...
The default access token structure builds on Keycloack Keycloak and consists of the following three parts:
...
The claims in the Access token is outlined in the table below. The origin column indicates non-standard claims. Such claims are either added by KeycloackKeycloak or the result of customization made by the BankID OIDC Provider.
| Claim | Origin | Scope | Example | Description | Comment |
|---|---|---|---|---|---|
| General part | |||||
typ | KeycloackKeycloak | none required | Bearer | Token type | Always Bearer for Access Tokens |
allowed-origins | KeycloackKeycloak | none required | [ ] | Not in use by the OIDC Provider from BankID | |
| ID part | |||||
| Standard | none required |
| See ID Token | |
| Standard | none required |
| See ID Token | |
| Standard | none required |
| See ID Token | |
| Standard | none required |
| See ID Token | |
| Custom | none required |
| See ID Token | |
| Standard | none required |
| See session handling | |
| Standard | none required |
| See session handling | |
| Standard | none required | See ID Token | ||
| Standard | none required |
| See ID Token | |
| Standard | none required |
| See ID Token | |
| Standard | none required |
| See ID Token | |
| KeycloackKeycloak | none required |
| See ID Token | |
| Standard | none required |
| See ID Token | |
| Standard | none required |
| See ID Token | |
| Standard |
|
| See ID Token | |
| Standard |
|
| See ID Token | |
| Standard |
|
| See ID Token | |
| Standard |
|
| See ID Token | |
| Access part | |||||
aud | Standard | none required | tinfo | Audience | List of VAS-names for which the access token in question is intended |
realm_access | KeycloackKeycloak |
|
| Resource access designator at the OIDC platform level. |
|
resource_access | KeycloackKeycloak |
| {"tinfo: | Resource access designator. | |
...