OpenID connect
Read more about the OpenID Connect specification / OAuth2 specification
Supported scopes
- openid: required
- profile: gives you name, given name and family name in the token
- ssn: Socialsecurity number, have to be fetched from the userinfo endpoint
Identity providers
- Norwegian BankID (NO)
- Norwegian Buypass
- Swedish BankID
- Finish Tupas comming soon
- Danish Nemid comming soon
- Mobile Connect comming soon
The identityproviders are mapped to the following idps (se list below) this will appeare in the identitoken and can be used in the request to preselct a idp.
To preselect idp add for example idp:NO_BANKID_MOBILE to acr_values.
- NO_BANKID_MOBILE
- NO_BANKID_WEB
- NO_BUYPASS
- SWE_BANKID
- SWE_BANKID_MOBILE
- DA_NEMID
- FI_TUPAS
Example identitytoken
{ "iss": "https://oauth.signere.no/oidc", "aud": "js.tokenmanager", "exp": 1470297715, "nbf": 1470297415, "nonce": "12117069867380629", "iat": 1470297415, "sid": "d90713d19275db83f238bb8ed4bdd6ad", "sub": "9578-6000-4-48855", "auth_time": 1470297412, "idp": "NO_BANKID_WEB", "name": "Synnevaag, Rune", "given_name": "Rune", "family_name": "Synnevaag", "amr": [ "external" ] }
Custom error or/and error urls
If you want to customize the return urls for abort (user aborts the identification) or error you can do this by adding aborturl:https://youraborturl or errorurl:https://yourerrorurl to the acr_values property. Read more about acr_value in the openid-connect spec: http://openid.net/specs/openid-connect-core-1_0.html
Test client
To test you can use this client: https://oidcclient.azurewebsites.net/
Norwegian BankID test credentials:
- Socialsecuritynumber: 11080258625 Name: Gates, Bill
- Socialsecuritynumber: 02038073735 Name: Musk, Elon
- Socialsecuritynumber: 02035031930 Name: Jobs, Steve