The OIDC Provider from BankID supports two general classes of Access Tokens. 

The Authorization Context of an Access Token referes to attributes such as:

The OIDC Provider issues different types of Access Tokens to OIDC Clients depending on the requested types of Protected Resources (as given by the Scopes and Claims contained in the request).

The OIDC Provider returns a Default Token in terms of a standard bearer token of generic nature having the following characteristics:

The Default Token is public since it can be used by any Resource Server that is registered with (and hence trust) the OIDC Provider from BankID. The TINFO (Userinfo) service accepts the DefaultToken. The PSD2 Service does in contrast defines a set of customized tokens, including both by-reference tokens and self-contained tokens, for access to Protected Resources.

Other types of access tokens may be added to support authorization for Protected Resources beyond those currently supported. One particular example is to add support for private bearer tokens, ie. tokens working only with specific Resource Servers (private audiance). Other attributes such at the lifetime and allowed OIDC Clients can be tailored fo such tokens to match any specific requirements.