The TINFO service ("Tilleggsinfo") implements the standard Userinfo protected endpoint, thus supporting claims about the authenticated user beyond what is contained directly in the ID Token. The set of supported scopes and claims are described in the following section, followed by a description of consent handling for the supported scopes. The type of Access Token that grants access to Userinfo is also described.
The following table summarizes how the TINFO service impacts key features of the OIDC Provider:
| Function | Impact |
|---|---|
| IDP options | None (all supported options are availble) |
| Resource endpoint(s) | Adds support for the Userinfo endpoint |
| Authorize endpoint | Adds support for a small set of non-standard scopes and claims |
| Token endpoint | None (userinfo accepts Access Tokens of the default type) |
Scopes and claims
The set of claims returned via Userinfo depends on the scopes requested by the OIDC Client. Four different configurations are supported as suggested by the below table, corresponding to the standard scopes email, phone and address and the non-standard scope nnin.
Note that the basic set of claims about the end user from the ID Token are duplicated in the Userinfo response. Such duplicated claims are not shown in the table. The standard claims sub and updated_at are always returned in the Userinfo response.
Supported claims are marked 
wheras 
indicates future support. Claims that require consent from the end user are marked 
. Non-standard claims are marked 
and are specific for the OIDC Provider from BankID. See a separate list of unsupported standard claims.
The OIDC Provider from BankID supports signed responses from Userinfo
| Claim | Support | Example | Description | Comment | Editorial comment |
|---|---|---|---|---|---|
sub | | 9578-5999-4-1765512 | Subject Identifier | ||
updated_at | | 1468582440 | Update time | Epoc time of latest update of any data element behind any of the supported claims | Must be added |
Email ( scope = email ) | |||||
email | | Preferred email | Must be added | ||
email_verified | | Email verification status | Must be added | ||
Phone ( scope = phone ) | |||||
phone_number | | 95871775 | Preferred phone numer | ||
phone_number_verified | | false | Phone number verification status | Depending on the source for the number. Numbers for BankID on Mobile are regarded as verified. | Numbers from other sources may also be regarded verified. |
all_phone_numbers | | {{"number":"95871775","number_verified":false},{"number":"46897469","number_verified":false},{"number":"94782958","number_verified":false}} | All phone numbers with verification status | ||
Address ( scope = address ) | |||||
address | | { "formatted": "Lybekkveien 11C\n0772 Oslo\nNorway", "country": "Norway", "street_address": "Lybekkveien 11C", "postal_code": "0772", "locality": "Oslo", "house_number": "11", "house_letter": "C", "street_name": "Lybekkveien" } | Postal address | Standardized claim with both standardized and non-standard sub-claims | |
address.formatted | | Lybekkveien 11C\n0772 Oslo\nNorway | Full mailing address | ||
address.street_address | | Lybekkveien 11C | Full street address | ||
address.locality | | Oslo | City or locality | ||
address.postal_code | | 0772 | Postal code | ||
address.country | | Norway | Country | ||
address.street_name | | Lybekkveien | Street name component from | To be reviewed | |
address.house_numer | | 11 | House number component from street_address | To be reviewed | |
address.house_letter | | C | House letter component from street_address | To be reviewed | |
National Identity Number ( scope = nnin ) | |||||
nnin | | 181266***** | Norwegian National Identity Number (fødselsnummer) | ||
Consent handling
According to default handling.
Access Tokens
Uses default tokens. The service behind Userinfo performs Introspect to determine the specific set of claims that the token should gain access to.