Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 23 Next »

A minimum ID Token returned by the OIDC Provider from BankID contains the following claims, among which sub is the only claim that is linked to the actual user. 

ClaimSupportExampleDescriptionCommentEditorial comment
iss(tick)https://preview.bankidapis.noIssuer Identifier for the Issuer  
sub(tick)9578-5999-4-1765512Subject IdentifierPersonal Identifier from BankID
(Serial number from associated BankID certificate)
 
aud(tick)DotNetClientAudienceAlways includes client_id 
exp(tick)1494144386Expiration timeEpoc time 
iat(tick)1494140787Issuing timeEpoc time 
auth_time(tick)1494140786Authentication timeEpoc time 
nonce(tick)<random value>Nonce  
acr(warning)4Authentication Context ClassLevel of Assurance for IDP option being usedMust be added
amr(tick)BankIDAuthentication Method ReferenceName of IDP option being used 
azp(tick)DotNetClientAuthorized partyEquals client_id 
alg RS256Algorithm used to sign ID Token  
typ JWTType of key used to sign ID Token  
kid bankid-oauthID of key used to sign ID Token  
at_hash(warning)<hash value>Access Token hash value Must be added. Required for hybrid flow and implicit flow
c_hash(tick)<hash value>Code hash valueHybrid flow 

 

The following basic claims about the end user may in addition be added to the ID Token, depending on the scopes and claims requested by the OIDC Client. 

ClaimSupportExampleDescriptionCommentEditorial comment
name(tick)Nilsen, Frode BeckmannFull nameCommonName from associated BankID certificate 
gender(warning) MaleGender Must be added
birthdate(tick)1966-12-18Birthdate  


Claims about the authenticated user beyond this basic set is available via Userinfo linked to the Additional Information service.

Note that a minimum ID Token can be used by OIDC Clients that need to authenticate end-users in an anonumous way. The sub value does not identify the user unless it is linked by the OIDC Client to other claims about the end user associated with the corresponding sub value.  

 

Userinfo claims

ClaimSupportExampleDescriptionComment
sub(tick)9578-5999-4-1765512Subject Identifier 
name(tick)Nilsen, Frode BeckmannFull name 
given_name(tick)Frode BeckmannGiven name (first name) 
family_name(tick)NilsenSurname (last name) 
middle_name(warning) Middle NameREV
nickname(error) Casual name 
preferred_username(tick)Nilsen, Frode BeckmannShorthand nameREV
profile(error) Profile page URL 
picture(error) Picture URL 
website(error) Homepage URL 
email(warning) Preferred emailREV
email_verified(warning) Email verification statusREV
gender(warning) GenderREV
birthdate(tick)1966-12-18Birthdate 
zoneinfo(error) Time zone 
locale(error) Locale 
phone_number(tick)95871775Preferred phone numer 
phone_number_verified
(tick)falsePhone number verification status 
address(tick){ "formatted": "Lybekkveien 11C\n0772 Oslo\nNorway", "country": "Norway", "street_address": "Lybekkveien 11C", "postal_code": "0772", "locality": "Oslo", "house_number": "11", "house_letter": "C", "street_name": "Lybekkveien" }Postal address 
     
     
all_phone_numbers {"number":"95871775","number_verified":false},{"number":"46897469","number_verified":false},{"number":"94782958","number_verified":false}  
ClaimSupportExampleDescriptionComment
country    
street_address    
postal_code    
locality    
house_numer    
house_letter    
street_name    
     
     
all_phone_numbers    
  • No labels