Merge pull request #475 from ActiveLogin/feature/459-personalidentitynumber-requirement

rfolkes · web-flow · commit 967a017e2a2b · 2024-12-04T22:58:20.000+01:00
Set requirements on how the authentication or signing order must be performed dynamically
diff --git a/docs/articles/bankid.md b/docs/articles/bankid.md
@@ -39,6 +39,7 @@ The most common scenbario is to use Active Login for BankID auth/login, so most
   + [Event listeners](#event-listeners)
   + [Store data on auth completion](#store-data-on-auth-completion)
   + [Resolve the end user ip](#resolve-the-end-user-ip)
+  + [Resolve requirements on Auth request](#resolve-requirements-on-auth-request)
   + [Resolve user data on Auth request](#resolve-user-data-on-auth-request)
   + [Custom QR code generation](#custom-qr-code-generation)
   + [Custom browser detection and launch info](#custom-browser-detection-and-launch-info)
@@ -359,6 +360,10 @@ public class SignController : Controller
                 {"returnUrl", "~/"},
                 {"scheme", provider}
             }
+
+            RequirePinCode = true,
+            RequireMrtd = true
+            RequiredPersonalIdentityNumber = new PersonalIdentityNumber(1999, 8, 7, 239, 1)
         };
         var returnPath = $"{Url.Action(nameof(Callback))}?provider={provider}";
         return this.BankIdInitiateSign(props, returnPath, provider);
@@ -446,7 +451,7 @@ services
 
 ### Customizing BankID options
 
-BankId options allows you to set and override some options such as these.
+BankId options allows you to set and override some options such as the below requirements on how the authentication or signature order must be performed.
 
 ```csharp
 .AddOtherDevice(options =>
@@ -478,6 +483,7 @@ If you want to apply some options for all BankID schemes, you can do so by using
 });
 ```
 
+Requirements can also be set dynamically for each authentication, see section [Resolve requirements on Auth request](#resolve-requirements-on-auth-request). To use dynamic requirements with signatures provide the requirements as part the `BankIdSignProperties`, see section [Sign](#sign).
 
 ---
 
@@ -970,6 +976,29 @@ Either register a class implementing `IBankIdEndUserIpResolver`:
 services.AddTransient<IBankIdEndUserIpResolver, EndUserIpResolver>();
 ```
 
+### Resolve requirements on Auth request
+
+If you want to set the requirements on how the authentication order must be performed dynamically for each order instead of statically during startup in `Program.cs`, it can be done by overriding the default implementation of the `IBankIdAuthRequestRequirementsResolver`.
+
+```csharp
+public class BankIdAuthRequestDynamicRequirementsResolver : IBankIdAuthRequestRequirementsResolver
+{
+    public Task<BankIdAuthRequirements> GetRequirementsAsync()
+    {
+        return Task.FromResult(new BankIdAuthRequirements()
+        {
+            RequireMrtd = true,
+            RequirePinCode = true,
+            RequiredPersonalIdentityNumber = new PersonalIdentityNumber(1999, 8, 7, 239, 1)
+        });
+    }
+}
+```
+
+```csharp
+services.AddTransient<IBankIdAuthRequestRequirementsResolver, BankIdAuthRequestDynamicRequirementsResolver>();
+```
+
 ### Resolve user data on Auth request
 
 BankID allows you to display a text during authentication to describe the intent. Active Login allows you to set these parameters when authenticating:
diff --git a/global.json b/global.json
@@ -1,6 +1,6 @@
 {
     "sdk": {
-        "version": "8.0.403",
+        "version": "8.0.404",
         "rollForward": "latestFeature"
     }
 }
diff --git a/src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiSignApiController.cs b/src/ActiveLogin.Authentication.BankId.AspNetCore/Areas/ActiveLogin/Controllers/BankIdUiSignApiController.cs
@@ -67,7 +67,10 @@ public async Task<ActionResult<BankIdUiApiInitializeResponse>> Initialize(BankId
                 {
                     Items = state.BankIdSignProperties.Items,
                     UserNonVisibleData = state.BankIdSignProperties.UserNonVisibleData,
-                    UserVisibleDataFormat = state.BankIdSignProperties.UserVisibleDataFormat
+                    UserVisibleDataFormat = state.BankIdSignProperties.UserVisibleDataFormat,
+                    RequiredPersonalIdentityNumber = state.BankIdSignProperties.RequiredPersonalIdentityNumber,
+                    RequireMrtd = state.BankIdSignProperties.RequireMrtd,
+                    RequirePinCode = state.BankIdSignProperties.RequirePinCode,
                 },
                 returnRedirectUrl);
         }
diff --git a/src/ActiveLogin.Authentication.BankId.AspNetCore/Auth/AuthenticationBuilderBankIdExtensions.cs b/src/ActiveLogin.Authentication.BankId.AspNetCore/Auth/AuthenticationBuilderBankIdExtensions.cs
@@ -2,6 +2,7 @@
 using ActiveLogin.Authentication.BankId.AspNetCore.ClaimsTransformation;
 using ActiveLogin.Authentication.BankId.AspNetCore.DataProtection;
 using ActiveLogin.Authentication.BankId.Core;
+using ActiveLogin.Authentication.BankId.Core.Requirements;
 using ActiveLogin.Authentication.BankId.Core.UserData;
 
 using Microsoft.AspNetCore.Authentication;
@@ -77,5 +78,6 @@ private static void AddBankIdAuthDefaultServices(IBankIdAuthBuilder builder)
         builder.AddClaimsTransformer<BankIdDefaultClaimsTransformer>();
 
         builder.UseAuthRequestUserDataResolver<BankIdAuthRequestEmptyUserDataResolver>();
+        builder.UseAuthRequestRequirementsResolver<BankIdAuthRequestEmptyRequirementsResolver>();
     }
 }
diff --git a/src/ActiveLogin.Authentication.BankId.AspNetCore/Auth/IBankIdAuthBuilderExtensions.cs b/src/ActiveLogin.Authentication.BankId.AspNetCore/Auth/IBankIdAuthBuilderExtensions.cs
@@ -1,4 +1,5 @@
 using ActiveLogin.Authentication.BankId.AspNetCore.ClaimsTransformation;
+using ActiveLogin.Authentication.BankId.Core.Requirements;
 using ActiveLogin.Authentication.BankId.Core.UserData;
 
 using Microsoft.Extensions.DependencyInjection;
@@ -61,6 +62,19 @@ public static IBankIdAuthBuilder UseAuthRequestUserDataResolver<TBankIdAuthReque
         return builder;
     }
 
+    /// <summary>
+    /// Use a custom requirements resolver.
+    /// </summary>
+    /// <typeparam name="TBankIdAuthRequestRequirementsResolverImplementation"></typeparam>
+    /// <param name="builder"></param>
+    /// <returns></returns>
+    public static IBankIdAuthBuilder UseAuthRequestRequirementsResolver<TBankIdAuthRequestRequirementsResolverImplementation>(this IBankIdAuthBuilder builder) where TBankIdAuthRequestRequirementsResolverImplementation : class, IBankIdAuthRequestRequirementsResolver
+    {
+        builder.Services.AddTransient<IBankIdAuthRequestRequirementsResolver, TBankIdAuthRequestRequirementsResolverImplementation>();
+
+        return builder;
+    }
+
 
     /// <summary>
     /// Configures options that will apply to all BankID schemes.
diff --git a/src/ActiveLogin.Authentication.BankId.AspNetCore/DataProtection/Serialization/BankIdUiStateSerializer.cs b/src/ActiveLogin.Authentication.BankId.AspNetCore/DataProtection/Serialization/BankIdUiStateSerializer.cs
@@ -1,6 +1,7 @@
 using ActiveLogin.Authentication.BankId.AspNetCore.Auth;
 using ActiveLogin.Authentication.BankId.AspNetCore.Models;
 using ActiveLogin.Authentication.BankId.AspNetCore.Sign;
+using ActiveLogin.Identity.Swedish;
 
 using Microsoft.AspNetCore.Authentication;
 
@@ -31,6 +32,15 @@ protected override void Write(BinaryWriter writer, BankIdUiState model)
             writer.Write(signState.BankIdSignProperties.UserNonVisibleData?.Length ?? -1);
             writer.Write(signState.BankIdSignProperties.UserNonVisibleData ?? Array.Empty<byte>());
 
+            writer.Write(signState.BankIdSignProperties.RequiredPersonalIdentityNumber == null);
+            writer.Write(signState.BankIdSignProperties.RequiredPersonalIdentityNumber?.To12DigitString() ?? string.Empty);
+
+            writer.Write(signState.BankIdSignProperties.RequireMrtd == null);
+            writer.Write(signState.BankIdSignProperties.RequireMrtd.GetValueOrDefault());
+
+            writer.Write(signState.BankIdSignProperties.RequirePinCode == null);
+            writer.Write(signState.BankIdSignProperties.RequirePinCode.GetValueOrDefault());
+
             writer.Write(signState.BankIdSignProperties.Items.Count);
             foreach (var item in signState.BankIdSignProperties.Items)
             {
@@ -75,6 +85,20 @@ protected override BankIdUiState Read(BinaryReader reader)
             {
                 userNonVisibleData = null;
             }
+
+            var requiredPersonalIdentityNumberIsNull = reader.ReadBoolean();
+            var requiredPersonalIdentityNumber = reader.ReadString();
+            if (requiredPersonalIdentityNumberIsNull)
+            {
+                requiredPersonalIdentityNumber = null;
+            }
+
+            var requireMrtdIsNull = reader.ReadBoolean();
+            var requireMrtd = reader.ReadBoolean();
+
+            var requirePinCodeIsNull = reader.ReadBoolean();
+            var requirePinCode = reader.ReadBoolean();
+
             var count = reader.ReadInt32();
             var items = new Dictionary<string, string?>(count);
 
@@ -89,7 +113,9 @@ protected override BankIdUiState Read(BinaryReader reader)
             {
                 UserVisibleDataFormat = userVisibleDataFormat,
                 UserNonVisibleData = userNonVisibleData,
-
+                RequiredPersonalIdentityNumber = requiredPersonalIdentityNumber != null ? PersonalIdentityNumber.Parse(requiredPersonalIdentityNumber) : null,
+                RequireMrtd = requireMrtdIsNull ? null : requireMrtd,
+                RequirePinCode = requirePinCodeIsNull ? null : requirePinCode,
                 Items = items
             };
             return new BankIdUiSignState(configKey, bankIdSignProperties);
diff --git a/src/ActiveLogin.Authentication.BankId.AspNetCore/Sign/BankIdSignProperties.cs b/src/ActiveLogin.Authentication.BankId.AspNetCore/Sign/BankIdSignProperties.cs
@@ -1,3 +1,5 @@
+using ActiveLogin.Identity.Swedish;
+
 namespace ActiveLogin.Authentication.BankId.AspNetCore.Sign;
 
 public class BankIdSignProperties
@@ -33,6 +35,7 @@ public BankIdSignProperties(string userVisibleData)
     /// there is something wrong about the identification and avoid attempted frauds.
     /// </summary>
     public string UserVisibleData { get; set; }
+
     /// <summary>
     /// If present, and set to "simpleMarkdownV1", this parameter indicates that userVisibleData holds formatting characters which, if used correctly, will make the text displayed with the user nicer to look at.
     /// For further information of formatting options, please study the document Guidelines for Formatted Text.
@@ -44,6 +47,24 @@ public BankIdSignProperties(string userVisibleData)
     /// </summary>
     public byte[]? UserNonVisibleData { get; set; }
 
+    /// <summary>
+    /// The personal identity number allowed to confirm the sign request.
+    /// If a BankID with another personal identity number attempts to confirm the sign request, it will fail.
+    /// If left empty any personal identity number will be allowed.
+    /// </summary>
+    public PersonalIdentityNumber? RequiredPersonalIdentityNumber { get; set; }
+
+    /// <summary>
+    /// Whether the user needs to confirm their identity with a valid Swedish passport or national ID card to complete the order.
+    /// No identity confirmation is required by default.
+    /// </summary>
+    public bool? RequireMrtd { get; set; }
+
+    /// <summary>
+    /// Users are required to confirm the order with their security code even if they have biometrics activated.
+    /// </summary>
+    public bool? RequirePinCode { get; set; }
+
     /// <summary>
     /// A collection of items where you can store state that will be provided once the sign flow is done.
     /// </summary>
diff --git a/src/ActiveLogin.Authentication.BankId.Core/Flow/BankIdFlowService.cs b/src/ActiveLogin.Authentication.BankId.Core/Flow/BankIdFlowService.cs
@@ -7,6 +7,7 @@
 using ActiveLogin.Authentication.BankId.Core.Launcher;
 using ActiveLogin.Authentication.BankId.Core.Models;
 using ActiveLogin.Authentication.BankId.Core.Qr;
+using ActiveLogin.Authentication.BankId.Core.Requirements;
 using ActiveLogin.Authentication.BankId.Core.SupportedDevice;
 using ActiveLogin.Authentication.BankId.Core.UserContext;
 using ActiveLogin.Authentication.BankId.Core.UserData;
@@ -26,6 +27,7 @@ public class BankIdFlowService : IBankIdFlowService
     private readonly IBankIdSupportedDeviceDetector _bankIdSupportedDeviceDetector;
     private readonly IBankIdEndUserIpResolver _bankIdEndUserIpResolver;
     private readonly IBankIdAuthRequestUserDataResolver _bankIdAuthUserDataResolver;
+    private readonly IBankIdAuthRequestRequirementsResolver _bankIdAuthRequestRequirementsResolver;
     private readonly IBankIdQrCodeGenerator _bankIdQrCodeGenerator;
     private readonly IBankIdLauncher _bankIdLauncher;
     private readonly IBankIdCertificatePolicyResolver _bankIdCertificatePolicyResolver;
@@ -39,6 +41,7 @@ public BankIdFlowService(
         IBankIdSupportedDeviceDetector bankIdSupportedDeviceDetector,
         IBankIdEndUserIpResolver bankIdEndUserIpResolver,
         IBankIdAuthRequestUserDataResolver bankIdAuthUserDataResolver,
+        IBankIdAuthRequestRequirementsResolver bankIdAuthRequestRequirementsResolver,
         IBankIdQrCodeGenerator bankIdQrCodeGenerator,
         IBankIdLauncher bankIdLauncher,
         IBankIdCertificatePolicyResolver bankIdCertificatePolicyResolver
@@ -52,6 +55,7 @@ IBankIdCertificatePolicyResolver bankIdCertificatePolicyResolver
         _bankIdSupportedDeviceDetector = bankIdSupportedDeviceDetector;
         _bankIdEndUserIpResolver = bankIdEndUserIpResolver;
         _bankIdAuthUserDataResolver = bankIdAuthUserDataResolver;
+        _bankIdAuthRequestRequirementsResolver = bankIdAuthRequestRequirementsResolver;
         _bankIdQrCodeGenerator = bankIdQrCodeGenerator;
         _bankIdLauncher = bankIdLauncher;
         _bankIdCertificatePolicyResolver = bankIdCertificatePolicyResolver;
@@ -102,14 +106,18 @@ private async Task<AuthRequest> GetAuthRequest(BankIdFlowOptions flowOptions)
         var resolvedCertificatePolicies = GetResolvedCertificatePolicies(flowOptions);
         var resolvedRiskLevel = flowOptions.AllowedRiskLevel == Risk.BankIdAllowedRiskLevel.NoRiskLevel ? null : flowOptions.AllowedRiskLevel.ToString().ToLower();
 
-        var authRequestRequirement = new Requirement(resolvedCertificatePolicies, resolvedRiskLevel, flowOptions.RequirePinCode, flowOptions.RequireMrtd);
+        var resolvedRequirements = await _bankIdAuthRequestRequirementsResolver.GetRequirementsAsync();
+        var requiredPersonalIdentityNumber = resolvedRequirements.RequiredPersonalIdentityNumber ?? flowOptions.RequiredPersonalIdentityNumber;
+        var requireMrtd = resolvedRequirements.RequireMrtd ?? flowOptions.RequireMrtd;
+        var requirePinCode = resolvedRequirements.RequirePinCode ?? flowOptions.RequirePinCode;
+        var requestRequirement = new Requirement(resolvedCertificatePolicies, resolvedRiskLevel, requirePinCode, requireMrtd, requiredPersonalIdentityNumber?.To12DigitString());
 
-        var authRequestContext = new BankIdAuthRequestContext(endUserIp, authRequestRequirement);
+        var authRequestContext = new BankIdAuthRequestContext(endUserIp, requestRequirement);
         var userData = await _bankIdAuthUserDataResolver.GetUserDataAsync(authRequestContext);
 
         return new AuthRequest(
             endUserIp,
-            authRequestRequirement,
+            requestRequirement,
             userData.UserVisibleData,
             userData.UserNonVisibleData,
             userData.UserVisibleDataFormat
@@ -161,7 +169,10 @@ private SignRequest GetSignRequest(BankIdFlowOptions flowOptions, BankIdSignData
         var resolvedCertificatePolicies = GetResolvedCertificatePolicies(flowOptions);
         var resolvedRiskLevel = flowOptions.AllowedRiskLevel == Risk.BankIdAllowedRiskLevel.NoRiskLevel ? null : flowOptions.AllowedRiskLevel.ToString().ToLower();
 
-        var requestRequirement = new Requirement(resolvedCertificatePolicies, resolvedRiskLevel, flowOptions.RequirePinCode, flowOptions.RequireMrtd, flowOptions.RequiredPersonalIdentityNumber?.To12DigitString());
+        var requiredPersonalIdentityNumber = bankIdSignData.RequiredPersonalIdentityNumber ?? flowOptions.RequiredPersonalIdentityNumber;
+        var requireMrtd = bankIdSignData.RequireMrtd ?? flowOptions.RequireMrtd;
+        var requirePinCode = bankIdSignData.RequirePinCode ?? flowOptions.RequirePinCode;
+        var requestRequirement = new Requirement(resolvedCertificatePolicies, resolvedRiskLevel, requirePinCode, requireMrtd, requiredPersonalIdentityNumber?.To12DigitString());
 
         return new SignRequest(
             endUserIp,
diff --git a/src/ActiveLogin.Authentication.BankId.Core/Models/BankIdSignData.cs b/src/ActiveLogin.Authentication.BankId.Core/Models/BankIdSignData.cs
@@ -1,3 +1,5 @@
+using ActiveLogin.Identity.Swedish;
+
 namespace ActiveLogin.Authentication.BankId.Core.Models;
 
 public class BankIdSignData
@@ -12,5 +14,9 @@ public BankIdSignData(string userVisibleData)
 
     public byte[]? UserNonVisibleData { get; set; }
 
+    public PersonalIdentityNumber? RequiredPersonalIdentityNumber { get; set; }
+    public bool? RequireMrtd { get; set; }
+    public bool? RequirePinCode { get; set; }
+
     public IDictionary<string, string?> Items { get; set; } = new Dictionary<string, string?>();
 }
diff --git a/src/ActiveLogin.Authentication.BankId.Core/Requirements/BankIdAuthRequestEmptyRequirementsResolver.cs b/src/ActiveLogin.Authentication.BankId.Core/Requirements/BankIdAuthRequestEmptyRequirementsResolver.cs
@@ -0,0 +1,11 @@
+﻿namespace ActiveLogin.Authentication.BankId.Core.Requirements;
+
+public class BankIdAuthRequestEmptyRequirementsResolver : IBankIdAuthRequestRequirementsResolver
+{
+    public static readonly BankIdAuthRequirements EmptyAuthRequirements = new();
+
+    public Task<BankIdAuthRequirements> GetRequirementsAsync()
+    {
+        return Task.FromResult(EmptyAuthRequirements);
+    }
+}
diff --git a/src/ActiveLogin.Authentication.BankId.Core/Requirements/BankIdAuthRequirements.cs b/src/ActiveLogin.Authentication.BankId.Core/Requirements/BankIdAuthRequirements.cs
@@ -0,0 +1,24 @@
+using ActiveLogin.Identity.Swedish;
+
+namespace ActiveLogin.Authentication.BankId.Core.Requirements;
+
+public class BankIdAuthRequirements
+{
+    /// <summary>
+    /// The personal identity number allowed to confirm the identification.
+    /// If a BankID with another personal identity number attempts to confirm the identification, it will fail.
+    /// If left empty any personal identity number will be allowed.
+    /// </summary>
+    public PersonalIdentityNumber? RequiredPersonalIdentityNumber { get; set; }
+
+    /// <summary>
+    /// Whether the user needs to confirm their identity with a valid Swedish passport or national ID card to complete the order.
+    /// No identity confirmation is required by default.
+    /// </summary>
+    public bool? RequireMrtd { get; set; }
+
+    /// <summary>
+    /// Users are required to confirm the order with their security code even if they have biometrics activated.
+    /// </summary>
+    public bool? RequirePinCode { get; set; }
+}
diff --git a/src/ActiveLogin.Authentication.BankId.Core/Requirements/IBankIdAuthRequestRequirementsResolver.cs b/src/ActiveLogin.Authentication.BankId.Core/Requirements/IBankIdAuthRequestRequirementsResolver.cs
@@ -0,0 +1,13 @@
+namespace ActiveLogin.Authentication.BankId.Core.Requirements;
+
+/// <summary>
+/// Resolve auth request requirements.
+/// </summary>
+public interface IBankIdAuthRequestRequirementsResolver
+{
+    /// <summary>
+    /// Returns the requirements for the current request.
+    /// </summary>
+    /// <returns></returns>
+    Task<BankIdAuthRequirements> GetRequirementsAsync();
+}
diff --git a/src/ActiveLogin.Authentication.BankId.Core/ServiceCollectionBankIdExtensions.cs b/src/ActiveLogin.Authentication.BankId.Core/ServiceCollectionBankIdExtensions.cs
@@ -5,6 +5,7 @@
 using ActiveLogin.Authentication.BankId.Core.Events.Infrastructure;
 using ActiveLogin.Authentication.BankId.Core.Flow;
 using ActiveLogin.Authentication.BankId.Core.Qr;
+using ActiveLogin.Authentication.BankId.Core.Requirements;
 using ActiveLogin.Authentication.BankId.Core.ResultStore;
 using ActiveLogin.Authentication.BankId.Core.SupportedDevice;
 using ActiveLogin.Authentication.BankId.Core.UserData;
@@ -68,6 +69,7 @@ private static void AddBankIdDefaultServices(IBankIdBuilder builder)
 
         services.AddTransient<IBankIdUserMessageLocalizer, BankIdUserMessageLocalizer>();
         services.AddTransient<IBankIdAuthRequestUserDataResolver, BankIdAuthRequestEmptyUserDataResolver>();
+        services.AddTransient<IBankIdAuthRequestRequirementsResolver, BankIdAuthRequestEmptyRequirementsResolver>();
 
         builder.AddEventListener<BankIdLoggerEventListener>();
         builder.AddEventListener<BankIdResultStoreEventListener>();
diff --git a/src/ActiveLogin.Authentication.BankId.Core/UserData/BankIdAuthUserData.cs b/src/ActiveLogin.Authentication.BankId.Core/UserData/BankIdAuthUserData.cs
@@ -1,3 +1,5 @@
+using ActiveLogin.Identity.Swedish;
+
 namespace ActiveLogin.Authentication.BankId.Core.UserData;
 
 public class BankIdAuthUserData
diff --git a/test/ActiveLogin.Authentication.BankId.Api.Test/BankIdAppApiClient_Tests.cs b/test/ActiveLogin.Authentication.BankId.Api.Test/BankIdAppApiClient_Tests.cs

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"sdk": {`
`3`		`- "version": "8.0.403",`
	`3`	`+ "version": "8.0.404",`
`4`	`4`	`"rollForward": "latestFeature"`
`5`	`5`	`}`
`6`	`6`	`}`
Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,10 @@ public async Task<ActionResult<BankIdUiApiInitializeResponse>> Initialize(BankId`
`67`	`67`	`{`
`68`	`68`	`Items = state.BankIdSignProperties.Items,`
`69`	`69`	`UserNonVisibleData = state.BankIdSignProperties.UserNonVisibleData,`
`70`		`- UserVisibleDataFormat = state.BankIdSignProperties.UserVisibleDataFormat`
	`70`	`+ UserVisibleDataFormat = state.BankIdSignProperties.UserVisibleDataFormat,`
	`71`	`+ RequiredPersonalIdentityNumber = state.BankIdSignProperties.RequiredPersonalIdentityNumber,`
	`72`	`+ RequireMrtd = state.BankIdSignProperties.RequireMrtd,`
	`73`	`+ RequirePinCode = state.BankIdSignProperties.RequirePinCode,`
`71`	`74`	`},`
`72`	`75`	`returnRedirectUrl);`
`73`	`76`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`	`using ActiveLogin.Authentication.BankId.AspNetCore.ClaimsTransformation;`
`3`	`3`	`using ActiveLogin.Authentication.BankId.AspNetCore.DataProtection;`
`4`	`4`	`using ActiveLogin.Authentication.BankId.Core;`
	`5`	`+using ActiveLogin.Authentication.BankId.Core.Requirements;`
`5`	`6`	`using ActiveLogin.Authentication.BankId.Core.UserData;`
`6`	`7`
`7`	`8`	`using Microsoft.AspNetCore.Authentication;`
`@@ -77,5 +78,6 @@ private static void AddBankIdAuthDefaultServices(IBankIdAuthBuilder builder)`
`77`	`78`	`builder.AddClaimsTransformer<BankIdDefaultClaimsTransformer>();`
`78`	`79`
`79`	`80`	`builder.UseAuthRequestUserDataResolver<BankIdAuthRequestEmptyUserDataResolver>();`
	`81`	`+ builder.UseAuthRequestRequirementsResolver<BankIdAuthRequestEmptyRequirementsResolver>();`
`80`	`82`	`}`
`81`	`83`	`}`