Problem: Partner keys do not work with the Vipps Login API. Partners that use partner keys today have to change to the merchant's own API keys to use Vipps Login API, as that API uses standard OIDC authentication, and not the same authentication as other Vipps APIs.
Benefits:
Partners can retrieve API keys for all MSNs registered with that partner
The merchant's API keys are valid for all Vipps APIs, including Vipps Login API (OIDC)
Drawbacks:
If a merchant wants to prevent a partner from acting on behalf of it, it it not enough to unregister the partner for a MSN. Since the partner already has the merchant's Owen API keys, the merchant's API keys must be regenerated.
A partner can make API calls with the merchant's API keys without the MSN header that is required when using partner keys.
The alternative is to in some way make it possible top use partner keys with the Vipps Login API. It may not be super elegant on the backend, but simple seen from the outside.
Draft for today's meeting. 🔥
Problem: Partner keys do not work with the Vipps Login API. Partners that use partner keys today have to change to the merchant's own API keys to use Vipps Login API, as that API uses standard OIDC authentication, and not the same authentication as other Vipps APIs.
Benefits:
Drawbacks:
The alternative is to in some way make it possible top use partner keys with the Vipps Login API. It may not be super elegant on the backend, but simple seen from the outside.
The current process for changing partners: https://github.com/vippsas/vipps-partner#how-to-change-partners-for-a-merchant