I am building a solution where I have a client application (Flutter application), and I want to implement Swedish BankID authentication, login, etc.
I have an ASP.NET Core Web API as backend that is implementing the nuget package(s) from ActiveLogin.
The flow is currently aligned with the one suggested by BankID and I am communicating through my API using the above mentioned nuget package(s).
Flow: auth using ip -> open the mobile app with auto start token -> use test BankID with a test user -> during this I am running a request to the API to “Collect” every 2 seconds as suggested by BankID -> Get the user information from the Collect request when password is entered and I return to my flutter app using a return URL.
This is where I am stuck. I imagined running another call to my API similar to a “login” call where the backend utilises the ActiveLogin framework to handle the authentication and allow my user to be “logged in” in the flutter app. I must have either missed something in the setup of said nuget package or something different.
Anyone got suggestions as to what I can do, is my flow wrong, etc?
I also imagined having a cookie or token that I would return to my flutter app to use in the future to call endpoints in the API which as behind a [Authorize] decoration.
Thank you!