The OIDC Provider from BankID supports two general classes of Access Tokens.
The Authorization Context of any Access Token referes to the following characteristics:
iss)
of the access token. See corresponding claim in ID Token.sub)
of the access token, ie. a reference to the end-user (resource owner) that authorized the access token. See corresponding claim in ID Token.aud)
for the access token, ie. a reference to the service (resource server) that the access token regulates access to. Note that this is not related to the corresponding claim in the ID Token. The audience for the ID Token (being the OIDC Client) is different from the audience for an Access Token (being the Resource Server in question). exp)of
the access tokenThe particular type of Access Token issued by the OIDC Provider for any request from a OIDC Client is determined by the scope and claims contained in the request. Hence, Access Tokens have different characteristics for each of tthe supported Supplementary Services as described separately: