The set of claims returned via Userinfo depends on the scopes
requested by the OIDC Client. Five different configurations are supported as suggested by the below table, corresponding to the standard scopes profile
, email
, phone
and address
and the non-standard scope nnin
. Note that some of the claims associated with the profile
scope are returned with the ID Token whereas others are returned via Userinfo. The standard claims iss
, sub,
and aud
updated_at
are always returned in the Userinfo response.
Most of the claims require consent from the end user as indicated by in the table. The nnin
claim does however not require consent from the end-user. The rationale is to continue the current BankID practise to provide this data element as a silent side-effect of the authentication to specific OIDC Clients that have lawful rights (or obligations) to register such data. Since such business (banks, insurance companies, health-care organizations, etc.) normally use nnin
rather than sub
(the BankID PID) as the reference for the end-user it must be possible to perform a basic authentication, ie. requesting an ID Token along with just nnin
from Userinfo without presenting the user with any consent screen. The nnin
cannot be part of the ID Token for privacy reason since the ID Token for several of the supported flows is passed via the User-agent. The practise to provide nnin
as an non-consented claim is regulated in the end-user license agreement (EULA) for all of the supported IDP options
Apart from the nnin
scope that is available only to designated OIDC Clients, note that all other scopes and claims are available to any OIDC Client. The end-user is always in control of the set of claims that is actually returned since all other claims demand consent from the end-user.
The OIDC Provider from BankID supports signed responses from Userinfo.
Claim | Support | Example | Description | Comment | Editorial comment |
---|---|---|---|---|---|
iss | https://preview.bankidapis.no | Issuer Identifier for the Issuer | |||
sub | 9578-5999-4-1765512 | Subject Identifier | |||
aud | DotNetClient | Audience | Always includes client_id | ||
updated_at | 1468582440 | Update time | Epoc time of latest update of any data element behind any of the supported claims | Must be added | |
Profile ( scope = profile ) | |||||
gender | Male | Gender | Gender derived from National Identity Number from associated BankID certificate | Must be added | |
Email ( scope = email ) | |||||
email | frobnil@something.com | Preferred email | Must be added | ||
email_verified | false | Verification status of preferred email | Must be added | ||
all_emails | {{"email":"frobnil@something.com","email_verified":false},{"email":"frode@elsething.com","email_verified":false}} | Alle emails with verification status | Must be added | ||
Phone ( scope = phone ) | |||||
phone_number | 95871775 | Preferred phone numer | |||
phone_number_verified | false | Verification status of preferrred phone numer | Depending on the source for the number. Numbers for BankID on Mobile are regarded as verified. | Numbers from other sources may also be regarded verified. | |
all_phone_numbers | {{"number":"95871775","number_verified":false},{"number":"46897469","number_verified":false},{"number":"94782958","number_verified":false}} | All phone numbers with verification status | |||
Address ( scope = address ) | |||||
address | { "formatted": "Lybekkveien 11C\n0772 Oslo\nNorway", "country": "Norway", "street_address": "Lybekkveien 11C", "postal_code": "0772", "locality": "Oslo", "house_number": "11", "house_letter": "C", "street_name": "Lybekkveien", "verified": false } | Preferred postal address | Standardized claim with both standardized and non-standard sub-claims | ||
address.verified | false | Verification status of preferred postal address | Must be added | ||
address.formatted | Lybekkveien 11C\n0772 Oslo\nNorway | Full mailing address | |||
address.street_address | Lybekkveien 11C | Full street address | |||
address.locality | Oslo | City or locality | |||
address.postal_code | 0772 | Postal code | |||
address.country | Norway | Country | |||
address.street_name | Lybekkveien | Street name component from | To be reviewed | ||
address.house_numer | 11 | House number component from street_address | To be reviewed | ||
address.house_letter | C | House letter component from street_address | To be reviewed | ||
all_addresses | {{ "formatted": "Lybekkveien 11C\n0772 Oslo\nNorway", "country": "Norway", "street_address": "Lybekkveien 11C", "postal_code": "0772", "locality": "Oslo", "house_number": "11", "house_letter": "C", "street_name": "Lybekkveien", "verified": false }, { "formatted": "Munkedamsveien 45A\n0250 Oslo\nNorway", "country": "Norway", "street_address": "Munkedamsveien 45A", "postal_code": "0250", "locality": "Oslo", "house_number": "45", "house_letter": "A", "street_name": "Munkedamsveien", "verified": false } } | All addresses with verification status | Must be added | ||
National Identity Number ( scope = nnin ) | |||||
nnin | 181266***** | Norwegian National Identity Number (fødselsnummer) |