names as it´s hard or impossible to do so in a general way. -### Can I use Active Login to get support for BankID or GrandID in Azure AD (Active Directory) B2C? - -Yes you can! Azure AD B2C supports using cusotm identity providers that supports [Open ID Connect](https://docs.microsoft.com/sv-se/azure/active-directory-b2c/active-directory-b2c-reference-oidc). If you deploy Active Login as part of Identity Server (see our samples) you can configure your Azure AD B2C to federate to that instance and by doing so get BankID and/or GrandID support. - ## Active Login _Integrating your systems with market leading authentication services._