Token

URL https://<baseurl>/protocol/openid-connect/token
Request method POST with parameters as application/x-www-form-urlencoded data
Client authentication See supported methods  
Request parameters See below
Response elements See below
Example See below

Token is a standard endpoint used for exchanging either an Authorization Code with a set of tokens (ID Token, Access Token and Refresh Token) or to exchange a Refresh Token with a new (and refreshed) set of previously received tokens. 

Request parameters

Request parameters are different for Authorization Code exchange and Refresh Token exchange. In addition to the parameters shown below comes parameters related to Client authentication.

Authorization Code exchange

Name Support Description
grant_type (tick) authorization_code
code (tick) Value from response of the foregoing Authorize  request
redirect_uri (tick)

redirect_uri used in the foregoing Authorize request.

Note: Repeating this uri in the token request a countermeasure against code leakage attacks

Refresh Token exchange

Name Support Description
grant_type (tick) refresh_token
refresh_token (tick) Value from any foregoing Token response
scope (tick) Requested scopes for the new set of tokens

Response elements

Reponses are similar for Authorization Code exchange and Refresh Token exchange. In both cases the response is a JSON structure according to standard containing all supported token types.  The content of any Access Token returned is given by the scopes "negotiated" with the OIDC Provider in the foregoing Authorize request.

Example

The following example shows a request / response pair for an Authorization Code exchange with the Token endpoint. The example is generated from Postman (which is configured as a client at the OIDC Provider) corresponding to the example shown for the Authorize endpoint. 

Authorization Code Exchange
POST /auth/realms/preprod/protocol/openid-connect/token HTTP/1.1
Host: oidc-preprod.bankidapis.no
Connection: close
Content-Length: 306
Accept: */*
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
Authorization: Basic UG9zdG1hbjo5YWE3NDBhZi03NGIxLTQ2ODMtOWFhNi02NWJiNDBmYmY1Zjk=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8


redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback&grant_type=authorization_code&state=10455063&code=uss.iq5WXmK5dDQCprQn8kMz_EIiBrAYA0hxOc9jZM0pZfo.bf0a4c9f-2d00-43d8-8288-01b83ab1e580.1714e8ff-0adf-449f-8c50-bf0a77617a43


HTTP/1.1 200 OK
Date: Thu, 16 Nov 2017 13:14:36 GMT
Server: WildFly/10
X-Powered-By: Undertow/1
Content-Type: application/json
Content-Length: 3770
Via: 1.1 oidc-preprod.bankidapis.no
Connection: close

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YmViYmEyZS1lMTBjLTQ3ZDgtYTYzYy05MmFiNTViNGJiNGYiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlBvc3RtYW4iLCJhdXRoX3RpbWUiOjE1MTA4MzgwNTAsInNlc3Npb25fc3RhdGUiOiJiZjBhNGM5Zi0yZDAwLTQzZDgtODI4OC0wMWI4M2FiMWU1ODAiLCJuYW1lIjoiRnJvZGUgQmVja21hbm4gTmlsc2VuIiwiZ2l2ZW5fbmFtZSI6IkZyb2RlIEJlY2ttYW5uIiwiZmFtaWx5X25hbWUiOiJOaWxzZW4iLCJhY3IiOiI0IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fSwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.DD5TUdN-OYDp9EfHVaNuQurDGcElTx48RlUygUfkxFR7181qJtAO69Pz7u6-7aavo9D9QHRqrXSengUSoyXOl0BmtwPBIuLuEdjKBHtQgvoAOW-xf_7J8mKNcq2_pLp9WO5ajG5N9mvls-DlgE_1nt_MKNtp_bYso11bSn59QIKlUsQ4jY2VqaItsCW04aa1ZFOK5JbuW4quqkqwM0vVglT99oh3CBVLmP3G6JT-i0OVBETSx8sX5-GS7IKuZf-WNzKO3aE4LQc6pweSPbuEpfG9J4EOU5PockJnQNW9keVEdhH_5Nw5Bj_FL8DmFhx03KnkWex9VfT0QfcICwMILA",
    "expires_in": 300,
    "refresh_expires_in": 1800,
    "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YzQxN2QzYi0yMDI1LTRhODctYjYxYS1jZDA2NDllZjgzOGYiLCJleHAiOjE1MTA4Mzk5NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.HN8ZSjaNbiKVts238C41lR6AC4sJyqpjRn2vxoVdG7Dhg6jmwHvk-8vkapPmxQ_s-oCVlMZbDsJAGj1Ecxs-jVZIC4WbL2vlJ_pJpt8d0PaXFu3G1XhnZjSs4d3lWXHLnlrOBMFAUUCEwIGMAuCaS4ef-tSFL0fzG55mb3JlxVJLO6uvlYaIUx_K_5hrQ0e12GreMsXsgwFUnK1JQPThk11dGeHntNEm84nMtz7QfcrV2Ob0RyOcRB796Qbv_NK5BoH9GXZQswW09KpukUPNLru7mvkuPUtnLnAd9ng0QlnrolAv9UOgQJQ2NSw7q70kB7cJ5_J2KSpsOdg49lc-aQ",
    "token_type": "bearer",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJjMzdjN2FlZi00NDdkLTRmMWEtYTMyMi0wMjc4MmZmN2QwMGIiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJQb3N0bWFuIiwic3ViIjoiYjNmNGQ5MTktOGNjNS00MTNjLTllMTEtM2MyYzY3NWIyZjhmIiwidHlwIjoiSUQiLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjoxNTEwODM4MDUwLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwibmFtZSI6IkZyb2RlIEJlY2ttYW5uIE5pbHNlbiIsImdpdmVuX25hbWUiOiJGcm9kZSBCZWNrbWFubiIsImZhbWlseV9uYW1lIjoiTmlsc2VuIiwiYmlydGhkYXRlIjoiMTk2Ni0xMi0xOCIsInVwZGF0ZWRfYXQiOjE0NzQ4OTAzNTEwMDAsImFjciI6IjQiLCJubmluX2FsdHN1YiI6IjE4MTI2NjM1NTQ3IiwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.jPESXd1TFFpiaIiOPDgXbqT1INR6yHdql1ZNsjX77Zf4RnI0xaM_SNC0ZRUdARcSXkZYRNmOUXLAeXh-DAY0Rew31RMXEK_MHJKh-6C0Ooed67ei_cJxephvqe1o7_3HPvpHfOKWPVoJbg7_ytWRLaDRivkmOdkMZzUsFpCeY1GhwUD_g_-Otnsbv-FSQgJ-w-vrehQGHfiuIlP-QYMKxA7cH_-ViJh4NuQ6xzLSafNYCx0vk2NDS9wKwnjaj0Sl2AWL5zaZZ_EEfrFXEg-hWDcAc5YdECM0APFoPESqzi0Cu26bOpnQP7ZuO9DNhB2eoeSOIlC6hu89TIALyB2S8w",
    "not-before-policy": 0,
    "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580"
}


The following are decoding of the tokens returned in the above response:

Decoded Tokens
Access Token
{
  "jti": "5bebba2e-e10c-47d8-a63c-92ab55b4bb4f",
  "exp": 1510838469,
  "nbf": 0,
  "iat": 1510838169,
  "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
  "aud": "tinfo",
  "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
  "typ": "Bearer",
  "azp": "Postman",
  "auth_time": 1510838050,
  "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
  "name": "Frode Beckmann Nilsen",
  "given_name": "Frode Beckmann",
  "family_name": "Nilsen",
  "acr": "4",
  "allowed-origins": [],
  "realm_access": {
    "roles": [
      "nnin_altsub",
      "profile"
    ]
  },
  "resource_access": {
    "tinfo": {
      "roles": [
        "address",
        "phone",
        "email"
      ]
    }
  },
  "amr": "BID",
  "preferred_username": "Nilsen, Frode Beckmann",
  "bankid_altsub": "9578-6000-4-30799"
} 
 
Refresh Token
{
  "jti": "5c417d3b-2025-4a87-b61a-cd0649ef838f",
  "exp": 1510839969,
  "nbf": 0,
  "iat": 1510838169,
  "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
  "aud": "tinfo",
  "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
  "typ": "Refresh",
  "azp": "Postman",
  "auth_time": 0,
  "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
  "realm_access": {
    "roles": [
      "nnin_altsub",
      "profile"
    ]
  },
  "resource_access": {
    "tinfo": {
      "roles": [
        "address",
        "phone",
        "email"
      ]
    }
  }
}
 
ID Token
{
  "jti": "c37c7aef-447d-4f1a-a322-02782ff7d00b",
  "exp": 1510838469,
  "nbf": 0,
  "iat": 1510838169,
  "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
  "aud": "Postman",
  "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
  "typ": "ID",
  "azp": "Postman",
  "auth_time": 1510838050,
  "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
  "name": "Frode Beckmann Nilsen",
  "given_name": "Frode Beckmann",
  "family_name": "Nilsen",
  "birthdate": "1966-12-18",
  "updated_at": 1474890351000,
  "acr": "4",
  "nnin_altsub": "181266*****",
  "amr": "BID",
  "preferred_username": "Nilsen, Frode Beckmann",
  "bankid_altsub": "9578-6000-4-30799"
}

The following example shows a request / response pair for an Refresh Token Exchange with the Token endpoint corresponding to the above example on a Authorization Code Exchange. 

Refresh Token Exchange
 
POST /auth/realms/preprod/protocol/openid-connect/token HTTP/1.1
Host: oidc-preprod.bankidapis.no
Connection: close
Content-Length: 1167
Authorization: Basic UG9zdG1hbjo5YWE3NDBhZi03NGIxLTQ2ODMtOWFhNi02NWJiNDBmYmY1Zjk=
Postman-Token: b88036f2-c45b-995c-9c63-b5c48b968304
Cache-Control: no-cache
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8


grant_type=refresh_token&scope=openid+profile+nnin_altsub&refresh_token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJmZjRkYWM3Ni1mMzVjLTQ1M2YtYTQ2MS0wOTY5MjI3YjU1YTIiLCJleHAiOjE1MTA4Mzk4NzYsIm5iZiI6MCwiaWF0IjoxNTEwODM4MDc2LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.d1INYQxzn0ofCg2zIVS8zd0K7GUbuLHRH6TwDsiDiiHkNZCg9wA6ef4S6HT0Wjg4CHqCv7mmZamChwsX_GlbsujtkTysUvRx_57LeGXQYDsCNVU0UrnhZ2dbfL9-YUwa5-An6Fdm0swkBn_5ivpqWK3cLBnl00Rirv8TTqT07mYpvIdFdVpc0QbOayhdVuVNYjKnEhBrliUVoaOfdrq1wtxecPsEx5uFOgxwR1VvMuDMBm25Fc4LPUwkSyYdCQEQi2BjfbjyJkwUdu8ASYN5GrDs_vW1FvIHTijIJvhawtmXCOusMxxkNXkF9V1PFGtXlzBA4YRQZCUyIvy2zhTgbQ


HTTP/1.1 200 OK
Date: Thu, 16 Nov 2017 13:16:09 GMT
Server: WildFly/10
X-Powered-By: Undertow/1
Content-Type: application/json
Content-Length: 3770
Via: 1.1 oidc-preprod.bankidapis.no
Connection: close

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YmViYmEyZS1lMTBjLTQ3ZDgtYTYzYy05MmFiNTViNGJiNGYiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlBvc3RtYW4iLCJhdXRoX3RpbWUiOjE1MTA4MzgwNTAsInNlc3Npb25fc3RhdGUiOiJiZjBhNGM5Zi0yZDAwLTQzZDgtODI4OC0wMWI4M2FiMWU1ODAiLCJuYW1lIjoiRnJvZGUgQmVja21hbm4gTmlsc2VuIiwiZ2l2ZW5fbmFtZSI6IkZyb2RlIEJlY2ttYW5uIiwiZmFtaWx5X25hbWUiOiJOaWxzZW4iLCJhY3IiOiI0IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fSwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.DD5TUdN-OYDp9EfHVaNuQurDGcElTx48RlUygUfkxFR7181qJtAO69Pz7u6-7aavo9D9QHRqrXSengUSoyXOl0BmtwPBIuLuEdjKBHtQgvoAOW-xf_7J8mKNcq2_pLp9WO5ajG5N9mvls-DlgE_1nt_MKNtp_bYso11bSn59QIKlUsQ4jY2VqaItsCW04aa1ZFOK5JbuW4quqkqwM0vVglT99oh3CBVLmP3G6JT-i0OVBETSx8sX5-GS7IKuZf-WNzKO3aE4LQc6pweSPbuEpfG9J4EOU5PockJnQNW9keVEdhH_5Nw5Bj_FL8DmFhx03KnkWex9VfT0QfcICwMILA",
    "expires_in": 300,
    "refresh_expires_in": 1800,
    "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YzQxN2QzYi0yMDI1LTRhODctYjYxYS1jZDA2NDllZjgzOGYiLCJleHAiOjE1MTA4Mzk5NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.HN8ZSjaNbiKVts238C41lR6AC4sJyqpjRn2vxoVdG7Dhg6jmwHvk-8vkapPmxQ_s-oCVlMZbDsJAGj1Ecxs-jVZIC4WbL2vlJ_pJpt8d0PaXFu3G1XhnZjSs4d3lWXHLnlrOBMFAUUCEwIGMAuCaS4ef-tSFL0fzG55mb3JlxVJLO6uvlYaIUx_K_5hrQ0e12GreMsXsgwFUnK1JQPThk11dGeHntNEm84nMtz7QfcrV2Ob0RyOcRB796Qbv_NK5BoH9GXZQswW09KpukUPNLru7mvkuPUtnLnAd9ng0QlnrolAv9UOgQJQ2NSw7q70kB7cJ5_J2KSpsOdg49lc-aQ",
    "token_type": "bearer",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJjMzdjN2FlZi00NDdkLTRmMWEtYTMyMi0wMjc4MmZmN2QwMGIiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJQb3N0bWFuIiwic3ViIjoiYjNmNGQ5MTktOGNjNS00MTNjLTllMTEtM2MyYzY3NWIyZjhmIiwidHlwIjoiSUQiLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjoxNTEwODM4MDUwLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwibmFtZSI6IkZyb2RlIEJlY2ttYW5uIE5pbHNlbiIsImdpdmVuX25hbWUiOiJGcm9kZSBCZWNrbWFubiIsImZhbWlseV9uYW1lIjoiTmlsc2VuIiwiYmlydGhkYXRlIjoiMTk2Ni0xMi0xOCIsInVwZGF0ZWRfYXQiOjE0NzQ4OTAzNTEwMDAsImFjciI6IjQiLCJubmluX2FsdHN1YiI6IjE4MTI2NjM1NTQ3IiwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.jPESXd1TFFpiaIiOPDgXbqT1INR6yHdql1ZNsjX77Zf4RnI0xaM_SNC0ZRUdARcSXkZYRNmOUXLAeXh-DAY0Rew31RMXEK_MHJKh-6C0Ooed67ei_cJxephvqe1o7_3HPvpHfOKWPVoJbg7_ytWRLaDRivkmOdkMZzUsFpCeY1GhwUD_g_-Otnsbv-FSQgJ-w-vrehQGHfiuIlP-QYMKxA7cH_-ViJh4NuQ6xzLSafNYCx0vk2NDS9wKwnjaj0Sl2AWL5zaZZ_EEfrFXEg-hWDcAc5YdECM0APFoPESqzi0Cu26bOpnQP7ZuO9DNhB2eoeSOIlC6hu89TIALyB2S8w",
    "not-before-policy": 0,
    "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580"
}

The following are decoding of the tokens returned in the above response:

Decoded tokens
Access Token
{
  "jti": "5bebba2e-e10c-47d8-a63c-92ab55b4bb4f",
  "exp": 1510838469,
  "nbf": 0,
  "iat": 1510838169,
  "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
  "aud": "tinfo",
  "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
  "typ": "Bearer",
  "azp": "Postman",
  "auth_time": 1510838050,
  "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
  "name": "Frode Beckmann Nilsen",
  "given_name": "Frode Beckmann",
  "family_name": "Nilsen",
  "acr": "4",
  "allowed-origins": [],
  "realm_access": {
    "roles": [
      "nnin_altsub",
      "profile"
    ]
  },
  "resource_access": {
    "tinfo": {
      "roles": [
        "address",
        "phone",
        "email"
      ]
    }
  },
  "amr": "BID",
  "preferred_username": "Nilsen, Frode Beckmann",
  "bankid_altsub": "9578-6000-4-30799"
}
 
Refresh Token
{
  "jti": "5c417d3b-2025-4a87-b61a-cd0649ef838f",
  "exp": 1510839969,
  "nbf": 0,
  "iat": 1510838169,
  "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
  "aud": "tinfo",
  "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
  "typ": "Refresh",
  "azp": "Postman",
  "auth_time": 0,
  "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
  "realm_access": {
    "roles": [
      "nnin_altsub",
      "profile"
    ]
  },
  "resource_access": {
    "tinfo": {
      "roles": [
        "address",
        "phone",
        "email"
      ]
    }
  }
}
 
ID Token
{
  "jti": "c37c7aef-447d-4f1a-a322-02782ff7d00b",
  "exp": 1510838469,
  "nbf": 0,
  "iat": 1510838169,
  "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
  "aud": "Postman",
  "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
  "typ": "ID",
  "azp": "Postman",
  "auth_time": 1510838050,
  "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
  "name": "Frode Beckmann Nilsen",
  "given_name": "Frode Beckmann",
  "family_name": "Nilsen",
  "birthdate": "1966-12-18",
  "updated_at": 1474890351000,
  "acr": "4",
  "nnin_altsub": "181266*****",
  "amr": "BID",
  "preferred_username": "Nilsen, Frode Beckmann",
  "bankid_altsub": "9578-6000-4-30799"
}