The OIDC Provider from BankID currently supports authentication via the following set of IDPs. More IDP options may be added in the future. The last column shows if xID can be combined with the IDP to derive any user ID that the IDP may depend on.
IDP option | Name(amr) | LoA | Derive userID | ||
---|---|---|---|---|---|
BankID netcentric | BID (BankID netcentric) BIM (BankID on mobile) | 4 |
| 4 | |
BankID on mobile | BIM | 4 | (Depends on TINFO) | ||
xID | xID | 2 | NA |
Each IDP option is associated with a Name and Level of Assurance (LoA) codified via attributes called amr
(Authentication Method Reference) and acr
(Authentication Context Class Reference). These attributes can be included in the request from an ODIC Client to the Authorize endpoint at the OIDC Provider to request either a particular IDP (amr
) or any IDP at a particular LoA (acr
). A standard and designated request parameter exists for the acr
attribute. Since there is no corresponding standard and designated parameter for the amr
attribute, the OIDC Provider from BankID supports amr
values codified as part of the login_hint
parameter.
...