starti.app
How-to Guides

Sign In with MitID

Authenticate users with MitID (Denmark's national digital identity) via SignaturGruppen

Sign In with MitID

Use the SDK's Auth module to sign in users with MitID, Denmark's national digital identity. MitID authentication is handled through SignaturGruppen as the identity broker.

Prerequisites

  • The starti.app SDK is installed and initialized
  • MitID (SignaturGruppen) is configured for your app in the starti.app manager

Steps

Call signIn with the "signaturgruppenmitid" provider

const result = await startiapp.Auth.signIn("signaturgruppenmitid");

Check the result and handle success or failure

if (result.isSuccess) {
  console.log("Authorization code:", result.authorizationCode);
  console.log("Code verifier:", result.codeVerifier);
  console.log("Redirect URI:", result.redirectUri);
} else {
  console.error("Sign in failed:", result.errorMessage);
}

Exchange the code on your backend

Send authorizationCode, codeVerifier, and redirectUri to your server, which exchanges them with SignaturGruppen for access and ID tokens.

Requesting additional claims with scopes

You can request additional user data by passing a scope option. Scope-requested data is available in result.additionalClaims.

const result = await startiapp.Auth.signIn("signaturgruppenmitid", {
  scope: "openid mitid ssn",
});

if (result.isSuccess) {
  console.log("Claims:", result.additionalClaims);
}

Common scopes

ScopeDescriptionAvailable in additionalClaims
openid mitidBasic MitID login (default)sub
openid mitid ssnInclude CPR numbersub, dk.cpr
openid mitid ssn ssn.details_nameInclude CPR + full namesub, dk.cpr, name

During development, MitID uses the pre-production environment. You can create test identities at pp.mitid.dk/test-tool/frontend/#/create-identity.

Complete example

await startiapp.initialize();

async function loginWithMitID() {
  const result = await startiapp.Auth.signIn("signaturgruppenmitid", {
    scope: "openid mitid ssn",
  });

  if (!result.isSuccess) {
    alert("Login failed: " + result.errorMessage);
    return;
  }

  // Exchange with your backend
  const response = await fetch("/api/auth/mitid", {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({
      authorizationCode: result.authorizationCode,
      codeVerifier: result.codeVerifier,
      redirectUri: result.redirectUri,
    }),
  });

  const session = await response.json();
  console.log("Logged in:", session.name);

  // Access scope-requested claims from additionalClaims
  console.log("CPR:", result.additionalClaims["dk.cpr"]);
}

You can check if the user is already authenticated before showing a sign-in button:

const loggedIn = await startiapp.Auth.isAuthenticated();

See also

Auth API Reference

Full API reference for the Auth module

Sign In with Google

Authenticate users with Google Sign In

Sign In with Apple

Authenticate users with Apple Sign In

Biometric Login with OAuth

Add Face ID / Touch ID resume to your OAuth login

Sign In with Apple

Authenticate users with Apple Sign In and access identity information

Biometric Login

Use Face ID and fingerprint to save and retrieve user credentials securely

On this page

Sign In with MitIDPrerequisitesStepsCall signIn with the "signaturgruppenmitid" providerCheck the result and handle success or failureExchange the code on your backendRequesting additional claims with scopesCommon scopesComplete exampleSee also