The REST API of the OIDC Provider from BankID consists of a set of Endpoints, Tokens, Scopes and Claims according to the OpenID Connect 1.0 (OIDC) and OAuth 2.0 (OAuth2) standards. A key feature of the OIDC platform is to provide uniform handling of Claims with corresponding Consent handling across all supported IDPs.
Since the OIDC/OAuth standards are frameworks, any particular implementation may make both restrictions and extensions. The OIDC Provider from BankID includes both restrictions by not supporting certain optional parts of the standards and also make extensions by adding non-standard capabilities.
The OIDC Provider from BankID employs signing and encryption of certain data elements over the REST API. Important examples are signing of ID Tokens and responses from Userinfo. An OIDC Client needs to authenticate with the OIDC Provider for many of the Endpoints. A separate section on message flow provides an elaborated understanding of message flow both over the REST API as such and also the message flow with components behind the REST API. The REST API supports all flows from the OIDC/OAuth2 standards.
- Scopes and Claims
- Client authentication
- Signing and encryption