A minimum ID Token returned by the OIDC Provider from BankID contains the following claims, among which sub
is the only claim that is linked to the actual user.
Claim | Support | Example | Description | Comment | Editorial comment |
---|---|---|---|---|---|
iss | https://preview.bankidapis.no | Issuer Identifier for the Issuer | |||
sub | 9578-5999-4-1765512 | Subject Identifier | Personal Identifier from BankID (Serial number from associated BankID certificate) | ||
aud | DotNetClient | Audience | Always includes client_id | ||
exp | 1494144386 | Expiration time | Epoc time | ||
iat | 1494140787 | Issuing time | Epoc time | ||
auth_time | 1494140786 | Authentication time | Epoc time | ||
nonce | <random value> | Nonce | |||
acr | 4 | Authentication Context Class | Level of Assurance for IDP option being used | Must be added | |
amr | BankID | Authentication Method Reference | Name of IDP option being used | ||
azp | DotNetClient | Authorized party | Equals client_id | ||
alg | RS256 | Algorithm used to sign ID Token | |||
typ | JWT | Type of key used to sign ID Token | |||
kid | bankid-oauth | ID of key used to sign ID Token | |||
at_hash | <hash value> | Access Token hash value | Must be added. Required for hybrid flow and implicit flow | ||
c_hash | <hash value> | Code hash value | Hybrid flow |
The following basic claims about the end user may in addition be added to the ID Token, depending on the scopes and claims requested by the OIDC Client.
Claim | Support | Example | Description | Comment | Editorial comment |
---|---|---|---|---|---|
name | Nilsen, Frode Beckmann | Full name | CommonName from associated BankID certificate | ||
gender | Male | Gender | Must be added | ||
birthdate | 1966-12-18 | Birthdate |
Claims about the authenticated user beyond this basic set is available via Userinfo associated with the Additional Information service.
Note that a minimum ID Token can be used by OIDC Clients that need to authenticate end-users in an anonumous way. The sub
value does not identify the user unless it is linked by the OIDC Client to other claims about the end user associated with the corresponding sub
value.
Userinfo claims
Claim | Support | Example | Description | Comment |
---|---|---|---|---|
sub | 9578-5999-4-1765512 | Subject Identifier | ||
name | Nilsen, Frode Beckmann | Full name | ||
given_name | Frode Beckmann | Given name (first name) | ||
family_name | Nilsen | Surname (last name) | ||
middle_name | Middle Name | REV | ||
nickname | Casual name | |||
preferred_username | Nilsen, Frode Beckmann | Shorthand name | REV | |
profile | Profile page URL | |||
picture | Picture URL | |||
website | Homepage URL | |||
email | Preferred email | REV | ||
email_verified | Email verification status | REV | ||
gender | Gender | REV | ||
birthdate | 1966-12-18 | Birthdate | ||
zoneinfo | Time zone | |||
locale | Locale | |||
phone_number | 95871775 | Preferred phone numer | ||
phone_number_verified | false | Phone number verification status | ||
address | { "formatted": "Lybekkveien 11C\n0772 Oslo\nNorway", "country": "Norway", "street_address": "Lybekkveien 11C", "postal_code": "0772", "locality": "Oslo", "house_number": "11", "house_letter": "C", "street_name": "Lybekkveien" } | Postal address | ||
all_phone_numbers | {"number":"95871775","number_verified":false},{"number":"46897469","number_verified":false},{"number":"94782958","number_verified":false} |
Claim | Support | Example | Description | Comment |
---|---|---|---|---|
country | ||||
street_address | ||||
postal_code | ||||
locality | ||||
house_numer | ||||
house_letter | ||||
street_name | ||||
all_phone_numbers |