The OIDC Provider is currently available in three different pilot configurations corresponding to the columns in the following table. Each of the pilot configurations support various feature combinations as shown. All features will be consolidated into one single configuration after the pilot phase.  Each of the configurations are in turn available in different environments (preview, pre-prod), each with its own base URL for the REST API and URL for the default GUI component, respectively.

(tick) = Supported. (error) = Not supported. (warning) = In progress / future support

 

Protected Resources 
 BankID pilotxID pilotPSD2 pilot
Identity Providers   
BankID(tick)(tick)(warning) 
xID(error)(tick)(warning) 
Protcted Resources   
TINFO(tick)(tick)(warning) 
PSD2(error)(error)(warning) 
Base URLs   
Preview

API: preview.bankidapis.no/oidc

GUI: oidc.bankidnorge.no

API: preview.bankidapis.no/oidc-xid-poc

GUI: xid-poc.bankidnorge.no

(warning) 
Pre-prod

API: preprod.bankidapis.no/oidc

GUI: oidc-preprod.bankidnorge.no

API: preprod.bankidapis.no/oidc-xid-poc

GUI: xid-poc-preprod.bankidnorge.no

(warning) 
Configuration metadata   
Previewpreview.bankidapis.no/oidc/oauth/.well-known/openid-configurationpreview.bankidapis.no/oidc-xid-poc/oauth/.well-known/openid-configuration(warning) 
Pre-prodpreprod.bankidapis.no/oidc/oauth/.well-known/openid-configuration preprod.bankidapis.no/oidc-xid-poc/oauth/.well-known/openid-configuration(warning) 

Please contact developer@bankidnorge.no to request access to any of the pilot configurations in any of the environments.

The following information must be supplied by the owner of the OIDC Client that requests access.

  • Description on what the OIDC Client is going to be used for
  • Contact information for both technical and commercial requests.
  • Requested Identity Providers (IDPs).
  • Requested Protected Resources
  • If BankID is requested, optionally a BankID Merchant certificate to be used, thus replacing the default certificate of the OIDC Service itself.
  • Requested scopes and claims (user properties or resources). 
  • One of more URLs where control will redirected back to the OIDC client (redirect URLs must be pre-registered for safety reasons).
  • A display name for the OIDC Client that will be shown in the header of the (default) OIDC dialogues.
  • Optionally an URL for custom GUI handling overriding the default GUI component of the OIDC Provider.

Sucessfull enrollment results in the return of a client_id and a client_secret that the owner of the OIDC Client must use when calling selected endpoints of the REST API.