National Identity Number
We offer a method to have BankID ask consent for storing National Identity Number on your behalf.
This method is relevant for you if you need to store the end user's national identity number in your own systems and prefer to let BankID OIDC handle the UX when collecting the consent from the End User.
By implementing this flow you can trigger an on-demand dialogue asking for end-user consent to share NNIN (fødselsnummer) with the merchant.
In summary the solution makes the following assumptions:
- Merchants are responsible to store the end-user consent. BankID does not store consent.
- Ideally, merchants will only ask for a user's consent to share NNIN once per user.
- The merchant application must be able to check if a NNIN is already stored in the context of the authentication session (explained below)
Beware that you are responsible for storing the End User's consent in your own systems. BankID OIDC does not store any consent.
Implementation steps
Step | What you do | Endpoint | Method | Considerations | Remarks |
---|---|---|---|---|---|
1 | Start a Authorization Request to BankID OIDC with scope | authorize | GET | This is your bread-and-butter request that will initiate BankID identification. We highly recommend using redirect mode as this is the industry standard. Iframe integrations are strongly discouraged, prone to errors and unsupported. | |
2 | Exchange authorization code for tokens and get NNIN from ID Token. | token | POST | Check matching | You can get the NNIN from the claim |
3 | Check your system if NNIN is already stored for the user. If yes, all is well and we stop here. If no, we continue with steps 4-6. | Unless you ask for email, address or phone, there is no need to call Userinfo endpoint here as all userinfo should be available in the ID token (name, NNIN etc.) | |||
4 | Make a new authorize-request with nnin scope in the scope list and ID Token in id_token_hint parameter. | authorize | GET | Include scope nnin . Add ID token from 4) as id_token_hint | The Instead, the end-user will be prompted for consent for sharing their national identity number with you. |
5 | Exchange authorization code for tokens | token | POST | Check matching nonce and remember to verify JWT tokens. | |
6 | Call Userinfo endpoint to get National Identity Number | Userinfo | GET | Use Access token from 5) as Bearer token | If the user has given consent, the NNIN will be available in the claim If the user has not given consent, you won't be able to find the |