Signing
The OIDC Provider from BankID supports signing of the following data elements:
...
| Warning |
|---|
Using an encrypted request parameter makes the initial authorize request to BankID OIDC confidential. Later in the internal redirect flow between BankID OIDC components, values from the request object may be shown in cleartext. See known issues (C12). |
Keys used for encryption are all marked with
...
| login_hint | request parameter | ||
| Alg | Enc | Alg | Enc |
|---|---|---|---|
| ECDH-ES | A128GCM | RSA1_5 | See openid-configuration document |
| RSA-OAEP | A128CBC-HS256 | RSA-OAEP | See openid-configuration document |
| RSA-OAEP-256 | A128CBC-HS256 | RSA-OAEP-256 | See openid-configuration document |
...