BankID OIDC has been tested with success as an identity provider for Azure AD B2C in a configuration setup as shown below.
May also use bid_client_id in the request parameter (mandatory when passing through an intermediate OIDC Provider that have its own client_id).
Test of thus setup has been made available via a private preview of Azure AD B2C from Microsoft. When Azure AD B2C becomes generally available (tentative Q217) this documentation will be updated on how to use BankID OIDC in such a context.
Applications connecting via Azure AD B2C can be offered the same set of services from BankID OIDC as for those applications that integrate directly with BankIDOIDC.
Some notes on usage:
- Authorization request must contain bid_client_id: Meaning the client_id given by BankID OIDC. The client_id value will be treated as an intermediate client (ex: MS Azure). Legal scopes are openid pluss all scopes registered for the BankID OIDC client. The resulting id_token returned to Client holds a value bid_code which is an authorization_code for accessing UserInfo on BankID OIDC (provided that scope and return_type is correct) . Resulting audience in id_token will be set to bid_client_id and client_id of the AzureAD requestor in combination.
- Some parameters may need to be prefixed with "bid_" in order to pass through AAD B2C. AAD B2C is also a OIDC Service and parameters are part of the standard.