The userinfo API endpoint may be used to retrieve additional information about an end user beyond what is contained in the ID Token. The end user in question is given by the sub value contained in the access token. The implementation of userinfo is according to the OpenID Connect standard.
By including the supported scopes in the Authorize request, the end user will be presented with consent dialogues dialogues (see User Experience) for the requested end user information. If consent is given, you'll be able to access the TINFO resource servers server by utilizing the Userinfo (TINFO Userinfo Endpoints) API to userinfo endpoint to get the requested end user data by using the Access token as Bearer token.
| Warning | ||
|---|---|---|
| ||
The consent dialogue views and the optional end user information, with the exception of Norwegian National Identity number, are considered experimental. The service can be used freely by merchants, but further development and feature request will not be prioritized going forward. We advice merchants that require information such as email, address and phone number to handle this in their own application as the user may choose to not provide this information through the BankID OIDC service. |
| Table of Contents | ||
|---|---|---|
|
Overview
| URL | https://<tinfo-userinfo-baseurl>/userinfo | ||||||
|---|---|---|---|---|---|---|---|
| Request |
CORS is not supported | ||||||
| Authentication | Access Token as Bearer Token in Authorization Header | ||||||
| Response |
Error responses contains further information on the reason according to standard. | ||||||
| Example | See below |
| Anchor | ||||
|---|---|---|---|---|
|
Userinfo returns signed responses in JWT format. The claims contained in the encoded JWT includes supported standard claims (see table below) along with the following additional claims:
| Claim | Example | Description |
|---|---|---|
iss | <tinfo-baseurl> | TINFO Resource Server |
aud | oidc-testclient | Requesting OIDC client |
Standard claims
| Claim | Scope | Support | Consent | Comment |
|---|---|---|---|---|
subprofile | (any) |  Yes | Subject Identifier. Also contained in ID Token | |
name | profile | Yes | Common Name from associated BankID certificate. Also contained in ID Token | |
given_name | profile | Yes | First name part of the name claim. Also contained in ID Token | |
familiy_name | profile | Yes | Last name (surname) part of the name claim. Also contained in ID Token | |
middle_name | profile |  No | ||
nickname | profile | No | ||
preferred_username | profile | No | ||
profile | profile | No | ||
picture | profile | No | ||
website | profile | No | ||
email | email | Yes |  Consent required | Email is registered by end user himself for the TINFO servicethemselves via consent dialogues after authentication |
email_verified | email | No | ||
gender | profile | No | ||
birthdate | profile | Yes | Birthdate from associated BankID certificate. Also contained in ID Token | |
zoneinfo | profile | No | ||
locale | profile | No | ||
phone_number | phone | Yes | Consent required | Phone number is registered by end user himself for the TINFO serviceuser themselves via consent dialogues after authentication |
phone_number_verified | phone | No | ||
address | address | Yes | Consent required | JSON structure with sub-elements as shown below Address is registered by the end user himself for the TINFO servicethemselves via consent dialogues after authentication |
address:formatted | address | Yes | (see address) | Full address string |
| address | Yes | (see address) | Street address from |
address:locality | address | Yes | (see address) | Norwegian "poststed" |
address:region | address | No | (see address) | |
address:postal_code | address | Yes | (see address) | Norwegian "postnummer" |
address:country | address | No | (see address) | |
updated_at | profile | Yes | Epoc Epoch time for latest update of any of the supported TINFO data elements | |
| nnin | nnin | Yes | Consent required | Norwegian National Identiy Number (aka Norwegian SSN).Identity Number |
Anchor example example
Example
| example | |
| example |
...
| language | xml |
|---|---|
| title | Userinfo request |
...
Response
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"iss": "https://prototype.bankidnorge.no/tinfo-core-systemtest/",
"sub": "9578-6000-4-30799",
"aud": "oidc-testclient",
"name": "Frode Beckmann NIlsen",
"given_name": "Frode",
"family_name": "NIlsen",
"updated_at": 1519992419860,
"email": "frobnil@online.no",
"birthdate": "181266",
"phone_number": "95871775",
"address": {
"formatted": "Lybekkveien 11C\nOslo 0772",
"street_address": "Lybekkveien 11C",
"locality": "0772",
"postal_code": "Oslo"
}
} |
...