Skip to content

Truncate web.useragent sent to BankID in Auth/Sign/Payment API call. #531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
elinohlsson merged 2 commits into from
Dec 18, 2025
Merged

Truncate web.useragent sent to BankID in Auth/Sign/Payment API call. #531

elinohlsson merged 2 commits into from
Dec 18, 2025
+48 −0

Conversation

@elinohlsson
Copy link
Contributor

@elinohlsson elinohlsson commented Dec 18, 2025

Truncate User-Agent to comply with BankID API limits

Problem

BankID enforces a maximum length on the web.userAgent field. If this limit is exceeded, BankID returns a 400 error and authentication fails. Some browsers and environments provide long User-Agent strings (for example, iOS in-app browsers such as Facebook or Instagram) that can exceed this limit.

Solution

The built-in default implementation of IBankIdEndUserDeviceDataResolver (BankIdDefaultEndUserWebDeviceDataResolver) now automatically truncates the User-Agent value to the maximum length allowed by the BankID API before sending it.

Result

Authentication succeeds even when the client User-Agent exceeds BankID’s maximum length.

This PR relates to #530.

Truncate web.useragent sent to BankID in Auth/Sign/Payment API call, …
7b4fda7 
…if the value exceeds the max length of 256 characters.
@elinohlsson elinohlsson marked this pull request as ready for review December 18, 2025 11:53
Abrissirba
Abrissirba reviewed Dec 18, 2025
View reviewed changes
Copy link
Contributor

@Abrissirba Abrissirba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a unit test for this

@elinohlsson elinohlsson added this to the Next Release milestone Dec 18, 2025
@elinohlsson elinohlsson changed the title Truncate web.useragent sent to BankID in Auth/Sign/Payment API call, … Truncate web.useragent sent to BankID in Auth/Sign/Payment API call. Dec 18, 2025
@elinohlsson elinohlsson merged commit b9563be into main Dec 18, 2025
21 of 22 checks passed
@elinohlsson elinohlsson deleted the feature/530-useragent-maxlength branch December 18, 2025 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Abrissirba Abrissirba Abrissirba approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v11.1.3

Development

Successfully merging this pull request may close these issues.

3 participants

@elinohlsson @Abrissirba