OpenID connect
Read more about the OpenID Connect specification / OAuth2 specification
Supported scopes
- openid: required
- profile: gives you name, given name and family name in the token
- ssn: Socialsecurity number, have to be fetched from the userinfo endpoint
Identity providers
- Norwegian BankID (NO)
- Norwegian Buypass
- Swedish BankID
- Finish Tupas comming soon
- Danish Nemid comming soon
- Mobile Connect comming soon
The identityproviders are mapped to the following idps (se list below) this will appeare in the identitoken and can be used in the request to preselct a idp.
To preselect idp add for example idp:NO_BANKID_MOBILE to acr_values.
- NO_BANKID_MOBILE
- NO_BANKID_WEB
- NO_BUYPASS
- SWE_BANKID
- SWE_BANKID_MOBILE
- DA_NEMID
- FI_TUPAS
Example identitytoken
{
"iss": "https://oauth.signere.no/oidc",
"aud": "js.tokenmanager",
"exp": 1470297715,
"nbf": 1470297415,
"nonce": "12117069867380629",
"iat": 1470297415,
"sid": "d90713d19275db83f238bb8ed4bdd6ad",
"sub": "9578-6000-4-48855",
"auth_time": 1470297412,
"idp": "NO_BANKID_WEB",
"name": "Synnevaag, Rune",
"given_name": "Rune",
"family_name": "Synnevaag",
"amr": [
"external"
]
}
Custom error or/and error urls
If you want to customize the return urls for abort (user aborts the identification) or error you can do this by adding aborturl:https://youraborturl or errorurl:https://yourerrorurl to the acr_values property. Read more about acr_value in the openid-connect spec: http://openid.net/specs/openid-connect-core-1_0.html
Test client
To test you can use this client: https://oidcclient.azurewebsites.net/
Norwegian BankID test credentials:
- Socialsecuritynumber: 11080258625 Name: Gates, Bill
- Socialsecuritynumber: 02038073735 Name: Musk, Elon
- Socialsecuritynumber: 02035031930 Name: Jobs, Steve