Allow extra verification (based on bsn) for co-sign requests. Allowing only 1 specific person to sign.

[LaurensBurger]

Thema / Theme

Form Builder

Omschrijving / Description

As a form builder i want to be able to add an extra "layer" of security to the co-sign field. This will allow me to build forms where the initial user would supply a mailadres and a identifier (BSN) of the the co-signer. The co-signer would then receive the e-mail, open the form and via DigiD provide this identifier. This feature would rule out that a person with "just" the email could sign this form.

This feature should be optional and perhaps only apply to DigiD

Added value / Toegevoegde waarde

No response

Aanvullende opmerkingen / Additional context

No response

[SilviaAmAm]

To do:

Form builder:

• Change the cosign component to be a fieldset (like address NL component)
• Make the data nested: {bsn: '....', email: '....'}
• Remove email specific configs from the edit form
• Update stories

Types

• Update the cosign V2 types and tests

SDK

• Render new component properly. Note: required flag

Backend

• Migrate existing forms to have the new cosign component
• Update the methods to retrieve the email of the cosigner: for submissions that may be in progress, we need to check the data also in the old way.
• When the cosigner retrieves the submission, we should check if the component requires that the bsn gets checked.

[joeribekker]

Refinement: Joeri has douts on whether adding the BSN field is user friendly enough. Could also add someone birthdate or first name, or something?

[joeribekker]

Refinement:

1. Den Haag will come up with a proper sequence.
2. Meanwhile, Druten Wijchen noticed that co-signing has a much higher drop-out rate (users) then with their old form product, although they also say that it works fine technically. So its probably just a matter of flow and/or text issues.