The OIDC Provider from BankID currently supports authentication via the following set of IDPs. More IDP options may be added in the future.
Sucessful authentication results in an ID Token being returned to the reqesting OIDC Client. The ODIC platform from BankID provides ID Tokens with uniform characteristics regarless of the IDP being used in any particular case.
Each IDP option is associated with a Name and Level of Assurance (LoA) codified via attributes called amr (Authentication Method Reference) and acr (Authentication Context Class Reference). These attributes can be included in the request from an ODIC Client to the Authorize endpoint at the OIDC Provider to request either a particular IDP (amr) or any IDP at a particular LoA (acr). Corresponing values for the IDP actually being used is included in the ID Token that is returned to the OIDC Client.
A key feature at the heart of the OIDC Provider is to always associate any non-BankID identity for any given end-user to a BankID for that user, thus enhancing the level of assurance for non-BankID IDPs. Such a link may be established either at create-time for a non-BankID identity (which is the case for xID), or at use-time when the non-BankID identity is used for the first time via the OIDC Provider. In the latter case a step-up to BankID is automatically performed by the OIDC platform at first-time use.