Integrating the Web-client on mobile platforms
Termination
The BankID Web-client can be run in native WebViews on iOS, Android and Windows Phone. There are, however, some considerations merchants should take into account when integrating their merchant applications with native applications. This chapter discusses these considerations.
When the BankID transaction has completed, the result of the transaction should be passed back to the native application so that the native application can take appropriate action. (For instance, if the BankID authentication was successful, the user could be permitted to access privileged information inside the native application.)
There may be several ways to accomplish this depending on the platform, but some form of bridge between the WebView and the native applications must be provided by the merchant.
iOS
On iOS, the merchant should consider telling the browser to access a custom URL containing the results of the BankID transaction, in a way that can be caught in the the UIWebViewDelegate
method webview.shouldStartLoadWithRequest:navigationType:, and handled accordingly.
Android
Information on how to bind JavaScript code to Android code can be found on the Android developer site.
Windows Phone
On Windows, a hosted HTML page can fire the ScriptNotify
event in your native application when the page calls window.external.notify
and passes a string parameter (with the result of the BankID transaction as the payload).
Displaying documents (PDF) and downloading document packages (ZIP)
The BankID Web-client in its 2.1 version supports both display of PDF documents within the control of the client and also a download option to open the document in a separate PDF viewer application. Additionally, a ZIP archive of all the documents may be downloaded if showConfirmation=true
.
The 2.0 version only displays a download option. The WebView must handle such a download request, by making sure that the PDF document doesn't replace the WebView's client.
Figure 3 – In the 2.0 version, the user can interact with the document name link to download the document.
Figure 4 – In the 2.1 version, the user may interact with the download PDF link to download the document.
In the 2.1 version it is possible to download documents after all documents have been signed. This requires that the showConfirmation
parameter is set to true
. In multi-document scenarios there is a link to download all documents as an ZIP archive.
Figure 5 – In the 2.1 version signed documents can be downloaded from the down-arrow buttons and the user may interact with the "Download all documents (ZIP)"-link to download document package as an ZIP archive.
iOS
In addition to HTML content, UIWebView
can display specific document types, such as PDF files. By default, tapping the link to the PDF provided by the BankID Web-client will replace the BankID Web-client with the contents of the PDF file, and the BankID session will be lost.
The merchant could, for instance, consider using the UIWebViewDelegate
method webview.shouldStartLoadWithRequest:navigationType:
to take control over the URL about to be loaded, and present the PDF in a modal window. When the user dismisses the modal window control is returned to the BankID Web-client in the webview, and the user can proceed with the signing of the document. Similarly, the downloading of a ZIP archive needs to be handled in the case of the 2.1 version.
Android
Not all Android devices have PDF display capabilities or ZIP archive support. This is especially true for older Android versions. There are, however, lots of applications available that provide this functionality.
The most commonly used method to display PDF files from a link in an Android Webview is to utilize the webviewClient.shouldOverrideUrlLoading
method. It would give the host application the ability to take over control when the URL is about to be loaded, and create a request to view the PDF file using an Intent
.
Implementing a DownloadListener
can also be done for handling the case of saving a ZIP archive.
Windows Phone
For Windows Phone there is no native event that will occur when a user clicks on a link. So on this platform a JavaScript that can intercept the link tap must be injected from the native application to the WebBrowserControl. This script can then notify the native application that the link has been tapped using ScriptNotify
, passing the URL to the PDF file back to the native application. The application can then use the Launcher.LaunchUriAsync(Uri)
method to open the PDF file in the default application associated with the URL.
In order to return to the BankID Web-client after viewing the PDF, the application must save the state before launching the PDF viewer, and then restore the state when returning. Preventing the web browser control from reloading when restoring the state may also be neccessary to avoid dropping the BankID client's session.
Merchant application implementation
As discussed in 5.1 and in 5.2, integration with the different mobile platforms to ensure correct termination and display of PDF documents or downloading of ZIP archives may have to differ on each of the platforms.
For this reason, the merchant may wish to consider whether so serve the same merchant implementation to all platforms, or to serve specific implementations for each platform.
Limitations and known issues
Running BankID Web-client in third-party browsers on iOS
Although iOS won't let users replace Safari as the default browser with another app, there are a number of browsers available in the App Store that offer features that make these browsers preferable to some iOS users. These apps include browsers such as Google Chrome, Dolphin Browser, iCab Mobile and more.
Common for all third party browser applications on iOS is that they are restricted to using Apple's browser window, UIWebView
, and the functionality that is built in to this class.
While some of the applications have implemented functionality to open links in a webview in a new tab, others have not. This means that users running the BankID Web-client in certain third-party iOS browsers will be unable to perform a PDF signing action. This is because the link to open the PDF file (see 5.2), although set to open in a new tab or window, replaces the page where the BankID Web-client is loaded, thus leaving the BankID session in limbo.
PDF signing is confirmed to work in Mobile Safari (native browser), Dolphin browser and iCab Mobile.
PDF signing is confirmed NOT to work in Google Chrome for iOS, and Opera Coast for iOS.
Using BankID Web-client for PDF signing in Android
On Android too, browser application developers have chosen different implementations when it comes to handling links to PDF files. The various implementations we have seen all allow the users to complete the PDF signing transaction, although the user experience differs greatly:
- Browser offers the PDF file as an
Intent
, thus allowing other applications capable of opening PDF files to handle the display of the PDF file. - Browser downloads the file to the local file system, and provides a notification in the Android notification center. The user must click on the link in the notification center to open the file, and then locate the browser containing the BankID session to continue the signing process.
- Browser opens the PDF file and displays it in a new tab inside the browser. The user must close the tab in order to return to the BankID session to continue the signing process.
There may be other implementations of PDF display in other Android browsers, the above list is not exhaustive.
Using BankID Web-client for PDF signing in Windows Phone
There are no known issues using the BankID Web-client for PDF signing in Windows Phone, as long as an external PDF reader such as Adobe Acrobat has been installed from the Windows Store.
Browser will download the PDF file and open it in the external PDF reader. User must hit the back button to return to the browser and resume the BankID transaction.
iOS interprets numbers in XML as phone number and makes it into a link
By default, Safari on iOS detects any string formatted like a phone number and makes it a link that calls the number. Specifying telephone=no disables this feature.
Merchants may put this meta tag into its XSL to prevent this feature from being activated.
Read more about the format-detection meta tag here: https://developer.apple.com/library/safari/documentation/AppleApplications/Reference/SafariHTMLRef/Articles/MetaTags.html#//apple_ref/doc/uid/TP40008193-SW5
Big SVG files or elements may cause failure on slow connections
The WebClient collects various data from the client application runtime environment for fraud detection purposes. There is a known issue when integrating the WebClient in an environment that includes huge SVG elements that may cause the WebClient to occasionally fail on slow connections.
Beware when integrating the WebClient that the size and complexity of the client application may impact user experience, especially on slow connections. The WebClient is equipped to be able to handle issues like this, but it may not cover all cases.