Access Tokens can be categorized in two classes:
In either case, the resulting token (value) is ment for use as a standard Bearer Tokens in the request to the value-added service for which the token regulates access.
The Authorization Context of an Access Token referes to attributes such as:
iss)
of the access token. See corresponding claim in ID Token.sub)
of the access token, ie. a reference to the end-user (resource owner) that authorized the access token. See corresponding claim in ID Token.aud)
for the access token, ie. a reference to the Value-Added Service (VAS) that the access token regulates access to. Note that this is not related to the corresponding claim in the ID Token. The audience for the ID Token (being the OIDC Client) is different from the audience for an Access Token (being the VAS in question). exp)of
the access tokenThe Default Acess Token in this release of the OIDC Provider from BankID has its origin from Apache CXF and has the following characteristics:
The default token has generic characteristics and can be used as a general-purpose token unless a more specific or tailor-made token is desired. The default token is public since it can be used by any Value-added Service (VAS) that is registered with (and hence trust) the OIDC Provider from BankID. The default token is used by the TINFO-service.
See the list of supported Value-added Services (VAS) for further information of Access Tokens for each such service.