Versions Compared

Old Version 4

changes.mady.by.user Janny Kinende

Saved on

compared with

New Version 5

changes.mady.by.user Janny Kinende

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space PDOIDC and version master

Token is a standard endpoint used for requesting various combinations of ID TokenAccess Token and Refresh Token. The type of request (and corresponding response) is determined by the grant_type request parameter as described further below. 

...

URLhttps://<oidc-baseurl>/protocol/openid-connect/token
RequestPOST with parameters in body as application/x-www-form-urlencoded data
AuthenticationOIDC/OAuth2 client authentication according to supported methods
Success response200 OK with JSON containing response elements
Error response400 Bad request with JSON containing standard error reponse elements
ExampleSee below

...

POST /auth/realms/current/protocol/openid-connect/token HTTP/1.1
Host: oidc- auth.current.bankidapisbankid.no
User-Agent: curl/7.64.1
Accept: */*
Authorization: Basic b2lkYy10ZXN0Y2xpZW50OjAxMjM0NTY3LTg5YWItY2RlZi0wMTIzLTQ1Njc4OWFiY2RlZg==
Content-Length: 54
Content-Type: application/x-www-form-urlencoded
Authorization: Basic b2lkYy10ZXN0Y2xpZW50OmVmMWE4ZWM2LTUwODctNDQ0Yy04NGJlLTU0YTYxZjg4MTIyZQ==
 
grant_type=client_credentials&scope=signdoc%2Freadsigndoc/read_write

Refresh Token

This grant type is used to refresh a previously issued Access Token via a corresponding Refresh Token issued along with the previous Access Token.

...

Anchor
example
example
Example

...

Authorization code grant token exchange

The following example shows a request / response pair for an Authorization Code Grant. The example is generated from Postman (which is configured as a client at the OIDC Provider) corresponding to the example shown for the Authorize endpoint. 

Code Block
languagexml
themeConfluence
titleAuthorization Code Exchange
POST /auth/realms/preprodcurrent/protocol/openid-connect/token HTTP/1.1
Host: oidc-preprod.bankidapisauth.current.bankid.no
Connection: close
Content-Length: 306User-Agent: curl/7.64.1
Accept: */*
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
Authorization: Basic UG9zdG1hbjo5YWE3NDBhZi03NGIxLTQ2ODMtOWFhNi02NWJiNDBmYmY1Zjkb2lkYy10ZXN0Y2xpZW50OjAxMjM0NTY3LTg5YWItY2RlZi0wMTIzLTQ1Njc4OWFiY2RlZg==
UserContent-AgentLength: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Content-Type: application/207
Content-Type: application/x-www-form-urlencoded;

charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8


grant_type=authorization_code&redirect_uri=https%3A%2F%2Fwwwhttps%3A%2F%2Ftestclient.getpostman.com%2Foauth2%2Fcallback&grant_type=authorization_code&state=10455063&code=uss.iq5WXmK5dDQCprQn8kMz_EIiBrAYA0hxOc9jZM0pZfo.bf0a4c9f-2d00-43d8-8288-01b83ab1e580.1714e8ff-0adf-449f-8c50-bf0a77617a43


local%3A8487%2Fcallback&code=521e89e9-5b3e-49d2-9647-2aeed215c5d7.66801cef-7746-4391-a018-43bda5c7002b.0ab47fe7-0373-4b80-b517-065f5a5a3769

HTTP/1.1 200 OK
Date: ThuWed, 1618 NovAug 20172021 1311:1427:3637 GMT
Server: web
Cache-Control: WildFly/10no-store
X-PoweredXSS-ByProtection: Undertow/1
Content-Type: application/json
Content-Length: 3770
Via: 1.1 oidc-preprod.bankidapis.no
Connection: close; mode=block
Pragma: no-cache
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Type: application/json
Content-Length: 4301

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YmViYmEyZS1lMTBjLTQ3ZDgtYTYzYy05MmFiNTViNGJiNGYiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlBvc3RtYW4iLCJhdXRoX3RpbWUiOjE1MTA4MzgwNTAsInNlc3Npb25fc3RhdGUiOiJiZjBhNGM5Zi0yZDAwLTQzZDgtODI4OC0wMWI4M2FiMWU1ODAiLCJuYW1lIjoiRnJvZGUgQmVja21hbm4gTmlsc2VuIiwiZ2l2ZW5fbmFtZSI6IkZyb2RlIEJlY2ttYW5uIiwiZmFtaWx5X25hbWUiOiJOaWxzZW4iLCJhY3IiOiI0IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fSwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9eyJleHAiOjE2MjkyODYzNTcsImlhdCI6MTYyOTI4NjA1NywiYXV0aF90aW1lIjoxNjI5Mjg1OTk4LCJqdGkiOiI2MzE5M2JlYS0zYzA3LTRhNGQtODY3YS02NWJjYzk3MDQ2NDgiLCJpc3MiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsImF1ZCI6InRpbmZvIiwic3ViIjoiMmNkN2NlY2QtZDQ0NC00Njg1LWJiMDQtOGJiZmRiNDVhMDY5IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoib2lkYy10ZXN0Y2xpZW50Iiwibm9uY2UiOiJkZW1vTm9uY2UiLCJzZXNzaW9uX3N0YXRlIjoiNjY4MDFjZWYtNzc0Ni00ZGQ2LWEwMTgtNDNiZGE1YzcwMDJiIiwibmFtZSI6IlRlc3QgVXNlciBCYW5rSUQiLCJnaXZlbl9uYW1lIjoiVGVzdCBVc2VyIiwiZmFtaWx5X25hbWUiOiJCYW5rSUQiLCJiaXJ0aGRhdGUiOiIyMDE4LTA1LTA5IiwiYWNyIjoidXJuOmJhbmtpZDpiaWQ7TE9BPTQiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbInByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIiwiYW1yIjoiQklEIiwicmVzb3VyY2VfY2xhaW1zIjp7fSwiYmFua2lkX2FsdHN1YiI6Ijk1NzgtNjAwMC00LTYzNDU4MiIsIm9yaWdpbmF0b3IiOiJDTj1CYW5rSUQgLSBUZXN0QmFuazEgLSBCYW5rIENBIDMsT1U9MTIzNDU2Nzg5LE89VGVzdEJhbmsxIEFTLEM9Tk87T3JnaW5hdG9ySWQ9OTk4MDtPcmlnaW5hdG9yTmFtZT1CSU5BUztPcmlnaW5hdG9ySWQ9OTk4MCJ9.DD5TUdN-OYDp9EfHVaNuQurDGcElTx48RlUygUfkxFR7181qJtAO69Pz7u6-7aavo9D9QHRqrXSengUSoyXOl0BmtwPBIuLuEdjKBHtQgvoAOW-xf_7J8mKNcq2_pLp9WO5ajG5N9mvls-DlgE_1nt_MKNtp_bYso11bSn59QIKlUsQ4jY2VqaItsCW04aa1ZFOK5JbuW4quqkqwM0vVglT99oh3CBVLmP3G6JT-i0OVBETSx8sX5-GS7IKuZf-WNzKO3aE4LQc6pweSPbuEpfG9J4EOU5PockJnQNW9keVEdhH_5Nw5Bj_FL8DmFhx03KnkWex9VfT0QfcICwMILAn1DGMVcHmEB5wL03QkE51cqAtl5uUr-slOd89lfy_ufF9U_X8JypI8WG_PXieX6eXMiFwR0vak3DtHKKmnx0Y1qRtfKAM12m1c6EvqrhbMa3NvLtdZoAQ8YfmQ2sB2bSg4bmtB4iEDbO9eLrMc1bb0yyFuT3bbQr0cqcLl5u3Ig0ZsNNoyRV-XJBfLEWjswEsPag6xwu6AG_4K1lDaqGiFM4XoQl0LrDAN0Wz9RGYyR7eBrohvfV22XZCZadt-T7Dyc6gr_UIY8tyoA3Lh7rXtnzxybL8a4rWDHAACp5VSFLRLS_61yumrB4g5AwJvdj0MF6ngJzHj2XyF0Eu3MdfA",
    "expires_in": 300,
    "refresh_expires_in": 1800,
    "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjMWJjNDkyYy1jNDYwLTQ1ZWItYTQ5Yi1hYjAxY2IyZGJkOGIifQ.eyJqdGkiOiI1YzQxN2QzYi0yMDI1LTRhODctYjYxYS1jZDA2NDllZjgzOGYiLCJleHAiOjE1MTA4Mzk5NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0eyJleHAiOjE2MjkyODc4NTcsImlhdCI6MTYyOTI4NjA1NywianRpIjoiNTM2NjI5ZTgtZWIzZS00MmY1LTgxYTAtMmUzZWJiZTI2ZGM3IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmN1cnJlbnQuYmFua2lkLm5vL2F1dGgvcmVhbG1zL2N1cnJlbnQiLCJhdWQiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsInN1YiI6IjJjZDdjZWNkLWQ0NDQtNDY4NS1iYjA0LThiYmZkYjQ1YTA2OSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJvaWRjLXRlc3RjbGllbnQiLCJub25jZSI6ImRlbW9Ob25jZSIsInNlc3Npb25fc3RhdGUiOiI2NjgwMWNlZi03NzQ2LTRkZDYtYTAxOC00M2JkYTVjNzAwMmIiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIn0.HN8ZSjaNbiKVts238C41lR6AC4sJyqpjRn2vxoVdG7Dhg6jmwHvk-8vkapPmxQ_s-oCVlMZbDsJAGj1Ecxs-jVZIC4WbL2vlJ_pJpt8d0PaXFu3G1XhnZjSs4d3lWXHLnlrOBMFAUUCEwIGMAuCaS4ef-tSFL0fzG55mb3JlxVJLO6uvlYaIUx_K_5hrQ0e12GreMsXsgwFUnK1JQPThk11dGeHntNEm84nMtz7QfcrV2Ob0RyOcRB796Qbv_NK5BoH9GXZQswW09KpukUPNLru7mvkuPUtnLnAd9ng0QlnrolAv9UOgQJQ2NSw7q70kB7cJ5_J2KSpsOdg49lc-aQLwE6_mB1JSIF9EfjlP5cQeoQjvnGTzxtaVR2Qae4WIM",
    "token_type": "bearer",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJjMzdjN2FlZi00NDdkLTRmMWEtYTMyMi0wMjc4MmZmN2QwMGIiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJQb3N0bWFuIiwic3ViIjoiYjNmNGQ5MTktOGNjNS00MTNjLTllMTEtM2MyYzY3NWIyZjhmIiwidHlwIjoiSUQiLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjoxNTEwODM4MDUwLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwibmFtZSI6IkZyb2RlIEJlY2ttYW5uIE5pbHNlbiIsImdpdmVuX25hbWUiOiJGcm9kZSBCZWNrbWFubiIsImZhbWlseV9uYW1lIjoiTmlsc2VuIiwiYmlydGhkYXRlIjoiMTk2Ni0xMi0xOCIsInVwZGF0ZWRfYXQiOjE0NzQ4OTAzNTEwMDAsImFjciI6IjQiLCJubmluX2FsdHN1YiI6IjE4MTI2NjM1NTQ3IiwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.jPESXd1TFFpiaIiOPDgXbqT1INR6yHdql1ZNsjX77Zf4RnI0xaM_SNC0ZRUdARcSXkZYRNmOUXLAeXh-DAY0Rew31RMXEK_MHJKh-6C0Ooed67ei_cJxephvqe1o7_3HPvpHfOKWPVoJbg7_ytWRLaDRivkmOdkMZzUsFpCeY1GhwUD_g_-Otnsbv-FSQgJ-w-vrehQGHfiuIlP-QYMKxA7cH_-ViJh4NuQ6xzLSafNYCx0vk2NDS9wKwnjaj0Sl2AWL5zaZZ_EEfrFXEg-hWDcAc5YdECM0APFoPESqzi0Cu26bOpnQP7ZuO9DNhB2eoeSOIlC6hu89TIALyB2S8weyJleHAiOjE2MjkyODYzNTcsImlhdCI6MTYyOTI4NjA1NywiYXV0aF90aW1lIjoxNjI5Mjg1OTk4LCJqdGkiOiI1NDM5NjM5Mi0wZDdkLTQ0OTUtYjZlMy0xYTQ5NjZmOWM0ZmEiLCJpc3MiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsImF1ZCI6Im9pZGMtdGVzdGNsaWVudCIsInN1YiI6IjJjZDdjZWNkLWQ0NDQtNDY4NS1iYjA0LThiYmZkYjQ1YTA2OSIsInR5cCI6IklEIiwiYXpwIjoib2lkYy10ZXN0Y2xpZW50Iiwibm9uY2UiOiJkZW1vTm9uY2UiLCJzZXNzaW9uX3N0YXRlIjoiNjY4MDFjZWYtNzc0Ni00ZGQ2LWEwMTgtNDNiZGE1YzcwMDJiIiwibmFtZSI6IlRlc3QgVXNlciBCYW5rSUQiLCJnaXZlbl9uYW1lIjoiVGVzdCBVc2VyIiwiZmFtaWx5X25hbWUiOiJCYW5rSUQiLCJiaXJ0aGRhdGUiOiIyMDE4LTA1LTA5IiwidXBkYXRlZF9hdCI6MTYyOTI4MDYyMDAwMCwiYWNyIjoidXJuOmJhbmtpZDpiaWQ7TE9BPTQiLCJhbXIiOiJCSUQiLCJiYW5raWRfYWx0c3ViIjoiOTU3OC02MDAwLTQtNjM0NTgyIiwib3JpZ2luYXRvciI6IkNOPUJhbmtJRCAtIFRlc3RCYW5rMSAtIEJhbmsgQ0EgMyxPVT0xMjM0NTY3ODksTz1UZXN0QmFuazEgQVMsQz1OTztPcmdpbmF0b3JJZD05OTgwO09yaWdpbmF0b3JOYW1lPUJJTkFTO09yaWdpbmF0b3JJZD05OTgwIiwiYWRkaXRpb25hbENlcnRJbmZvIjp7ImNlcnRWYWxpZEZyb20iOjE2MjkyODA2MjAwMDAsInNlcmlhbE51bWJlciI6IjE3MjI3NDQiLCJrZXlBbGdvcml0aG0iOiJSU0EiLCJrZXlTaXplIjoiMjA0OCIsInBvbGljeU9pZCI6IjIuMTYuNTc4LjEuMTYuMS4xMi4xLjEiLCJtb25ldGFyeUxpbWl0QW1vdW50IjoiMTAwMDAwIiwiY2VydFF1YWxpZmllZCI6dHJ1ZSwibW9uZXRhcnlMaW1pdEN1cnJlbmN5IjoiTk9LIiwiY2VydFZhbGlkVG8iOjE2OTIzNTI2MjAwMDAsInZlcnNpb25OdW1iZXIiOiIzIiwic3ViamVjdE5hbWUiOiJDTj1CYW5rSURcXCwgVGVzdCBVc2VyLE89VGVzdEJhbmsxIEFTLEM9Tk8sU0VSSUFMTlVNQkVSPTk1NzgtNjAwMC00LTYzNDU4MiJ9LCJ0aWQiOiIxMWRhYzNiMi04NGEzLTRjODQtOGQ5ZC1hODE5YzkwNmI3ODIifQ.olwtV8Hr7X-t-pcBx-4m8pj9BBQhkkxgD_dJo8NTV-MefnZljVGfXOSmXURo2H0OmLCFvMst_KXmuIw9XWVd_djl-EQACkD1Tu4ABT6T-kT8EvRU61JFrLGD5iypKAf3y91UJS3wUS6Mkxj273ITBPZa6tqLeugL712GaQoyDllEEluFfXrV7-MUTRt9f80b_rfY9mq8wpw84mycKUukJGZOqpBRgiME_i2WiFdAqEgqU3zNrCEW90NecBHF8xGgGQvD34dCn1djVImrYKeTxb7wNAxH-lUUVw4jB-51yIHV6fzfLixYz6eDpYjq0hlTRXo0sEoV-tpDuh7HmbV94A",
    "not-before-policy": 0,
    "session_state": "bf0a4c9f66801cef-2d007746-43d84dd6-8288-01b83ab1e580a018-43bda5c7002b",
    "scope": "openid profile"
}


The following are decoding of the tokens returned in the above response:

Code Block
languagexml
themeConfluence
titleDecoded Tokens
Access Token
{
  "jti": "5bebba2e-e10c-47d8-a63c-92ab55b4bb4f",
  "exp": 1510838469,
  "nbf": 0,
  "iat": 1510838169,
  "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
  "aud": "tinfo",
  "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
  "typ": "Bearer",
  "azp": "Postman",
  "auth_time": 1510838050,
  "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
  "name": "Frode Beckmann Nilsen",
  "given_name": "Frode Beckmann",
  "family_name": "Nilsen",
  "acr": "4",
  "allowed-origins": [],
  "realm_access": {
    "roles": [
      "nnin_altsub",
      "profile"
    ]
  },
  "resource_access": {
    "tinfo": {
      "roles": [
        "address",
        "phone",
        "email"
      ]
    }
  },
  "amr": "BID",
  "bankid_altsub": "9578-6000-4-30799"
} 
 
Refresh Token
{
    "jtiexp": 1629287857,
    "5c417d3b-2025-4a87-b61a-cd0649ef838f",iat": 1629286057,
    "expjti": 1510839969,
  "nbf": 0"536629e8-eb3e-42f5-81a0-2e3ebbe26dc7",
  "iat": 1510838169,
  "iss": "https://oidc-preprod.bankidapisauth.current.bankid.no/auth/realms/preprodcurrent",
    "aud": "tinfo",
  "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8fhttps://auth.current.bankid.no/auth/realms/current",
    "sub": "2cd7cecd-d444-4685-bb04-8bbfdb45a069",
    "typ": "Refresh",
    "azp": "Postmanoidc-testclient",
    "auth_timenonce": 0"demoNonce",
    "session_state": "bf0a4c9f66801cef-2d007746-43d84dd6-8288a018-01b83ab1e58043bda5c7002b",
  "realm_access": {     "rolesscope": ["openid profile"
}
 
ID   "nnin_altsub",
 Token
{
    "profileexp":   1629286357,
 ]   },
  "resource_access"iat": {1629286057,
    "tinfoauth_time": {
 1629285998,
    "rolesjti": ["54396392-0d7d-4495-b6e3-1a4966f9c4fa",
        "address"iss": "https://auth.current.bankid.no/auth/realms/current",
        "phone"aud": "oidc-testclient",
        "email""sub": "2cd7cecd-d444-4685-bb04-8bbfdb45a069",
    "typ": "ID",
]     }"azp": "oidc-testclient",
  } }  
ID Token
{"nonce": "demoNonce",
    "jtisession_state": "c37c7aef66801cef-447d7746-4f1a4dd6-a322a018-02782ff7d00b43bda5c7002b",
    "expname": 1510838469, "Test User BankID",
    "nbfgiven_name": 0,"Test User",
    "iatfamily_name": 1510838169"BankID",
    "issbirthdate": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",2018-05-09",
    "audupdated_at": "Postman"1629280620000,
    "subacr": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8furn:bankid:bid;LOA=4",
  "typ": "ID",
  "azpamr": "PostmanBID",
 
"auth_time": 1510838050,   "sessionbankid_statealtsub": "bf0a4c9f9578-2d006000-43d84-8288-01b83ab1e580634582",
    "nameoriginator": "Frode Beckmann Nilsen",
  "given_name": "Frode Beckmann",
  "family_name": "Nilsen",
  "birthdate": "1966-12-18",
  "updated_at": 1474890351000,
  "acr": "4",
  "nnin_altsub": "181266*****",
  "amr": "BID",
  "bankid_altsub": "9578-6000-4-30799"
}

The following example shows a request / response pair for an Refresh Token Exchange with the Token endpoint corresponding to the above example on a Authorization Code Exchange. 

Code Block
languagexml
themeConfluence
titleRefresh Token Exchange
 
POST /auth/realms/preprod/protocol/openid-connect/token HTTP/1.1
Host: oidc-preprod.bankidapis.no
Connection: close
Content-Length: 1167
Authorization: Basic UG9zdG1hbjo5YWE3NDBhZi03NGIxLTQ2ODMtOWFhNi02NWJiNDBmYmY1Zjk=
Postman-Token: b88036f2-c45b-995c-9c63-b5c48b968304
Cache-Control: no-cache
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8


grant_type=refresh_token&scope=openid+profile+nnin_altsub&refresh_token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJmZjRkYWM3Ni1mMzVjLTQ1M2YtYTQ2MS0wOTY5MjI3YjU1YTIiLCJleHAiOjE1MTA4Mzk4NzYsIm5iZiI6MCwiaWF0IjoxNTEwODM4MDc2LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.d1INYQxzn0ofCg2zIVS8zd0K7GUbuLHRH6TwDsiDiiHkNZCg9wA6ef4S6HT0Wjg4CHqCv7mmZamChwsX_GlbsujtkTysUvRx_57LeGXQYDsCNVU0UrnhZ2dbfL9-YUwa5-An6Fdm0swkBn_5ivpqWK3cLBnl00Rirv8TTqT07mYpvIdFdVpc0QbOayhdVuVNYjKnEhBrliUVoaOfdrq1wtxecPsEx5uFOgxwR1VvMuDMBm25Fc4LPUwkSyYdCQEQi2BjfbjyJkwUdu8ASYN5GrDs_vW1FvIHTijIJvhawtmXCOusMxxkNXkF9V1PFGtXlzBA4YRQZCUyIvy2zhTgbQ


HTTP/1.1 200 OK
Date: Thu, 16 Nov 2017 13:16:09 GMT
Server: WildFly/10
X-Powered-By: Undertow/1
Content-Type: application/json
Content-Length: 3770
Via: 1.1 oidc-preprod.bankidapis.no
Connection: close

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YmViYmEyZS1lMTBjLTQ3ZDgtYTYzYy05MmFiNTViNGJiNGYiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlBvc3RtYW4iLCJhdXRoX3RpbWUiOjE1MTA4MzgwNTAsInNlc3Npb25fc3RhdGUiOiJiZjBhNGM5Zi0yZDAwLTQzZDgtODI4OC0wMWI4M2FiMWU1ODAiLCJuYW1lIjoiRnJvZGUgQmVja21hbm4gTmlsc2VuIiwiZ2l2ZW5fbmFtZSI6IkZyb2RlIEJlY2ttYW5uIiwiZmFtaWx5X25hbWUiOiJOaWxzZW4iLCJhY3IiOiI0IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fSwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.DD5TUdN-OYDp9EfHVaNuQurDGcElTx48RlUygUfkxFR7181qJtAO69Pz7u6-7aavo9D9QHRqrXSengUSoyXOl0BmtwPBIuLuEdjKBHtQgvoAOW-xf_7J8mKNcq2_pLp9WO5ajG5N9mvls-DlgE_1nt_MKNtp_bYso11bSn59QIKlUsQ4jY2VqaItsCW04aa1ZFOK5JbuW4quqkqwM0vVglT99oh3CBVLmP3G6JT-i0OVBETSx8sX5-GS7IKuZf-WNzKO3aE4LQc6pweSPbuEpfG9J4EOU5PockJnQNW9keVEdhH_5Nw5Bj_FL8DmFhx03KnkWex9VfT0QfcICwMILA",
    "expires_in": 300,
    "refresh_expires_in": 1800,
    "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YzQxN2QzYi0yMDI1LTRhODctYjYxYS1jZDA2NDllZjgzOGYiLCJleHAiOjE1MTA4Mzk5NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.HN8ZSjaNbiKVts238C41lR6AC4sJyqpjRn2vxoVdG7Dhg6jmwHvk-8vkapPmxQ_s-oCVlMZbDsJAGj1Ecxs-jVZIC4WbL2vlJ_pJpt8d0PaXFu3G1XhnZjSs4d3lWXHLnlrOBMFAUUCEwIGMAuCaS4ef-tSFL0fzG55mb3JlxVJLO6uvlYaIUx_K_5hrQ0e12GreMsXsgwFUnK1JQPThk11dGeHntNEm84nMtz7QfcrV2Ob0RyOcRB796Qbv_NK5BoH9GXZQswW09KpukUPNLru7mvkuPUtnLnAd9ng0QlnrolAv9UOgQJQ2NSw7q70kB7cJ5_J2KSpsOdg49lc-aQ",
    "token_type": "bearer",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJjMzdjN2FlZi00NDdkLTRmMWEtYTMyMi0wMjc4MmZmN2QwMGIiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJQb3N0bWFuIiwic3ViIjoiYjNmNGQ5MTktOGNjNS00MTNjLTllMTEtM2MyYzY3NWIyZjhmIiwidHlwIjoiSUQiLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjoxNTEwODM4MDUwLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwibmFtZSI6IkZyb2RlIEJlY2ttYW5uIE5pbHNlbiIsImdpdmVuX25hbWUiOiJGcm9kZSBCZWNrbWFubiIsImZhbWlseV9uYW1lIjoiTmlsc2VuIiwiYmlydGhkYXRlIjoiMTk2Ni0xMi0xOCIsInVwZGF0ZWRfYXQiOjE0NzQ4OTAzNTEwMDAsImFjciI6IjQiLCJubmluX2FsdHN1YiI6IjE4MTI2NjM1NTQ3IiwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.jPESXd1TFFpiaIiOPDgXbqT1INR6yHdql1ZNsjX77Zf4RnI0xaM_SNC0ZRUdARcSXkZYRNmOUXLAeXh-DAY0Rew31RMXEK_MHJKh-6C0Ooed67ei_cJxephvqe1o7_3HPvpHfOKWPVoJbg7_ytWRLaDRivkmOdkMZzUsFpCeY1GhwUD_g_-Otnsbv-FSQgJ-w-vrehQGHfiuIlP-QYMKxA7cH_-ViJh4NuQ6xzLSafNYCx0vk2NDS9wKwnjaj0Sl2AWL5zaZZ_EEfrFXEg-hWDcAc5YdECM0APFoPESqzi0Cu26bOpnQP7ZuO9DNhB2eoeSOIlC6hu89TIALyB2S8w",
    "not-before-policy": 0,
    "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580"
}

The following are decoding of the tokens returned in the above response:

Code Block
languagexml
themeConfluence
titleDecoded tokens
Access Token
{
  "jti": "5bebba2e-e10c-47d8-a63c-92ab55b4bb4f",
  "exp": 1510838469,
  "nbf": 0,
  "iat": 1510838169,
  "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
  "aud": "tinfo",
  "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
  "typ": "Bearer",
  "azp": "Postman",
  "auth_time": 1510838050,
  "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
  "name": "Frode Beckmann Nilsen",
  "given_name": "Frode Beckmann",
  "family_name": "Nilsen",
  "acr": "4",
  "allowed-origins": [],
  "realm_access": {
    "roles": [
      "nnin_altsub",
      "profile"
    ]
  },
  "resource_access": {
    "tinfo": {
      "roles": [
        "address",
        "phone",
        "email"
      ]
    }
  },
  "amr": "BID",
  "bankid_altsub": "9578-6000-4-30799"
}
 
Refresh Token
{
  "jti": "5c417d3b-2025-4a87-b61a-cd0649ef838f",
  "exp": 1510839969,
  "nbf": 0,
  "iat": 1510838169,CN=BankID - TestBank1 - Bank CA 3,OU=123456789,O=TestBank1 AS,C=NO;OrginatorId=9980;OriginatorName=BINAS;OriginatorId=9980",
    "additionalCertInfo": {
        "certValidFrom": 1629280620000,
        "serialNumber": "1722744",
        "keyAlgorithm": "RSA",
        "keySize": "2048",
        "policyOid": "2.16.578.1.16.1.12.1.1",
        "monetaryLimitAmount": "100000",
        "certQualified": true,
        "monetaryLimitCurrency": "NOK",
        "certValidTo": 1692352620000,
        "versionNumber": "3",
        "subjectName": "CN=BankID\\, Test User,O=TestBank1 AS,C=NO,SERIALNUMBER=9578-6000-4-634582"
    },
    "tid": "11dac3b2-84a3-4c84-8d9d-a819c906b782"
}

Refresh token exchange

The following example shows a request / response pair for an Refresh Token Exchange with the Token endpoint corresponding to the above example on a Authorization Code Exchange. 

Code Block
languagexml
themeConfluence
titleRefresh Token Exchange
POST /auth/realms/current/protocol/openid-connect/token HTTP/1.1
Host: auth.current.bankid.no
User-Agent: curl/7.64.1
Accept: */*
Authorization: Basic b2lkYy10ZXN0Y2xpZW50OmYwOTg5NjgxLTkyM2YtNGUyYi1iMzRjLWU5NGQwOWIyYjIxYw==
Content-Length: 718
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&scope=openid+profile&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjMWJjNDkyYy1jNDYwLTQ1ZWItYTQ5Yi1hYjAxY2IyZGJkOGIifQ.eyJleHAiOjE2MjkyODc4NTcsImlhdCI6MTYyOTI4NjA1NywianRpIjoiNTM2NjI5ZTgtZWIzZS00MmY1LTgxYTAtMmUzZWJiZTI2ZGM3IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmN1cnJlbnQuYmFua2lkLm5vL2F1dGgvcmVhbG1zL2N1cnJlbnQiLCJhdWQiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsInN1YiI6IjJjZDdjZWNkLWQ0NDQtNDY4NS1iYjA0LThiYmZkYjQ1YTA2OSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJvaWRjLXRlc3RjbGllbnQiLCJub25jZSI6ImRlbW9Ob25jZSIsInNlc3Npb25fc3RhdGUiOiI2NjgwMWNlZi03NzQ2LTRkZDYtYTAxOC00M2JkYTVjNzAwMmIiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIn0.LwE6_mB1JSIF9EfjlP5cQeoQjvnGTzxtaVR2Qae4WIM

HTTP/1.1 200 OK
Date: Wed, 18 Aug 2021 11:53:21 GMT
Server: web
Cache-Control: no-store
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Type: application/json
Content-Length: 4301

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJleHAiOjE2MjkyODc5MDEsImlhdCI6MTYyOTI4NzYwMSwiYXV0aF90aW1lIjoxNjI5Mjg1OTk4LCJqdGkiOiJmMWUwZDczZi1iNWYxLTRlZWYtOTZjOS1jN2NmNWI3N2U1NWIiLCJpc3MiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsImF1ZCI6InRpbmZvIiwic3ViIjoiMmNkN2NlY2QtZDQ0NC00Njg1LWJiMDQtOGJiZmRiNDVhMDY5IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoib2lkYy10ZXN0Y2xpZW50Iiwibm9uY2UiOiJkZW1vTm9uY2UiLCJzZXNzaW9uX3N0YXRlIjoiNjY4MDFjZWYtNzc0Ni00ZGQ2LWEwMTgtNDNiZGE1YzcwMDJiIiwibmFtZSI6IlRlc3QgVXNlciBCYW5rSUQiLCJnaXZlbl9uYW1lIjoiVGVzdCBVc2VyIiwiZmFtaWx5X25hbWUiOiJCYW5rSUQiLCJiaXJ0aGRhdGUiOiIyMDE4LTA1LTA5IiwiYWNyIjoidXJuOmJhbmtpZDpiaWQ7TE9BPTQiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbInByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIiwiYW1yIjoiQklEIiwicmVzb3VyY2VfY2xhaW1zIjp7fSwiYmFua2lkX2FsdHN1YiI6Ijk1NzgtNjAwMC00LTYzNDU4MiIsIm9yaWdpbmF0b3IiOiJDTj1CYW5rSUQgLSBUZXN0QmFuazEgLSBCYW5rIENBIDMsT1U9MTIzNDU2Nzg5LE89VGVzdEJhbmsxIEFTLEM9Tk87T3JnaW5hdG9ySWQ9OTk4MDtPcmlnaW5hdG9yTmFtZT1CSU5BUztPcmlnaW5hdG9ySWQ9OTk4MCJ9.ovary8mYylT5vsEgJ1ZF2yu1FbIIlnymsmjPhGTSCdGWCD08y03qrk6Nf6af_-ohM6kv33HQvWKcGL1Cuq_a5TEhKTgPyldXnTBnn1Fu9T33UlqwXiQWpi4o_ONOpZH6wO03R2-KgmKbPli7yzB_Xh_cD4sJy3zRK3d6veGP6Bjre5EMSyiAH3wpRhH7kmrdBkyaqKqRK8xfnnh-tu-7VSqurEM1km18a5dUw1uTozO-y2bFKrBt2ZWAsjVdLsBxTw8k-2oDBPpcyJ6_NubDJwrwGjfEgN4zz8GawHvcivQ1jCE1dMW7k3P8_bTQ5FVOQkyAY0PJRRCcuoobCUp_cA",
    "expires_in": 300,
    "refresh_expires_in": 1800,
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjMWJjNDkyYy1jNDYwLTQ1ZWItYTQ5Yi1hYjAxY2IyZGJkOGIifQ.eyJleHAiOjE2MjkyODk0MDEsImlhdCI6MTYyOTI4NzYwMSwianRpIjoiYWQyNDIwMzItNjgyNy00MTcwLTg5ZDEtNmE1ZDRjN2EzZTEwIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLmN1cnJlbnQuYmFua2lkLm5vL2F1dGgvcmVhbG1zL2N1cnJlbnQiLCJhdWQiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsInN1YiI6IjJjZDdjZWNkLWQ0NDQtNDY4NS1iYjA0LThiYmZkYjQ1YTA2OSIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJvaWRjLXRlc3RjbGllbnQiLCJub25jZSI6ImRlbW9Ob25jZSIsInNlc3Npb25fc3RhdGUiOiI2NjgwMWNlZi03NzQ2LTRkZDYtYTAxOC00M2JkYTVjNzAwMmIiLCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIn0.d5aLQRdmZny6H4BLbEJPVu5xpAh0jSSDIcD5pW-3yMU",
    "token_type": "bearer",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJleHAiOjE2MjkyODc5MDEsImlhdCI6MTYyOTI4NzYwMSwiYXV0aF90aW1lIjoxNjI5Mjg1OTk4LCJqdGkiOiI3NDEwMzkxMC1iZTVjLTQ0MzAtYjhjNi1lNGI4MzVjY2UyNmUiLCJpc3MiOiJodHRwczovL2F1dGguY3VycmVudC5iYW5raWQubm8vYXV0aC9yZWFsbXMvY3VycmVudCIsImF1ZCI6Im9pZGMtdGVzdGNsaWVudCIsInN1YiI6IjJjZDdjZWNkLWQ0NDQtNDY4NS1iYjA0LThiYmZkYjQ1YTA2OSIsInR5cCI6IklEIiwiYXpwIjoib2lkYy10ZXN0Y2xpZW50Iiwibm9uY2UiOiJkZW1vTm9uY2UiLCJzZXNzaW9uX3N0YXRlIjoiNjY4MDFjZWYtNzc0Ni00ZGQ2LWEwMTgtNDNiZGE1YzcwMDJiIiwibmFtZSI6IlRlc3QgVXNlciBCYW5rSUQiLCJnaXZlbl9uYW1lIjoiVGVzdCBVc2VyIiwiZmFtaWx5X25hbWUiOiJCYW5rSUQiLCJiaXJ0aGRhdGUiOiIyMDE4LTA1LTA5IiwidXBkYXRlZF9hdCI6MTYyOTI4MDYyMDAwMCwiYWNyIjoidXJuOmJhbmtpZDpiaWQ7TE9BPTQiLCJhbXIiOiJCSUQiLCJiYW5raWRfYWx0c3ViIjoiOTU3OC02MDAwLTQtNjM0NTgyIiwib3JpZ2luYXRvciI6IkNOPUJhbmtJRCAtIFRlc3RCYW5rMSAtIEJhbmsgQ0EgMyxPVT0xMjM0NTY3ODksTz1UZXN0QmFuazEgQVMsQz1OTztPcmdpbmF0b3JJZD05OTgwO09yaWdpbmF0b3JOYW1lPUJJTkFTO09yaWdpbmF0b3JJZD05OTgwIiwiYWRkaXRpb25hbENlcnRJbmZvIjp7ImNlcnRWYWxpZEZyb20iOjE2MjkyODA2MjAwMDAsInNlcmlhbE51bWJlciI6IjE3MjI3NDQiLCJrZXlBbGdvcml0aG0iOiJSU0EiLCJrZXlTaXplIjoiMjA0OCIsInBvbGljeU9pZCI6IjIuMTYuNTc4LjEuMTYuMS4xMi4xLjEiLCJtb25ldGFyeUxpbWl0QW1vdW50IjoiMTAwMDAwIiwiY2VydFF1YWxpZmllZCI6dHJ1ZSwibW9uZXRhcnlMaW1pdEN1cnJlbmN5IjoiTk9LIiwiY2VydFZhbGlkVG8iOjE2OTIzNTI2MjAwMDAsInZlcnNpb25OdW1iZXIiOiIzIiwic3ViamVjdE5hbWUiOiJDTj1CYW5rSURcXCwgVGVzdCBVc2VyLE89VGVzdEJhbmsxIEFTLEM9Tk8sU0VSSUFMTlVNQkVSPTk1NzgtNjAwMC00LTYzNDU4MiJ9LCJ0aWQiOiIxMWRhYzNiMi04NGEzLTRjODQtOGQ5ZC1hODE5YzkwNmI3ODIifQ.EBcqS2r8qc1AOyxM9NNm2cgi9Q3ZsSrxn3ydS8h8QxA9Vfx2cervUfWNzS3lSibuz8PslAJC9iz8lxfjPWQKQ44u1pWtB4S-aUZKXnXNOb4qmwQZv0ZpK48iGr6jOm_4wb4W2FcfQnavVlOuGRfCdq_BokGQETFwKtRlU4F9ojnoi2MtNMrjAZ9An1eWdYRkS1Ramzrftskkrq4hEnFyCpWIZOQXMRp-7HkRMRfw6xjLudHNzPzNl0tmxOzxTke8SMAlTnG-eL03Z1LhJKo7bMB-1KIEvdD6jgQTJ0sGdSgGYHcKiWut5fWQ_6pHMCtWl9b8YbtcfCLjyxZkk7J86g",
    "not-before-policy": 0,
    "session_state": "66801cef-7746-4dd6-a018-43bda5c7002b",
    "scope": "openid profile"
}


The following are decoding of the tokens returned in the above response:

Code Block
languagexml
themeConfluence
titleDecoded tokens
Access Token
{
    "exp": 1629287901,
    "iat": 1629287601,
    "auth_time": 1629285998,
    "jti": "f1e0d73f-b5f1-4eef-96c9-c7cf5b77e55b",
    "iss": "https://auth.current.bankid.no/auth/realms/current",
    "aud": "tinfo",
    "sub": "2cd7cecd-d444-4685-bb04-8bbfdb45a069",
    "typ": "Bearer",
    "azp": "oidc-testclient",
    "nonce": "demoNonce",
    "session_state": "66801cef-7746-4dd6-a018-43bda5c7002b",
    "name": "Test User BankID",
    "given_name": "Test User",
    "family_name": "BankID",
    "birthdate": "2018-05-09",
    "acr": "urn:bankid:bid;LOA=4",
    "realm_access": {
        "roles": [
            "profile"
        ]
    },
    "resource_access": {
        "tinfo": {
            "roles": [
                "profile"
            ]
        }
    },
    "scope": "openid profile",
    "amr": "BID",
    "resource_claims": {},
    "bankid_altsub": "9578-6000-4-634582",
    "originator": "CN=BankID - TestBank1 - Bank CA 3,OU=123456789,O=TestBank1 AS,C=NO;OrginatorId=9980;OriginatorName=BINAS;OriginatorId=9980"
}
 
Refresh Token
{
    "exp": 1629289401,
    "iat": 1629287601,
    "jti": "ad242032-6827-4170-89d1-6a5d4c7a3e10",
    "iss": "https://auth.current.bankid.no/auth/realms/current",
    "aud": "https://auth.current.bankid.no/auth/realms/current",
    "sub": "2cd7cecd-d444-4685-bb04-8bbfdb45a069",
    "typ": "Refresh",
    "azp": "oidc-testclient",
    "nonce": "demoNonce",
    "session_state": "66801cef-7746-4dd6-a018-43bda5c7002b",
    "scope": "openid profile"
}

ID Token
{
    "exp": 1629287901,
    "iat": 1629287601,
    "auth_time": 1629285998,
    "jti": "74103910-be5c-4430-b8c6-e4b835cce26e",
    "iss": "https://oidc-preprod.bankidapisauth.current.bankid.no/auth/realms/preprodcurrent",
    "aud": "tinfooidc-testclient",
    "sub": "b3f4d9192cd7cecd-8cc5d444-413c4685-9e11bb04-3c2c675b2f8f8bbfdb45a069",
 
"typ": "Refresh",   "azptyp": "PostmanID",

 "auth_time": 0,   "session_stateazp": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
  "realm_access": {oidc-testclient",
     "rolesnonce": ["demoNonce",
    "session_state":  "nnin_altsub",
 "66801cef-7746-4dd6-a018-43bda5c7002b",
    "profilename": "Test User BankID",
 ]   },
  "resourcegiven_accessname": {"Test User",
    "tinfofamily_name": {
"BankID",
     "rolesbirthdate": [
  "2018-05-09",
     "address"updated_at": 1629280620000,
        "phone"acr": "urn:bankid:bid;LOA=4",
       "amr": "emailBID",
      ]
    }"bankid_altsub": "9578-6000-4-634582",
   } }
 
ID Token
{
  "jti": "c37c7aef-447d-4f1a-a322-02782ff7d00b"originator": "CN=BankID - TestBank1 - Bank CA 3,OU=123456789,O=TestBank1 AS,C=NO;OrginatorId=9980;OriginatorName=BINAS;OriginatorId=9980",
    "expadditionalCertInfo": 1510838469,{
    "nbf": 0,   "iatcertValidFrom": 15108381691629280620000,
    "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",   "audserialNumber": "Postman1722744",
  "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",      "typkeyAlgorithm": "IDRSA",
        "azpkeySize": "Postman2048",
  "auth_time": 1510838050,      "session_statepolicyOid": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
  "name": "Frode Beckmann Nilsen",2.16.578.1.16.1.12.1.1",
        "given_namemonetaryLimitAmount": "Frode Beckmann100000",
        "family_namecertQualified": "Nilsen",true,
        "birthdatemonetaryLimitCurrency": "1966-12-18NOK",
  "updated_at      "certValidTo": 14748903510001692352620000,
  "acr      "versionNumber": "43",
        "nnin_altsubsubjectName": "181266*****"CN=BankID\\, Test User,O=TestBank1 "amr": "BID",AS,C=NO,SERIALNUMBER=9578-6000-4-634582"
    },
    "bankid_altsubtid": "957811dac3b2-84a3-60004c84-48d9d-30799a819c906b782"
}

...