The OpenID Connect Provider from BankID provides ID Tokens with uniform characteristics regarless of the IDP being used in any particular case. The claims returned in an ID Token from the OIDC Provider depends one the scopes requested requested by the OIDC Client. Two different configurations are supported as suggested by the below table, corresponding to the standard scopes openid and profile.
...
Additional claims about the end-user are supported by the TINFO service and made available via Userinfo value-added service. Note that all claims supported in ID Tokens are available to any OIDC Client and none of the claims demand consent from the end user. This is in contrast to claims supported by TINFO that must meet certain conditions before actually being returned to a requesting OIDC Client.
...
| Claim | Support | Example | Description | Comment | Editorial comment | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Minimum ID Token (scope = openid) | |||||||||||
iss |  | https://preview.bankidapis.no | Issuer Identifier for the Issuer | ||||||||
sub | | 9578-5999-4-1765512 | Subject Identifier | Personal Identifier from BankID (Serial number from associated BankID certificate) | nnin_altsub |   | 181266***** | Norwegian National Identity Number (fødselsnummer) Alternate sub, providing eligible OIDC clients nnin as a reference to already existing users. Only availble with authorization code flow. Other flows would expose nnin via the IDToken flowing through the end-user browser. For acces to nnin for eligible OIDC clients for enrollment of new users, see Userinfo. | |||
| | DotNetClient | Audience | Always includes client_id | |||||||
exp | | 1494144386 | Expiration time | Epoc time | |||||||
iat | | 1494140787 | Issuing time | Epoc time | |||||||
auth_time | | 1494140786 | Authentication time | Epoc time | |||||||
nonce | | <random value> | Nonce | acr | | 4 | Authentication Context Class Reference | Level of Assurance (LoA) for IDP option being used | |||
amr | | BankID | Authentication Method Reference | Name of IDP option being used | |||||||
azp | | DotNetClient | Authorized party | Equals client_id | |||||||
alg | | RS256 | Algorithm used to sign ID Token | ||||||||
typ | | JWT | Type of key used to sign ID Token | ||||||||
kid | | bankid-oauth | ID of key used to sign ID Token | at_hash | | <hash value> | Access Token hash value | Required for hybrid flow and implicit flow||||
c_hash | | <hash value> | Code hash value | Hybrid flow | |||||||
Regular ID Token (scope = openid profile) | |||||||||||
name | | Nilsen, Frode Beckmann | Full name | CommonName from associated BankID certificate | |||||||
given_name | | Frode Beckmann | Given name (first name) | ||||||||
family_name | | Nilsen | Surname (last name) | ||||||||
preferred_username | | Nilsen, Frode Beckmann | Shorthand name | Must be reviewed | |||||||
birthdate | | 1966-12-18 | Birthdate | BirthDate from associated BankID certificate | updated_at | | 1468582440 | Update time | Epoc time of issuing time of associated BankID certificate | Must be added | |