Authenticate with Vipps on First Login

• Given a user on the login screen, when they tap 'Log in with Vipps', then an in-app browser opens to the Vipps Login authorization URL with correct scopes including openid, phone, and national_id
• Given a user who completes Vipps authentication, when the provider redirects with an authorization code, then the app exchanges the code for tokens and creates a valid Supabase session within 5 seconds
• Given a Vipps login that returns a personnummer in the token claims, when the token is processed, then the Vipps Integration Service attempts to sync the personnummer to the relevant member system and logs the sync outcome
• Given a Vipps login where the user's member record lacks a personnummer, when personnummer is successfully extracted, then the member record is updated automatically without requiring user action
• Given a user who cancels the Vipps flow, when the browser returns without a code, then the app returns to the login screen with a user-friendly message and no crash
• Given Vipps provider unavailability, when the authorization or token endpoint returns a provider error, then the app displays a localized message and offers BankID as an alternative login method

Vipps is installed on the majority of Norwegian smartphones and is the most frictionless authentication option for users already familiar with mobile payments. Critically, Vipps login can return the user's personnummer — resolving a longstanding data quality problem across NHF, Blindeforbundet, and HLF where many member records lack this field. This dual value (easy login + data enrichment) makes Vipps a uniquely high-value authentication provider for this context.

• Vipps Login Screen ui
• Vipps Integration Service service
• Auth Token Repository data
• Vipps API Gateway infrastructure