...
| Step | What you do | Endpoint | Method | Considerations | Remarks |
|---|---|---|---|---|---|
| 1 | Get the key properties of the OIDC provider | Openid-configuration | GET | ||
| 2 | Build the authorization URL, and redirect the user to the authorization endpoint | Authorize | GET | Include scope In the callback, make sure to check for error and matching states | The user authenticates with selected IDP method |
| 3 | Exchange authorization code for tokens | Token | POST | Check matching | Use the ID token to identify the user. |
| 4 | Fetch our public keys and use these to validate token signatures | jwk | GET | ||
| 5 | Make a new authorize-request | Authorize | GET | Include scope nnin. Add ID token from 4) as id_token_hint | This will prompt the end-user consent for sharing their national identity number with you. For more, see consent dialogues. |
| 6 | Exchange authorization code for tokens | Token | POST | Check matching nonce. | |
| 7 | Download national identity number from resource severs | Userinfo (TINFO Userinfo Endpoints) | GET | Use Access token from 6) as Bearer token | If the user has not given consent, you won't be able to download this from the resource server. |
...