A minimum ID Token returned by the OIDC Provider from BankID contains the following claims, among which sub
is the only claim that is linked to the actual user.
Claim | Support | Example | Description | Comment | Editorial comment |
---|---|---|---|---|---|
iss | https://preview.bankidapis.no | Issuer Identifier for the Issuer | |||
sub | 9578-5999-4-1765512 | Subject Identifier | Personal Identifier from BankID (Serial number from associated BankID certificate) | ||
aud | DotNetClient | Audience | Always includes client_id | ||
exp | 1494144386 | Expiration time | Epoc time | ||
iat | 1494140787 | Issuing time | Epoc time | ||
auth_time | 1494140786 | Authentication time | Epoc time | ||
nonce | <random value> | Nonce | |||
acr | 4 | Authentication Context Class | Level of Assurance for IDP option being used | Must be added | |
amr | BankID | Authentication Method Reference | Name of IDP option being used | ||
azp | DotNetClient | Authorized party | Equals client_id | ||
alg | RS256 | Algorithm used to sign ID Token | |||
typ | JWT | Type of key used to sign ID Token | |||
kid | bankid-oauth | ID of key used to sign ID Token | |||
at_hash | <hash value> | Access Token hash value | Must be added. Required for hybrid flow and implicit flow | ||
c_hash | <hash value> | Code hash value | Hybrid flow |
The following basic claims about the end user may in addition be added to the ID Token, depending on the scopes and claims requested by the OIDC Client.
Claim | Support | Example | Description | Comment | Editorial comment |
---|---|---|---|---|---|
name | Nilsen, Frode Beckmann | Full name | CommonName from associated BankID certificate | ||
gender | Male | Gender | Must be added | ||
birthdate | 1966-12-18 | Birthdate |
Claims about the authenticated user beyond this basic set is available via Userinfo linked to the Additional Information service
Userinfo claims
Claim | Support | Example | Description | Comment |
---|---|---|---|---|
sub | 9578-5999-4-1765512 | Subject Identifier | ||
name | Nilsen, Frode Beckmann | Full name | ||
given_name | Frode Beckmann | Given name (first name) | ||
family_name | Nilsen | Surname (last name) | ||
middle_name | Middle Name | REV | ||
nickname | Casual name | |||
preferred_username | Nilsen, Frode Beckmann | Shorthand name | REV | |
profile | Profile page URL | |||
picture | Picture URL | |||
website | Homepage URL | |||
email | Preferred email | REV | ||
email_verified | Email verification status | REV | ||
gender | Gender | REV | ||
birthdate | 1966-12-18 | Birthdate | ||
zoneinfo | Time zone | |||
locale | Locale | |||
phone_number | 95871775 | Preferred phone numer | ||
phone_number_verified | false | Phone number verification status | ||
address | { "formatted": "Lybekkveien 11C\n0772 Oslo\nNorway", "country": "Norway", "street_address": "Lybekkveien 11C", "postal_code": "0772", "locality": "Oslo", "house_number": "11", "house_letter": "C", "street_name": "Lybekkveien" } | Postal address | ||
all_phone_numbers | {"number":"95871775","number_verified":false},{"number":"46897469","number_verified":false},{"number":"94782958","number_verified":false} |
Claim | Support | Example | Description | Comment |
---|---|---|---|---|
country | ||||
street_address | ||||
postal_code | ||||
locality | ||||
house_numer | ||||
house_letter | ||||
street_name | ||||
all_phone_numbers |