...
Claim | Support | Example | Description | Comment | Editorial comment |
---|---|---|---|---|---|
Minimum ID Token (scope = openid ) | |||||
iss | https://preview.bankidapis.no | Issuer Identifier for the Issuer | |||
sub | 9578-5999-4-1765512 | Subject Identifier | Personal Identifier from BankID (Serial number from associated BankID certificate) | ||
nnin_altsub | 181266***** | DOC INCOMPLETE | |||
aud | DotNetClient | Audience | Always includes client_id | ||
exp | 1494144386 | Expiration time | Epoc time | ||
iat | 1494140787 | Issuing time | Epoc time | ||
auth_time | 1494140786 | Authentication time | Epoc time | ||
nonce | <random value> | Nonce | |||
acr | 4 | Authentication Context Class Reference | Level of Assurance (LoA) for IDP option being used | Must be added | |
amr | BankID | Authentication Method Reference | Name of IDP option being used | ||
azp | DotNetClient | Authorized party | Equals client_id | ||
alg | RS256 | Algorithm used to sign ID Token | |||
typ | JWT | Type of key used to sign ID Token | |||
kid | bankid-oauth | ID of key used to sign ID Token | |||
at_hash | <hash value> | Access Token hash value | Must be added. Required for hybrid flow and implicit flow | ||
c_hash | <hash value> | Code hash value | Hybrid flow | ||
Regular ID Token (scope = openid profile ) | |||||
name | Nilsen, Frode Beckmann | Full name | CommonName from associated BankID certificate | ||
given_name | Frode Beckmann | Given name (first name) | |||
family_name | Nilsen | Surname (last name) | |||
preferred_username | Nilsen, Frode Beckmann | Shorthand name | Must be reviewed | ||
birthdate | 1966-12-18 | Birthdate | BirthDate from associated BankID certificate | ||
updated_at | 1468582440 | Update time | Epoc time of issuing time of associated BankID certificate | Must be added |