When the BankIdSignProperties contains large byte-arrays for UserVisibleData and UserNonVisibleData there is a chance that the properties are not persisted in the BankID UI state cookie.
What area is it related to
ActiveLogin.Authentication.BankId.AspNetCore.Sign.BankIdSignService
Describe the solution you'd like
Better documentation for the properties in BankIdSignProperties, that the size of the byte-arrays matters.
A validation of the cookie value before appending it to the response.
Additional context
Using theese props will fail the sign-request:
var props = new BankIdSignProperties(userVisibleContent)
{
Items =
{
{"scheme", provider}
},
UserVisibleDataFormat = BankIdUserVisibleDataFormats.SimpleMarkdownV1,
UserNonVisibleData = Encoding.UTF8.GetBytes(GenerateString(30000))
};While the props with a hash works just fine:
var props = new BankIdSignProperties(userVisibleContent)
{
Items =
{
{"scheme", provider}
},
UserVisibleDataFormat = BankIdUserVisibleDataFormats.SimpleMarkdownV1,
UserNonVisibleData = BitConverter.GetBytes(GenerateString(30000).GetHashCode())
};This is related to issue #425
When the BankIdSignProperties contains large byte-arrays for UserVisibleData and UserNonVisibleData there is a chance that the properties are not persisted in the BankID UI state cookie.
What area is it related to
ActiveLogin.Authentication.BankId.AspNetCore.Sign.BankIdSignService
Describe the solution you'd like
Better documentation for the properties in BankIdSignProperties, that the size of the byte-arrays matters.
A validation of the cookie value before appending it to the response.
Additional context
Using theese props will fail the sign-request:
While the props with a hash works just fine:
This is related to issue #425