The OIDC Provider from BankID supports two general classes of Access Tokens.
The Authorization Context of an Access Token referes to attributes such as:
iss)
of the access token. See corresponding claim in ID Token.sub)
of the access token, ie. a reference to the end-user (resource owner) that authorized the access token. See corresponding claim in ID Token.aud)
for the access token, ie. a reference to the Protected Resouce that the access token regulates access to. Note that this is not related to the corresponding claim in the ID Token. The audience for the ID Token (being the OIDC Client) is different from the audience for an Access Token (being the Resource Server in question). exp)of
the access tokenThe OIDC Provider issues different types of Access Tokens to OIDC Clients depending on the requested types of Protected Resources (as given by the Scopes and Claims contained in the request). The OIDC Provider supports
The default type of Access Token, which is used by the TINFO (Userinfo) service, is a standard Bearer Token that is general. is not associated with any particular value for the audience (aud) attribute.
be used by any Protected Resource. Hence, the default token audience (aud)
Each particular type of Access Token is associated with a Supplementary Services as described separately: