userinfo endpoint may be used to retrieve additional information about an end user beyond what is contained in the ID Token. The end user in question is given by the
sub value contained in the access token.
By including the supported scopes in the authorize request, the end user will be presented with consent dialogues (see User Experience) for the requested end user information. If consent is given, you'll be able to access the TINFO resource server by utilizing the userinfo endpoint to get the requested end user data by using the Access token as Bearer token.
The consent dialogue views and the optional end user information, with the exception of Norwegian National Identity number, are considered experimental. The service can be used freely by merchants, but further development and feature request will not be prioritized going forward. We advice merchants that require information such as email, address and phone number to handle this in their own application as the user may choose to not provide this information through the BankID OIDC service.
CORS is not supported
|Authentication||Access Token as Bearer Token in Authorization Header|
Error responses contains further information on the reason according to standard.
Userinfo returns signed responses in JWT format. The claims contained in the encoded JWT includes supported standard claims (see table below) along with the following additional claims:
|Userinfo (TINFO) Resource Server|
|Requesting OIDC client|
|Yes||Subject Identifier. Also contained in ID Token|
|Yes||Common Name from associated BankID certificate. Also contained in ID Token|
|Yes||First name part of the |
|Yes||Last name (surname) part of the |
|Yes||Consent required||Email is registered by end user themselves via consent dialogues after authentication|
|Yes||Birthdate from associated BankID certificate. Also contained in ID Token|
|Yes||Consent required||Phone number is registered by end user themselves via consent dialogues after authentication|
JSON structure with sub-elements as shown below
Address is registered by the end user themselves via consent dialogues after authentication
|Yes||(see address)||Full address string|
|Yes||(see address)||Street address|
|Yes||(see address)||Norwegian "poststed"|
|Yes||(see address)||Norwegian "postnummer"|
|Yes||Epoch time for latest update of any of the supported TINFO data elements|
|nnin||nnin||Yes||Consent required||Norwegian National Identity Number|