...
Claim | Support | Example | Description | Comment | Editorial comment | ||
---|---|---|---|---|---|---|---|
Minimum ID Token (scope = openid ) | |||||||
iss | https://preview.bankidapis.no | Issuer Identifier for the Issuer | |||||
sub | 9578-5999-4-1765512 | Subject Identifier | Personal Identifier from BankID (Serial number from associated BankID certificate) | ||||
nnin_altsub | 181266***** | Norwegian National Identity Number (fødselsnummer) | Alternate sub. Only available to eligible OIDC clients | Must be addedDOC INCOMPLETE | |||
aud | DotNetClient | Audience | Always includes client_id | ||||
exp | 1494144386 | Expiration time | Epoc time | ||||
iat | 1494140787 | Issuing time | Epoc time | ||||
auth_time | 1494140786 | Authentication time | Epoc time | ||||
nonce | <random value> | Nonce | |||||
acr | 4 | Authentication Context Class Reference | Level of Assurance (LoA) for IDP option being used | Must be added | |||
amr | BankID | Authentication Method Reference | Name of IDP option being used | ||||
azp | DotNetClient | Authorized party | Equals client_id | ||||
alg | RS256 | Algorithm used to sign ID Token | |||||
typ | JWT | Type of key used to sign ID Token | |||||
kid | bankid-oauth | ID of key used to sign ID Token | |||||
at_hash | <hash value> | Access Token hash value | Must be added. Required for hybrid flow and implicit flow | ||||
c_hash | <hash value> | Code hash value | Hybrid flow | ||||
Regular ID Token (scope = openid profile ) | |||||||
name | Nilsen, Frode Beckmann | Full name | CommonName from associated BankID certificate | ||||
given_name | Frode Beckmann | Given name (first name) | |||||
family_name | Nilsen | Surname (last name) | |||||
preferred_username | Nilsen, Frode Beckmann | Shorthand name | Must be reviewed | ||||
birthdate | 1966-12-18 | Birthdate | BirthDate from associated BankID certificate | ||||
updated_at | 1468582440 | Update time | Epoc time of issuing time of associated BankID certificate | Must be added |