National Identity Number

We offer a method to have BankID ask consent for storing National Identity Number on your behalf.

This method is relevant for you if you need to store the end user's national identity number in your own systems and prefer to let BankID OIDC handle the UX when collecting the consent from the End User.

By implementing this flow you can trigger an on-demand dialogue asking for end-user consent to share NNIN (fødselsnummer) with the merchant.

In summary the solution makes the following assumptions:

  • Merchants are responsible to store the end-user consent. BankID does not store consent.
  • Ideally, merchants will only ask for a user's consent to share NNIN once per user.
  • The merchant application must be able to check if a NNIN is already stored in the context of the authentication session (explained below)

Beware that you are responsible for storing the End User's consent in your own systems. BankID OIDC does not store any consent.

Implementation steps

StepWhat you doEndpointMethodConsiderationsRemarks

Start a Authorization Request to BankID OIDC with scope nnin_altsub in the scope list. Do not include nnin scope now.


This is your bread-and-butter request that will initiate BankID identification.

We highly recommend using redirect mode as this is the industry standard.

Iframe integrations are strongly discouraged, prone to errors and unsupported.

2Exchange authorization code for tokens and get NNIN from ID Token.tokenPOST

Check matching nonce and remember to verify JWT tokens.

You can get the NNIN from the claim nnin_altsub in ID token to identify the user.


Check your system if NNIN is already stored for the user. 

If yes, all is well and we stop here.

If no, we continue with steps 4-6.

Unless you ask for email, address or phone, there is no need to call Userinfo endpoint here as all userinfo should be available in the ID token (name, NNIN etc.)
4Make a new authorize-request with nnin scope in the scope list and ID Token in id_token_hint parameter.authorizeGETInclude scope nnin. Add ID token from 4) as id_token_hint

The id_token_hint will skip BankID identification (to avoid users having to identify twice in a row).

Instead, the end-user will be prompted for consent for sharing their national identity number with you.

5Exchange authorization code for tokenstokenPOSTCheck matching nonce and remember to verify JWT tokens.
6Call Userinfo endpoint to get National Identity NumberUserinfoGETUse Access token from 5) as Bearer token

If the user has given consent, the NNIN will be available in the claim nnin.

If the user has not given consent, you won't be able to find the nnin claim.