...
| Claim | Support | Example | Description | Comment | Editorial comment | ||
|---|---|---|---|---|---|---|---|
Minimum ID Token (scope = openid) | |||||||
iss |  | https://preview.bankidapis.no | Issuer Identifier for the Issuer | ||||
sub | | 9578-5999-4-1765512 | Subject Identifier | Personal Identifier from BankID (Serial number from associated BankID certificate) | |||
| nnin_altsub |   | 181266***** | Norwegian National Identity Number (fødselsnummer) | Alternate sub. Only available to eligible OIDC clients | Must be addedDOC INCOMPLETE | ||
aud | | DotNetClient | Audience | Always includes client_id | |||
exp | | 1494144386 | Expiration time | Epoc time | |||
iat | | 1494140787 | Issuing time | Epoc time | |||
auth_time | | 1494140786 | Authentication time | Epoc time | |||
nonce | | <random value> | Nonce | ||||
| acr | | 4 | Authentication Context Class Reference | Level of Assurance (LoA) for IDP option being used | Must be added | ||
amr | | BankID | Authentication Method Reference | Name of IDP option being used | |||
azp | | DotNetClient | Authorized party | Equals client_id | |||
alg | | RS256 | Algorithm used to sign ID Token | ||||
typ | | JWT | Type of key used to sign ID Token | ||||
kid | | bankid-oauth | ID of key used to sign ID Token | ||||
at_hash | | <hash value> | Access Token hash value | Must be added. Required for hybrid flow and implicit flow | |||
c_hash | | <hash value> | Code hash value | Hybrid flow | |||
Regular ID Token (scope = openid profile) | |||||||
name | | Nilsen, Frode Beckmann | Full name | CommonName from associated BankID certificate | |||
given_name | | Frode Beckmann | Given name (first name) | ||||
family_name | | Nilsen | Surname (last name) | ||||
preferred_username | | Nilsen, Frode Beckmann | Shorthand name | Must be reviewed | |||
birthdate | | 1966-12-18 | Birthdate | BirthDate from associated BankID certificate | |||
updated_at | | 1468582440 | Update time | Epoc time of issuing time of associated BankID certificate | Must be added | ||