Known issues

Known issues in this release of the OpenID Connect Provider from BankID are further described below in terms of:

Restrictions

The following table summarizes restrictions in this release of OIDC Provider from BankID :

No Restrictions in 2017-12-06 Luxembourg (OIDC)
R1 BankID (including BankID on mobile) is the only supported IDP. No Value Added Sevices (VAS) are supported. Future releases will support additional IDPs and VAS-services
R2 Signing with the BankID IDP is currently not supported over OpenID Connect. Such support is planned for a future release.
R3 The BankID anti-fraud service is currently not supported over OpenID Connect. Such support is planned for a future release.
R4 Indirectly connected clients of the known-type via Intermediate Services are currently not supported. Such support is planned for a future release.
R5 OIDC client_secret_basic is currently the only supported authentication method for OIDC Clients. Other authentication methods may be added on customer demand.
R6 Pure app-based applications using a completely embedded (API-based) user-experience is currently not supported. Such support is planned for a future release.
R7 POST method is not supported by Authorize endpoint
R8 Using the OIDC with iframes does not work out-of-the box on Safari v11.0.1 and later

Caveats

The following table summarizes caveats in this release of the OIDC Provider from BankID

No Caveats in 2017-12-06 Luxembourg (OIDC)
C1 Access Tokens for the TINFO-service is returned from the Token endpoint even if the TINFO-service as such is not supported in this release
C2 The nnin_altsub claim is never part of an Access Token even if the OIDC Client in question receives this claim in the ID Token. Resource Servers that are entitled to receive nnin_altsub must be configred to for such access and retrieve this claim via introspection 
C3 OIDC clients that are not entitled to nnin_altsub may still make request to Resources Servers that depend on this claim. Resource Servers that are entitled to receive nnin_altsub must be configred to for such access and retrieve this claim via introspection   

Bugs

The following table summarizes known bugs in this release of the OIDC Provider from BankID

No Bugs in  2017-12-06 Luxembourg (OIDC)
B1

There are numerous errors in the reponse from openid-configuration. Please consult the documentation for the OpenID Connect Provider from BankID to understand its configuration and capabilities

B2 Refresh Token contains info on resource access
B3 Refresh Token  has auth_time = 0.
B4 Error message on time-out must be improved
B5 Language is sometimes not set according to the locale parameter