See the following for more information on IDPs supported in this release of the OpenID Connect Provider from BankID:
Each IDP option is associated with a Name and Level of Assurance (LoA) codified via attributes called
amr (Authentication Method Reference) and
acr (Authentication Context Class Reference), respectively. These attributes can be included in the request from an ODIC Client to the Authorize endpoint at the OIDC Provider to request either a particular IDP (
amr) or any IDP at a particular LoA (
acr). A standard and designated request parameter exists for the
acr attribute. Since there is no corresponding request parameter for the
amr attribute, the OIDC Provider from BankID supports
amr values codified as part of the
Sucessful authentication via one of the supported IDPs results in an ID Token being returned to the reqesting OIDC Client. A key feature of the ODIC Provider is to return ID Tokens with uniform characteristics regarless of the IDP being used in any particular case.
Note that an ID Token also contain values for the
acr attributes, corresponding to the IDP actually being used. These values may be different from corresponding values provided in the request from the OIDC Client to the Authorize endpoint. One example is if more IDP options meet the
acr criteria of the Authorize request. In this case an IDP selector dialog is presented for the user to resolve which IDP to use. Another example is if the selected IDP involves step-up to another IDP.
Note finally that the user experience for any IDP may be customized depending on the specific policy and ruleset that applies for each IDP. See also general information on user experience and customization of user experience.
For further information, see separate sections on
login_hint, JS Connector and Customization for each of the supported IDPs.