Skip to main content
Version: 14

BDDK Integration Overview

BDDK Integration consists of 2 parts one is the integration backend the other is the integration of the mobile applications

Integration parts

The following diagram depicts the event flow of the login process more details see kssidp overview MCSDK Events are decribed and helper

  • KOBIL responsable for everything that is blue
  • The banks are responsible for everything that is red


Regarding 1st red box:

Each token contains a key-ID in the header.  So process should be: When their service starts, they should call JWKS endpoint of keycloak to fetch keys and cache them in memory. (This is essentially a map of key-ID→key). There are libraries to handle JWKS formats, maybe there is even libraries that can manage the cache and connect to keycloak, i.e. do the fetch.) When they verify a token, they should resolve key-ID to they shall resolve the key-ID to their in memory cache.  If they don't have the key in their cache, they should update (same call as on startup). If the key still does not exist, they must reject the token There are usually libraries that provide token verification code already (usually also with a handler to resolve unknown key-IDs)

Regarding session: 

If their backend calls are stateless, they would have handle parts in their JavaScript client.