feat: update bank authentication to match latest requirements

[kaljarv]

See Signicat message below:

We have an important update to share about Finnish eIDs and the Finnish Trust Network (FTN). Traficom has released new details for the M72B regulation, clarifying how authentication requests should be passed between service providers, brokers, and identity providers (IDPs). These changes aim to boost security and reduce fraud in authentication requests.

This is a reminder to follow up on the information shared with you in July.

Signicat has already implemented the necessary changes for passing requests between the broker and the IDP. To meet all new requirements, service providers must also secure the authentication request process between themselves and their broker. This can be done in one of two ways:

by implementing signed requests, or;
by using Pushed Authorization Requests (PAR)
Note that if using signed requests, only requests with a verifiable signature will be accepted (known as Sign Request Object). Unsigned requests will be rejected after the deadline.

The deadline to implement the requirements is December 31, 2025.

Next steps

Check that your integration follows the updated guidelines on Signicat’s developer page. For information about signed requests, please use this link https://developer.signicat.com/docs/eid-hub/oidc/advanced-security/send-encrypted-signed-requests/ and for pushed authorization requests, this link https://developer.signicat.com/docs/eid-hub/oidc/advanced-security/pushed-authorization-requests-par/.