Client authentication

OIDC Clients must authenticate with the OIDC Provider for the Authorize, Token and Introspect Endpoints. Among the standardized authentication methods the following are currently supported by the OIDC Provider from BankID: 

The required scheme for any OIDC Client is determined when the OIDC Client is configured at the OIDC Provider.

Support for other OIDC authentication schemes like client_secret_post,  client_secret_jwt and private_key_jwt may be added as future options.

OIDC Clients requesting access to VAS-services that uses the OIDC Provider for authorization must in addition authenticate with VAS-Servers using Access Tokens from the OIDC Provider. The type of Access Token and also the scheme for passing such tokens to VAS-servers are specific for each of the supported kinds of Value Added Services (VAS).