The Fraud Data service uses the default Access Token format of the OIDC Provider from BankID, adapted to the Client Credential flow that is used by the Fraud Data service.
Eligibile OIDC Clients can request Access Tokens for Fraud Data by invoking the Token endpoint using Client Credential Grant and supplying appropriate scope values. The Access Token must be added as an OAuth2 Bearer Token to subsequent requests to endpoints for the Fraud Data API.
The following is an example of a valid Access Token for the Fraud Data Service. The resource designator fraud-data-rs is added to the resource_access claim of the access token to signify access to the associated endpoint of the Fraud Data API.
{
"jti": "43d19dd7-189a-4156-920d-192fb0580ed0",
"exp": 1526470877,
"nbf": 0,
"iat": 1526470577,
"iss": "https://oidc.bankidapis.no/auth/realms/prod",
"aud": "fraud-data-rs",
"sub": "7bcdcd53-7444-48c0-a70f-304ccfe847a7",
"typ": "Bearer",
"azp": "oidc-testclient",
"auth_time": 0,
"session_state": "fa1ee79a-990f-4e35-a7ac-6de4872c7e9e",
"acr": "1",
"allowed-origins": [],
"resource_access": {
"fraud-data-rs": {
"roles": [
"GetSecurityData"
]
}
},
"clientId": "oidc-testclient",
"clientHost": "80.86.138.154",
"clientAddress": "80.86.138.154"
}