The OpenID Connect Provider from BankID (hereafter referred to as the OIDC Provider) is illustrated below. It consists of a industry-standard REST API in front of various Identity Providers (IDP) and Supplementary Services. The REST API is based on the OpenID Connect 1.0 authentication standard on top of the OAuth 2.0 authorization framework. onsent handling is a key feature of the OIDC platform.

The quickest and best way to integrate with the OIDC Provider is to use a set of associated JavaScript connectors being front-end wrappers of the API. C

A major benefit of the OIDC Provider is to allow merchants start using the BankID Services with minimum integration effort compared to the legacy integration option (ie. install BankID Server, add a BankID merchant certificate and integrate towards the proprietary API of BankID server). For the xID Service  the OIDC Provider is the only integration option available to merchants. 

The  Additional Information service is available over the Userinfo endpoint according to the OpenID Connect specification and uses standardized scopes, claims and token formats . The PSD2 service does in contrasts consist of a range of specific OAuth2 scopes, claims and token formats tailored for various use-cases under PSD2.

The term OIDC Client is used for any application that integrates with the OIDC Provider, corresponding to the following terms in related vocabularies:

• OAUth2 clients in OAuth vocabulary
• Relying Party in OIDC vocabulary
• Merchant in BankID vocabulary
• Third Party Provider in PSD2 vocabulary.

OIDC Clients may integrate directly with the OIDC Provider as shown in the above figure or indirectly via an intermediate party as described in a separate section. OIDC Clients must authenticate with the OIDC Provider.

The OIDC Provider comes with a default component responsible for all GUI handling.  An OIDC Client may override the default GUI and provide its own customized GUI handling hosted at any URL.