Token is a standard endpoint used for requesting various combinations of ID Token, Access Token and Refresh Token. In addition, BankID OIDC extends the token response with the BankID Proof token if requested. The type of request (and corresponding response) is determined by the grant_type request parameter as described further below.

Table of Contents

maxLevel	2

Overview

URL	`https://<oidc-baseurl>/protocol/openid-connect/token`
Request	`POST` with parameters in body as `application/x-www-form-urlencoded` data
Authentication	OIDC/OAuth2 client authentication according to supported methods
Success response	`200 OK` with JSON containing response elements
Error response	`400 Bad request` with JSON containing standard error reponse elements
Example	See below

...

The response for Authorization Code and Refresh Token is a JSON structure according to Keycloack Keycloak default with the following claims

Name	Description	Comment
`id_token`	JWT encoded ID Token	Standard claim with Keycloack Keycloak specific content
`access_token`	JWT encoded Access Token	Standard claim with Keycloack Keycloak specific content
`token_type`	Always `bearer`	Standard claim. Change notice: Will be changed to Bearer
`expires_in`	Life-time of access_token.	Standard claim. Related to the `exp` claim inside the Access Token. See session handling
`refresh_token`	JWT encoded Refresh Token	Standard claim with Keycloack Keycloak specific content
`refresh_expires_in`	Life-time of refresh_token	Keycloack Keycloak specific claim. Related to the `exp` claim inside the Refresh Token. See session handling
`bankid_proof`	JWT encoded BankID Proof Token	BankID OIDC custom claim that includes proof of BankID authentication. Included if requested using the `bankid_proof` scope.
`not-before-policy`	TBD	Keycloack Keycloak specific claim
`session_state`	TBD	Keycloack Keycloak specific claim. Depreciation notice: Will be replaced by sid
`sid`	Session ID	Keycloack Keycloak specific claim.

Client Credentials

...