Token is a standard endpoint used for requesting various combinations of ID Token, Access Token and Refresh Token. The type of request (and corresponding response) is determined by the grant_type
request parameter as described further below.
...
URL | https://<oidc-baseurl>/protocol/openid-connect/token |
---|---|
Request | POST with parameters in body as application/x-www-form-urlencoded data |
Authentication | OIDC/OAuth2 client authentication according to supported methods |
Success response | 200 OK with JSON containing response elements |
Error response | 400 Bad request with JSON containing standard error reponse elements |
Example | See below |
...
POST /auth/realms/current/protocol/openid-connect/token HTTP/1.1 Authorization: Basic b2lkYy10ZXN0Y2xpZW50OmVmMWE4ZWM2LTUwODctNDQ0Yy04NGJlLTU0YTYxZjg4MTIyZQ== |
Refresh Token
This grant type is used to refresh a previously issued Access Token via a corresponding Refresh Token issued along with the previous Access Token.
...
Anchor | ||||
---|---|---|---|---|
|
...
Authorization code grant token exchange
The following example shows a request / response pair for an Authorization Code Grant. The example is generated from Postman (which is configured as a client at the OIDC Provider) corresponding to the example shown for the Authorize endpoint.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
POST /auth/realms/preprodcurrent/protocol/openid-connect/token HTTP/1.1 Host: oidc-preprod.bankidapisauth.current.bankid.no Connection: close Content-Length: 306User-Agent: curl/7.64.1 Accept: */* Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop Authorization: Basic UG9zdG1hbjo5YWE3NDBhZi03NGIxLTQ2ODMtOWFhNi02NWJiNDBmYmY1Zjkb2lkYy10ZXN0Y2xpZW50OjAxMjM0NTY3LTg5YWItY2RlZi0wMTIzLTQ1Njc4OWFiY2RlZg== UserContent-AgentLength: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Content-Type: application/207 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 grant_type=authorization_code&redirect_uri=https%3A%2F%2Fwwwhttps%3A%2F%2Ftestclient.getpostman.com%2Foauth2%2Fcallback&grant_type=authorization_code&state=10455063&code=uss.iq5WXmK5dDQCprQn8kMz_EIiBrAYA0hxOc9jZM0pZfo.bf0a4c9f-2d00-43d8-8288-01b83ab1e580.1714e8ff-0adf-449f-8c50-bf0a77617a43 local%3A8487%2Fcallback&code=521e89e9-5b3e-49d2-9647-2aeed215c5d7.66801cef-7746-4391-a018-43bda5c7002b.0ab47fe7-0373-4b80-b517-065f5a5a3769 HTTP/1.1 200 OK Date: ThuWed, 1618 NovAug 20172021 1311:1427:3637 GMT Server: web Cache-Control: WildFly/10no-store X-PoweredXSS-ByProtection: Undertow/1 Content-Type: application/json Content-Length: 3770 Via: 1.1 oidc-preprod.bankidapis.no Connection: close; mode=block Pragma: no-cache Referrer-Policy: no-referrer Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff Content-Type: application/json Content-Length: 4301 { "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YmViYmEyZS1lMTBjLTQ3ZDgtYTYzYy05MmFiNTViNGJiNGYiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlBvc3RtYW4iLCJhdXRoX3RpbWUiOjE1MTA4MzgwNTAsInNlc3Npb25fc3RhdGUiOiJiZjBhNGM5Zi0yZDAwLTQzZDgtODI4OC0wMWI4M2FiMWU1ODAiLCJuYW1lIjoiRnJvZGUgQmVja21hbm4gTmlsc2VuIiwiZ2l2ZW5fbmFtZSI6IkZyb2RlIEJlY2ttYW5uIiwiZmFtaWx5X25hbWUiOiJOaWxzZW4iLCJhY3IiOiI0IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fSwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9eyJleHAiOjE2MjkyODYzNTcsImlhdCI6MTYyOTI4NjA1NywiYXV0aF90aW1lIjoxNjI5Mjg1OTk4LCJqdGkiOiI2MzE5M2JlYS0zYzA3LTRhNGQtODY3YS02NWJjYzk3MDQ2NDgiLCJpc3MiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsImF1ZCI6InRpbmZvIiwic3ViIjoiMmNkN2NlY2QtZDQ0NC00Njg1LWJiMDQtOGJiZmRiNDVhMDY5IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoib2lkYy10ZXN0Y2xpZW50Iiwibm9uY2UiOiJkZW1vTm9uY2UiLCJzZXNzaW9uX3N0YXRlIjoiNjY4MDFjZWYtNzc0Ni00ZGQ2LWEwMTgtNDNiZGE1YzcwMDJiIiwibmFtZSI6IlRlc3QgVXNlciBCYW5rSUQiLCJnaXZlbl9uYW1lIjoiVGVzdCBVc2VyIiwiZmFtaWx5X25hbWUiOiJCYW5rSUQiLCJiaXJ0aGRhdGUiOiIyMDE4LTA1LTA5IiwiYWNyIjoidXJuOmJhbmtpZDpiaWQ7TE9BPTQiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbInByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIiwiYW1yIjoiQklEIiwicmVzb3VyY2VfY2xhaW1zIjp7fSwiYmFua2lkX2FsdHN1YiI6Ijk1NzgtNjAwMC00LTYzNDU4MiIsIm9yaWdpbmF0b3IiOiJDTj1CYW5rSUQgLSBUZXN0QmFuazEgLSBCYW5rIENBIDMsT1U9MTIzNDU2Nzg5LE89VGVzdEJhbmsxIEFTLEM9Tk87T3JnaW5hdG9ySWQ9OTk4MDtPcmlnaW5hdG9yTmFtZT1CSU5BUztPcmlnaW5hdG9ySWQ9OTk4MCJ9.DD5TUdN-OYDp9EfHVaNuQurDGcElTx48RlUygUfkxFR7181qJtAO69Pz7u6-7aavo9D9QHRqrXSengUSoyXOl0BmtwPBIuLuEdjKBHtQgvoAOW-xf_7J8mKNcq2_pLp9WO5ajG5N9mvls-DlgE_1nt_MKNtp_bYso11bSn59QIKlUsQ4jY2VqaItsCW04aa1ZFOK5JbuW4quqkqwM0vVglT99oh3CBVLmP3G6JT-i0OVBETSx8sX5-GS7IKuZf-WNzKO3aE4LQc6pweSPbuEpfG9J4EOU5PockJnQNW9keVEdhH_5Nw5Bj_FL8DmFhx03KnkWex9VfT0QfcICwMILAn1DGMVcHmEB5wL03QkE51cqAtl5uUr-slOd89lfy_ufF9U_X8JypI8WG_PXieX6eXMiFwR0vak3DtHKKmnx0Y1qRtfKAM12m1c6EvqrhbMa3NvLtdZoAQ8YfmQ2sB2bSg4bmtB4iEDbO9eLrMc1bb0yyFuT3bbQr0cqcLl5u3Ig0ZsNNoyRV-XJBfLEWjswEsPag6xwu6AG_4K1lDaqGiFM4XoQl0LrDAN0Wz9RGYyR7eBrohvfV22XZCZadt-T7Dyc6gr_UIY8tyoA3Lh7rXtnzxybL8a4rWDHAACp5VSFLRLS_61yumrB4g5AwJvdj0MF6ngJzHj2XyF0Eu3MdfA", "expires_in": 300, "refresh_expires_in": 1800, "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjMWJjNDkyYy1jNDYwLTQ1ZWItYTQ5Yi1hYjAxY2IyZGJkOGIifQ.eyJqdGkiOiI1YzQxN2QzYi0yMDI1LTRhODctYjYxYS1jZDA2NDllZjgzOGYiLCJleHAiOjE1MTA4Mzk5NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0eyJleHAiOjE2MjkyODc4NTcsImlhdCI6MTYyOTI4NjA1NywianRpIjoiNTM2NjI5ZTgtZWIzZS00MmY1LTgxYTAtMmUzZWJiZTI2ZGM3IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmN1cnJlbnQuYmFua2lkLm5vL2F1dGgvcmVhbG1zL2N1cnJlbnQiLCJhdWQiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsInN1YiI6IjJjZDdjZWNkLWQ0NDQtNDY4NS1iYjA0LThiYmZkYjQ1YTA2OSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJvaWRjLXRlc3RjbGllbnQiLCJub25jZSI6ImRlbW9Ob25jZSIsInNlc3Npb25fc3RhdGUiOiI2NjgwMWNlZi03NzQ2LTRkZDYtYTAxOC00M2JkYTVjNzAwMmIiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIn0.HN8ZSjaNbiKVts238C41lR6AC4sJyqpjRn2vxoVdG7Dhg6jmwHvk-8vkapPmxQ_s-oCVlMZbDsJAGj1Ecxs-jVZIC4WbL2vlJ_pJpt8d0PaXFu3G1XhnZjSs4d3lWXHLnlrOBMFAUUCEwIGMAuCaS4ef-tSFL0fzG55mb3JlxVJLO6uvlYaIUx_K_5hrQ0e12GreMsXsgwFUnK1JQPThk11dGeHntNEm84nMtz7QfcrV2Ob0RyOcRB796Qbv_NK5BoH9GXZQswW09KpukUPNLru7mvkuPUtnLnAd9ng0QlnrolAv9UOgQJQ2NSw7q70kB7cJ5_J2KSpsOdg49lc-aQLwE6_mB1JSIF9EfjlP5cQeoQjvnGTzxtaVR2Qae4WIM", "token_type": "bearer", "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJjMzdjN2FlZi00NDdkLTRmMWEtYTMyMi0wMjc4MmZmN2QwMGIiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJQb3N0bWFuIiwic3ViIjoiYjNmNGQ5MTktOGNjNS00MTNjLTllMTEtM2MyYzY3NWIyZjhmIiwidHlwIjoiSUQiLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjoxNTEwODM4MDUwLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwibmFtZSI6IkZyb2RlIEJlY2ttYW5uIE5pbHNlbiIsImdpdmVuX25hbWUiOiJGcm9kZSBCZWNrbWFubiIsImZhbWlseV9uYW1lIjoiTmlsc2VuIiwiYmlydGhkYXRlIjoiMTk2Ni0xMi0xOCIsInVwZGF0ZWRfYXQiOjE0NzQ4OTAzNTEwMDAsImFjciI6IjQiLCJubmluX2FsdHN1YiI6IjE4MTI2NjM1NTQ3IiwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.jPESXd1TFFpiaIiOPDgXbqT1INR6yHdql1ZNsjX77Zf4RnI0xaM_SNC0ZRUdARcSXkZYRNmOUXLAeXh-DAY0Rew31RMXEK_MHJKh-6C0Ooed67ei_cJxephvqe1o7_3HPvpHfOKWPVoJbg7_ytWRLaDRivkmOdkMZzUsFpCeY1GhwUD_g_-Otnsbv-FSQgJ-w-vrehQGHfiuIlP-QYMKxA7cH_-ViJh4NuQ6xzLSafNYCx0vk2NDS9wKwnjaj0Sl2AWL5zaZZ_EEfrFXEg-hWDcAc5YdECM0APFoPESqzi0Cu26bOpnQP7ZuO9DNhB2eoeSOIlC6hu89TIALyB2S8weyJleHAiOjE2MjkyODYzNTcsImlhdCI6MTYyOTI4NjA1NywiYXV0aF90aW1lIjoxNjI5Mjg1OTk4LCJqdGkiOiI1NDM5NjM5Mi0wZDdkLTQ0OTUtYjZlMy0xYTQ5NjZmOWM0ZmEiLCJpc3MiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsImF1ZCI6Im9pZGMtdGVzdGNsaWVudCIsInN1YiI6IjJjZDdjZWNkLWQ0NDQtNDY4NS1iYjA0LThiYmZkYjQ1YTA2OSIsInR5cCI6IklEIiwiYXpwIjoib2lkYy10ZXN0Y2xpZW50Iiwibm9uY2UiOiJkZW1vTm9uY2UiLCJzZXNzaW9uX3N0YXRlIjoiNjY4MDFjZWYtNzc0Ni00ZGQ2LWEwMTgtNDNiZGE1YzcwMDJiIiwibmFtZSI6IlRlc3QgVXNlciBCYW5rSUQiLCJnaXZlbl9uYW1lIjoiVGVzdCBVc2VyIiwiZmFtaWx5X25hbWUiOiJCYW5rSUQiLCJiaXJ0aGRhdGUiOiIyMDE4LTA1LTA5IiwidXBkYXRlZF9hdCI6MTYyOTI4MDYyMDAwMCwiYWNyIjoidXJuOmJhbmtpZDpiaWQ7TE9BPTQiLCJhbXIiOiJCSUQiLCJiYW5raWRfYWx0c3ViIjoiOTU3OC02MDAwLTQtNjM0NTgyIiwib3JpZ2luYXRvciI6IkNOPUJhbmtJRCAtIFRlc3RCYW5rMSAtIEJhbmsgQ0EgMyxPVT0xMjM0NTY3ODksTz1UZXN0QmFuazEgQVMsQz1OTztPcmdpbmF0b3JJZD05OTgwO09yaWdpbmF0b3JOYW1lPUJJTkFTO09yaWdpbmF0b3JJZD05OTgwIiwiYWRkaXRpb25hbENlcnRJbmZvIjp7ImNlcnRWYWxpZEZyb20iOjE2MjkyODA2MjAwMDAsInNlcmlhbE51bWJlciI6IjE3MjI3NDQiLCJrZXlBbGdvcml0aG0iOiJSU0EiLCJrZXlTaXplIjoiMjA0OCIsInBvbGljeU9pZCI6IjIuMTYuNTc4LjEuMTYuMS4xMi4xLjEiLCJtb25ldGFyeUxpbWl0QW1vdW50IjoiMTAwMDAwIiwiY2VydFF1YWxpZmllZCI6dHJ1ZSwibW9uZXRhcnlMaW1pdEN1cnJlbmN5IjoiTk9LIiwiY2VydFZhbGlkVG8iOjE2OTIzNTI2MjAwMDAsInZlcnNpb25OdW1iZXIiOiIzIiwic3ViamVjdE5hbWUiOiJDTj1CYW5rSURcXCwgVGVzdCBVc2VyLE89VGVzdEJhbmsxIEFTLEM9Tk8sU0VSSUFMTlVNQkVSPTk1NzgtNjAwMC00LTYzNDU4MiJ9LCJ0aWQiOiIxMWRhYzNiMi04NGEzLTRjODQtOGQ5ZC1hODE5YzkwNmI3ODIifQ.olwtV8Hr7X-t-pcBx-4m8pj9BBQhkkxgD_dJo8NTV-MefnZljVGfXOSmXURo2H0OmLCFvMst_KXmuIw9XWVd_djl-EQACkD1Tu4ABT6T-kT8EvRU61JFrLGD5iypKAf3y91UJS3wUS6Mkxj273ITBPZa6tqLeugL712GaQoyDllEEluFfXrV7-MUTRt9f80b_rfY9mq8wpw84mycKUukJGZOqpBRgiME_i2WiFdAqEgqU3zNrCEW90NecBHF8xGgGQvD34dCn1djVImrYKeTxb7wNAxH-lUUVw4jB-51yIHV6fzfLixYz6eDpYjq0hlTRXo0sEoV-tpDuh7HmbV94A", "not-before-policy": 0, "session_state": "bf0a4c9f66801cef-2d007746-43d84dd6-8288-01b83ab1e580a018-43bda5c7002b", "scope": "openid profile" } |
The following are decoding of the tokens returned in the above response:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
Access Token { "jti": "5bebba2e-e10c-47d8-a63c-92ab55b4bb4f", "exp": 1510838469, "nbf": 0, "iat": 1510838169, "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod", "aud": "tinfo", "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f", "typ": "Bearer", "azp": "Postman", "auth_time": 1510838050, "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580", "name": "Frode Beckmann Nilsen", "given_name": "Frode Beckmann", "family_name": "Nilsen", "acr": "4", "allowed-origins": [], "realm_access": { "roles": [ "nnin_altsub", "profile" ] }, "resource_access": { "tinfo": { "roles": [ "address", "phone", "email" ] } }, "amr": "BID", "bankid_altsub": "9578-6000-4-30799" } Refresh Token { "jtiexp": 1629287857, "5c417d3b-2025-4a87-b61a-cd0649ef838f",iat": 1629286057, "expjti": 1510839969, "nbf": 0"536629e8-eb3e-42f5-81a0-2e3ebbe26dc7", "iat": 1510838169, "iss": "https://oidc-preprod.bankidapisauth.current.bankid.no/auth/realms/preprodcurrent", "aud": "tinfo", "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8fhttps://auth.current.bankid.no/auth/realms/current", "sub": "2cd7cecd-d444-4685-bb04-8bbfdb45a069", "typ": "Refresh", "azp": "Postmanoidc-testclient", "auth_timenonce": 0"demoNonce", "session_state": "bf0a4c9f66801cef-2d007746-43d84dd6-8288a018-01b83ab1e58043bda5c7002b", "realm_access": { "rolesscope": ["openid profile" } ID "nnin_altsub", Token { "profileexp": 1629286357, ] }, "resource_access"iat": {1629286057, "tinfoauth_time": { 1629285998, "rolesjti": ["54396392-0d7d-4495-b6e3-1a4966f9c4fa", "address"iss": "https://auth.current.bankid.no/auth/realms/current", "phone"aud": "oidc-testclient", "email""sub": "2cd7cecd-d444-4685-bb04-8bbfdb45a069", "typ": "ID", ] }"azp": "oidc-testclient", } } ID Token {"nonce": "demoNonce", "jtisession_state": "c37c7aef66801cef-447d7746-4f1a4dd6-a322a018-02782ff7d00b43bda5c7002b", "expname": 1510838469, "Test User BankID", "nbfgiven_name": 0,"Test User", "iatfamily_name": 1510838169"BankID", "issbirthdate": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",2018-05-09", "audupdated_at": "Postman"1629280620000, "subacr": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8furn:bankid:bid;LOA=4", "typ": "ID", "azpamr": "PostmanBID", "auth_time": 1510838050, "sessionbankid_statealtsub": "bf0a4c9f9578-2d006000-43d84-8288-01b83ab1e580634582", "nameoriginator": "Frode Beckmann Nilsen", "given_name": "Frode Beckmann", "family_name": "Nilsen", "birthdate": "1966-12-18", "updated_at": 1474890351000, "acr": "4", "nnin_altsub": "181266*****", "amr": "BID", "bankid_altsub": "9578-6000-4-30799" } |
The following example shows a request / response pair for an Refresh Token Exchange with the Token endpoint corresponding to the above example on a Authorization Code Exchange.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
POST /auth/realms/preprod/protocol/openid-connect/token HTTP/1.1
Host: oidc-preprod.bankidapis.no
Connection: close
Content-Length: 1167
Authorization: Basic UG9zdG1hbjo5YWE3NDBhZi03NGIxLTQ2ODMtOWFhNi02NWJiNDBmYmY1Zjk=
Postman-Token: b88036f2-c45b-995c-9c63-b5c48b968304
Cache-Control: no-cache
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
grant_type=refresh_token&scope=openid+profile+nnin_altsub&refresh_token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJmZjRkYWM3Ni1mMzVjLTQ1M2YtYTQ2MS0wOTY5MjI3YjU1YTIiLCJleHAiOjE1MTA4Mzk4NzYsIm5iZiI6MCwiaWF0IjoxNTEwODM4MDc2LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.d1INYQxzn0ofCg2zIVS8zd0K7GUbuLHRH6TwDsiDiiHkNZCg9wA6ef4S6HT0Wjg4CHqCv7mmZamChwsX_GlbsujtkTysUvRx_57LeGXQYDsCNVU0UrnhZ2dbfL9-YUwa5-An6Fdm0swkBn_5ivpqWK3cLBnl00Rirv8TTqT07mYpvIdFdVpc0QbOayhdVuVNYjKnEhBrliUVoaOfdrq1wtxecPsEx5uFOgxwR1VvMuDMBm25Fc4LPUwkSyYdCQEQi2BjfbjyJkwUdu8ASYN5GrDs_vW1FvIHTijIJvhawtmXCOusMxxkNXkF9V1PFGtXlzBA4YRQZCUyIvy2zhTgbQ
HTTP/1.1 200 OK
Date: Thu, 16 Nov 2017 13:16:09 GMT
Server: WildFly/10
X-Powered-By: Undertow/1
Content-Type: application/json
Content-Length: 3770
Via: 1.1 oidc-preprod.bankidapis.no
Connection: close
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YmViYmEyZS1lMTBjLTQ3ZDgtYTYzYy05MmFiNTViNGJiNGYiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlBvc3RtYW4iLCJhdXRoX3RpbWUiOjE1MTA4MzgwNTAsInNlc3Npb25fc3RhdGUiOiJiZjBhNGM5Zi0yZDAwLTQzZDgtODI4OC0wMWI4M2FiMWU1ODAiLCJuYW1lIjoiRnJvZGUgQmVja21hbm4gTmlsc2VuIiwiZ2l2ZW5fbmFtZSI6IkZyb2RlIEJlY2ttYW5uIiwiZmFtaWx5X25hbWUiOiJOaWxzZW4iLCJhY3IiOiI0IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fSwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.DD5TUdN-OYDp9EfHVaNuQurDGcElTx48RlUygUfkxFR7181qJtAO69Pz7u6-7aavo9D9QHRqrXSengUSoyXOl0BmtwPBIuLuEdjKBHtQgvoAOW-xf_7J8mKNcq2_pLp9WO5ajG5N9mvls-DlgE_1nt_MKNtp_bYso11bSn59QIKlUsQ4jY2VqaItsCW04aa1ZFOK5JbuW4quqkqwM0vVglT99oh3CBVLmP3G6JT-i0OVBETSx8sX5-GS7IKuZf-WNzKO3aE4LQc6pweSPbuEpfG9J4EOU5PockJnQNW9keVEdhH_5Nw5Bj_FL8DmFhx03KnkWex9VfT0QfcICwMILA",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YzQxN2QzYi0yMDI1LTRhODctYjYxYS1jZDA2NDllZjgzOGYiLCJleHAiOjE1MTA4Mzk5NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.HN8ZSjaNbiKVts238C41lR6AC4sJyqpjRn2vxoVdG7Dhg6jmwHvk-8vkapPmxQ_s-oCVlMZbDsJAGj1Ecxs-jVZIC4WbL2vlJ_pJpt8d0PaXFu3G1XhnZjSs4d3lWXHLnlrOBMFAUUCEwIGMAuCaS4ef-tSFL0fzG55mb3JlxVJLO6uvlYaIUx_K_5hrQ0e12GreMsXsgwFUnK1JQPThk11dGeHntNEm84nMtz7QfcrV2Ob0RyOcRB796Qbv_NK5BoH9GXZQswW09KpukUPNLru7mvkuPUtnLnAd9ng0QlnrolAv9UOgQJQ2NSw7q70kB7cJ5_J2KSpsOdg49lc-aQ",
"token_type": "bearer",
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJjMzdjN2FlZi00NDdkLTRmMWEtYTMyMi0wMjc4MmZmN2QwMGIiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJQb3N0bWFuIiwic3ViIjoiYjNmNGQ5MTktOGNjNS00MTNjLTllMTEtM2MyYzY3NWIyZjhmIiwidHlwIjoiSUQiLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjoxNTEwODM4MDUwLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwibmFtZSI6IkZyb2RlIEJlY2ttYW5uIE5pbHNlbiIsImdpdmVuX25hbWUiOiJGcm9kZSBCZWNrbWFubiIsImZhbWlseV9uYW1lIjoiTmlsc2VuIiwiYmlydGhkYXRlIjoiMTk2Ni0xMi0xOCIsInVwZGF0ZWRfYXQiOjE0NzQ4OTAzNTEwMDAsImFjciI6IjQiLCJubmluX2FsdHN1YiI6IjE4MTI2NjM1NTQ3IiwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.jPESXd1TFFpiaIiOPDgXbqT1INR6yHdql1ZNsjX77Zf4RnI0xaM_SNC0ZRUdARcSXkZYRNmOUXLAeXh-DAY0Rew31RMXEK_MHJKh-6C0Ooed67ei_cJxephvqe1o7_3HPvpHfOKWPVoJbg7_ytWRLaDRivkmOdkMZzUsFpCeY1GhwUD_g_-Otnsbv-FSQgJ-w-vrehQGHfiuIlP-QYMKxA7cH_-ViJh4NuQ6xzLSafNYCx0vk2NDS9wKwnjaj0Sl2AWL5zaZZ_EEfrFXEg-hWDcAc5YdECM0APFoPESqzi0Cu26bOpnQP7ZuO9DNhB2eoeSOIlC6hu89TIALyB2S8w",
"not-before-policy": 0,
"session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580"
}
|
The following are decoding of the tokens returned in the above response:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
Access Token { "jti": "5bebba2e-e10c-47d8-a63c-92ab55b4bb4f", "exp": 1510838469, "nbf": 0, "iat": 1510838169, "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod", "aud": "tinfo", "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f", "typ": "Bearer", "azp": "Postman", "auth_time": 1510838050, "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580", "name": "Frode Beckmann Nilsen", "given_name": "Frode Beckmann", "family_name": "Nilsen", "acr": "4", "allowed-origins": [], "realm_access": { "roles": [ "nnin_altsub", "profile" ] }, "resource_access": { "tinfo": { "roles": [ "address", "phone", "email" ] } }, "amr": "BID", "bankid_altsub": "9578-6000-4-30799" } Refresh Token { "jti": "5c417d3b-2025-4a87-b61a-cd0649ef838f", "exp": 1510839969, "nbf": 0, "iat": 1510838169,CN=BankID - TestBank1 - Bank CA 3,OU=123456789,O=TestBank1 AS,C=NO;OrginatorId=9980;OriginatorName=BINAS;OriginatorId=9980", "additionalCertInfo": { "certValidFrom": 1629280620000, "serialNumber": "1722744", "keyAlgorithm": "RSA", "keySize": "2048", "policyOid": "2.16.578.1.16.1.12.1.1", "monetaryLimitAmount": "100000", "certQualified": true, "monetaryLimitCurrency": "NOK", "certValidTo": 1692352620000, "versionNumber": "3", "subjectName": "CN=BankID\\, Test User,O=TestBank1 AS,C=NO,SERIALNUMBER=9578-6000-4-634582" }, "tid": "11dac3b2-84a3-4c84-8d9d-a819c906b782" } |
Refresh token exchange
The following example shows a request / response pair for an Refresh Token Exchange with the Token endpoint corresponding to the above example on a Authorization Code Exchange.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
POST /auth/realms/current/protocol/openid-connect/token HTTP/1.1
Host: auth.current.bankid.no
User-Agent: curl/7.64.1
Accept: */*
Authorization: Basic b2lkYy10ZXN0Y2xpZW50OmYwOTg5NjgxLTkyM2YtNGUyYi1iMzRjLWU5NGQwOWIyYjIxYw==
Content-Length: 718
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&scope=openid+profile&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjMWJjNDkyYy1jNDYwLTQ1ZWItYTQ5Yi1hYjAxY2IyZGJkOGIifQ.eyJleHAiOjE2MjkyODc4NTcsImlhdCI6MTYyOTI4NjA1NywianRpIjoiNTM2NjI5ZTgtZWIzZS00MmY1LTgxYTAtMmUzZWJiZTI2ZGM3IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmN1cnJlbnQuYmFua2lkLm5vL2F1dGgvcmVhbG1zL2N1cnJlbnQiLCJhdWQiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsInN1YiI6IjJjZDdjZWNkLWQ0NDQtNDY4NS1iYjA0LThiYmZkYjQ1YTA2OSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJvaWRjLXRlc3RjbGllbnQiLCJub25jZSI6ImRlbW9Ob25jZSIsInNlc3Npb25fc3RhdGUiOiI2NjgwMWNlZi03NzQ2LTRkZDYtYTAxOC00M2JkYTVjNzAwMmIiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIn0.LwE6_mB1JSIF9EfjlP5cQeoQjvnGTzxtaVR2Qae4WIM
HTTP/1.1 200 OK
Date: Wed, 18 Aug 2021 11:53:21 GMT
Server: web
Cache-Control: no-store
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Type: application/json
Content-Length: 4301
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJleHAiOjE2MjkyODc5MDEsImlhdCI6MTYyOTI4NzYwMSwiYXV0aF90aW1lIjoxNjI5Mjg1OTk4LCJqdGkiOiJmMWUwZDczZi1iNWYxLTRlZWYtOTZjOS1jN2NmNWI3N2U1NWIiLCJpc3MiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsImF1ZCI6InRpbmZvIiwic3ViIjoiMmNkN2NlY2QtZDQ0NC00Njg1LWJiMDQtOGJiZmRiNDVhMDY5IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoib2lkYy10ZXN0Y2xpZW50Iiwibm9uY2UiOiJkZW1vTm9uY2UiLCJzZXNzaW9uX3N0YXRlIjoiNjY4MDFjZWYtNzc0Ni00ZGQ2LWEwMTgtNDNiZGE1YzcwMDJiIiwibmFtZSI6IlRlc3QgVXNlciBCYW5rSUQiLCJnaXZlbl9uYW1lIjoiVGVzdCBVc2VyIiwiZmFtaWx5X25hbWUiOiJCYW5rSUQiLCJiaXJ0aGRhdGUiOiIyMDE4LTA1LTA5IiwiYWNyIjoidXJuOmJhbmtpZDpiaWQ7TE9BPTQiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbInByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIiwiYW1yIjoiQklEIiwicmVzb3VyY2VfY2xhaW1zIjp7fSwiYmFua2lkX2FsdHN1YiI6Ijk1NzgtNjAwMC00LTYzNDU4MiIsIm9yaWdpbmF0b3IiOiJDTj1CYW5rSUQgLSBUZXN0QmFuazEgLSBCYW5rIENBIDMsT1U9MTIzNDU2Nzg5LE89VGVzdEJhbmsxIEFTLEM9Tk87T3JnaW5hdG9ySWQ9OTk4MDtPcmlnaW5hdG9yTmFtZT1CSU5BUztPcmlnaW5hdG9ySWQ9OTk4MCJ9.ovary8mYylT5vsEgJ1ZF2yu1FbIIlnymsmjPhGTSCdGWCD08y03qrk6Nf6af_-ohM6kv33HQvWKcGL1Cuq_a5TEhKTgPyldXnTBnn1Fu9T33UlqwXiQWpi4o_ONOpZH6wO03R2-KgmKbPli7yzB_Xh_cD4sJy3zRK3d6veGP6Bjre5EMSyiAH3wpRhH7kmrdBkyaqKqRK8xfnnh-tu-7VSqurEM1km18a5dUw1uTozO-y2bFKrBt2ZWAsjVdLsBxTw8k-2oDBPpcyJ6_NubDJwrwGjfEgN4zz8GawHvcivQ1jCE1dMW7k3P8_bTQ5FVOQkyAY0PJRRCcuoobCUp_cA",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjMWJjNDkyYy1jNDYwLTQ1ZWItYTQ5Yi1hYjAxY2IyZGJkOGIifQ.eyJleHAiOjE2MjkyODk0MDEsImlhdCI6MTYyOTI4NzYwMSwianRpIjoiYWQyNDIwMzItNjgyNy00MTcwLTg5ZDEtNmE1ZDRjN2EzZTEwIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmN1cnJlbnQuYmFua2lkLm5vL2F1dGgvcmVhbG1zL2N1cnJlbnQiLCJhdWQiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsInN1YiI6IjJjZDdjZWNkLWQ0NDQtNDY4NS1iYjA0LThiYmZkYjQ1YTA2OSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJvaWRjLXRlc3RjbGllbnQiLCJub25jZSI6ImRlbW9Ob25jZSIsInNlc3Npb25fc3RhdGUiOiI2NjgwMWNlZi03NzQ2LTRkZDYtYTAxOC00M2JkYTVjNzAwMmIiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIn0.d5aLQRdmZny6H4BLbEJPVu5xpAh0jSSDIcD5pW-3yMU",
"token_type": "bearer",
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJleHAiOjE2MjkyODc5MDEsImlhdCI6MTYyOTI4NzYwMSwiYXV0aF90aW1lIjoxNjI5Mjg1OTk4LCJqdGkiOiI3NDEwMzkxMC1iZTVjLTQ0MzAtYjhjNi1lNGI4MzVjY2UyNmUiLCJpc3MiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsImF1ZCI6Im9pZGMtdGVzdGNsaWVudCIsInN1YiI6IjJjZDdjZWNkLWQ0NDQtNDY4NS1iYjA0LThiYmZkYjQ1YTA2OSIsInR5cCI6IklEIiwiYXpwIjoib2lkYy10ZXN0Y2xpZW50Iiwibm9uY2UiOiJkZW1vTm9uY2UiLCJzZXNzaW9uX3N0YXRlIjoiNjY4MDFjZWYtNzc0Ni00ZGQ2LWEwMTgtNDNiZGE1YzcwMDJiIiwibmFtZSI6IlRlc3QgVXNlciBCYW5rSUQiLCJnaXZlbl9uYW1lIjoiVGVzdCBVc2VyIiwiZmFtaWx5X25hbWUiOiJCYW5rSUQiLCJiaXJ0aGRhdGUiOiIyMDE4LTA1LTA5IiwidXBkYXRlZF9hdCI6MTYyOTI4MDYyMDAwMCwiYWNyIjoidXJuOmJhbmtpZDpiaWQ7TE9BPTQiLCJhbXIiOiJCSUQiLCJiYW5raWRfYWx0c3ViIjoiOTU3OC02MDAwLTQtNjM0NTgyIiwib3JpZ2luYXRvciI6IkNOPUJhbmtJRCAtIFRlc3RCYW5rMSAtIEJhbmsgQ0EgMyxPVT0xMjM0NTY3ODksTz1UZXN0QmFuazEgQVMsQz1OTztPcmdpbmF0b3JJZD05OTgwO09yaWdpbmF0b3JOYW1lPUJJTkFTO09yaWdpbmF0b3JJZD05OTgwIiwiYWRkaXRpb25hbENlcnRJbmZvIjp7ImNlcnRWYWxpZEZyb20iOjE2MjkyODA2MjAwMDAsInNlcmlhbE51bWJlciI6IjE3MjI3NDQiLCJrZXlBbGdvcml0aG0iOiJSU0EiLCJrZXlTaXplIjoiMjA0OCIsInBvbGljeU9pZCI6IjIuMTYuNTc4LjEuMTYuMS4xMi4xLjEiLCJtb25ldGFyeUxpbWl0QW1vdW50IjoiMTAwMDAwIiwiY2VydFF1YWxpZmllZCI6dHJ1ZSwibW9uZXRhcnlMaW1pdEN1cnJlbmN5IjoiTk9LIiwiY2VydFZhbGlkVG8iOjE2OTIzNTI2MjAwMDAsInZlcnNpb25OdW1iZXIiOiIzIiwic3ViamVjdE5hbWUiOiJDTj1CYW5rSURcXCwgVGVzdCBVc2VyLE89VGVzdEJhbmsxIEFTLEM9Tk8sU0VSSUFMTlVNQkVSPTk1NzgtNjAwMC00LTYzNDU4MiJ9LCJ0aWQiOiIxMWRhYzNiMi04NGEzLTRjODQtOGQ5ZC1hODE5YzkwNmI3ODIifQ.EBcqS2r8qc1AOyxM9NNm2cgi9Q3ZsSrxn3ydS8h8QxA9Vfx2cervUfWNzS3lSibuz8PslAJC9iz8lxfjPWQKQ44u1pWtB4S-aUZKXnXNOb4qmwQZv0ZpK48iGr6jOm_4wb4W2FcfQnavVlOuGRfCdq_BokGQETFwKtRlU4F9ojnoi2MtNMrjAZ9An1eWdYRkS1Ramzrftskkrq4hEnFyCpWIZOQXMRp-7HkRMRfw6xjLudHNzPzNl0tmxOzxTke8SMAlTnG-eL03Z1LhJKo7bMB-1KIEvdD6jgQTJ0sGdSgGYHcKiWut5fWQ_6pHMCtWl9b8YbtcfCLjyxZkk7J86g",
"not-before-policy": 0,
"session_state": "66801cef-7746-4dd6-a018-43bda5c7002b",
"scope": "openid profile"
}
|
The following are decoding of the tokens returned in the above response:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
Access Token { "exp": 1629287901, "iat": 1629287601, "auth_time": 1629285998, "jti": "f1e0d73f-b5f1-4eef-96c9-c7cf5b77e55b", "iss": "https://auth.current.bankid.no/auth/realms/current", "aud": "tinfo", "sub": "2cd7cecd-d444-4685-bb04-8bbfdb45a069", "typ": "Bearer", "azp": "oidc-testclient", "nonce": "demoNonce", "session_state": "66801cef-7746-4dd6-a018-43bda5c7002b", "name": "Test User BankID", "given_name": "Test User", "family_name": "BankID", "birthdate": "2018-05-09", "acr": "urn:bankid:bid;LOA=4", "realm_access": { "roles": [ "profile" ] }, "resource_access": { "tinfo": { "roles": [ "profile" ] } }, "scope": "openid profile", "amr": "BID", "resource_claims": {}, "bankid_altsub": "9578-6000-4-634582", "originator": "CN=BankID - TestBank1 - Bank CA 3,OU=123456789,O=TestBank1 AS,C=NO;OrginatorId=9980;OriginatorName=BINAS;OriginatorId=9980" } Refresh Token { "exp": 1629289401, "iat": 1629287601, "jti": "ad242032-6827-4170-89d1-6a5d4c7a3e10", "iss": "https://auth.current.bankid.no/auth/realms/current", "aud": "https://auth.current.bankid.no/auth/realms/current", "sub": "2cd7cecd-d444-4685-bb04-8bbfdb45a069", "typ": "Refresh", "azp": "oidc-testclient", "nonce": "demoNonce", "session_state": "66801cef-7746-4dd6-a018-43bda5c7002b", "scope": "openid profile" } ID Token { "exp": 1629287901, "iat": 1629287601, "auth_time": 1629285998, "jti": "74103910-be5c-4430-b8c6-e4b835cce26e", "iss": "https://oidc-preprod.bankidapisauth.current.bankid.no/auth/realms/preprodcurrent", "aud": "tinfooidc-testclient", "sub": "b3f4d9192cd7cecd-8cc5d444-413c4685-9e11bb04-3c2c675b2f8f8bbfdb45a069", "typ": "Refresh", "azptyp": "PostmanID", "auth_time": 0, "session_stateazp": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580", "realm_access": {oidc-testclient", "rolesnonce": ["demoNonce", "session_state": "nnin_altsub", "66801cef-7746-4dd6-a018-43bda5c7002b", "profilename": "Test User BankID", ] }, "resourcegiven_accessname": {"Test User", "tinfofamily_name": { "BankID", "rolesbirthdate": [ "2018-05-09", "address"updated_at": 1629280620000, "phone"acr": "urn:bankid:bid;LOA=4", "amr": "emailBID", ] }"bankid_altsub": "9578-6000-4-634582", } } ID Token { "jti": "c37c7aef-447d-4f1a-a322-02782ff7d00b"originator": "CN=BankID - TestBank1 - Bank CA 3,OU=123456789,O=TestBank1 AS,C=NO;OrginatorId=9980;OriginatorName=BINAS;OriginatorId=9980", "expadditionalCertInfo": 1510838469,{ "nbf": 0, "iatcertValidFrom": 15108381691629280620000, "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod", "audserialNumber": "Postman1722744", "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f", "typkeyAlgorithm": "IDRSA", "azpkeySize": "Postman2048", "auth_time": 1510838050, "session_statepolicyOid": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580", "name": "Frode Beckmann Nilsen",2.16.578.1.16.1.12.1.1", "given_namemonetaryLimitAmount": "Frode Beckmann100000", "family_namecertQualified": "Nilsen",true, "birthdatemonetaryLimitCurrency": "1966-12-18NOK", "updated_at "certValidTo": 14748903510001692352620000, "acr "versionNumber": "43", "nnin_altsubsubjectName": "181266*****"CN=BankID\\, Test User,O=TestBank1 "amr": "BID",AS,C=NO,SERIALNUMBER=9578-6000-4-634582" }, "bankid_altsubtid": "957811dac3b2-84a3-60004c84-48d9d-30799a819c906b782" } |
...