Scopes and claims (TINFO)
The set of claims supported by TINFO via Userinfo (TINFO) is shown in the below table. Supported claims contain both standard items and custom additions for the OIDC Provider from BankID. The standard claims iss
, sub,
and aud
updated_at
are always returned. The following conditions must otherwise be met for any particular claim to be returned:
- The OIDC Client must request the scope associated with the claim
- The claim must be configured for the OIDC Client at the OIDC Provider
- The end-user must give his consent if the claim demands consent handling
Due to (2) and (3), note that the set of returned claims may differ from the set of requested claims (1). The set of allowed claim for any particular Access Token is resolved by Introspection.
Five different scope configurations are supported as suggested by the below table, corresponding to the standard scopes profile
, email
, phone
and address
and the non-standard scope nnin
. Note that some of the claims associated with the profile
scope are returned with the ID Token whereas others are returned via Userinfo. Among all supported claims, note that nnin
is available only to eligible OIDC Clients. The end-user is always in control of the set of claims that is actually returned since most claims demand consent from the end-user.
The OIDC Provider from BankID supports signed responses from Userinfo.
= Supported according to standard, = In progress / future support, = Custom addition, = Require end-user consent
Claim | Support | Consent | Example | Description | Comment | Editorial comment |
---|---|---|---|---|---|---|
iss | https://preview.bankidapis.no | Issuer Identifier for the Issuer | ||||
sub | 9578-5999-4-1765512 | Subject Identifier | ||||
aud | DotNetClient | Audience | Always includes client_id | |||
updated_at | 1468582440 | Update time | Epoc time of latest update of any data element behind any of the supported claims | Must be added | ||
Profile ( scope = profile ) | ||||||
gender | Male | Gender | Gender derived from National Identity Number from associated BankID certificate | Must be added | ||
Email ( scope = email ) | ||||||
email | frobnil@something.com | Preferred email | Must be added | |||
email_verified | false | Verification status of preferred email | Must be added | |||
all_emails | {{"email":"frobnil@something.com","email_verified":false},{"email":"frode@elsething.com","email_verified":false}} | Alle emails with verification status | Must be added | |||
Phone ( scope = phone ) | ||||||
phone_number | 95871775 | Preferred phone numer | ||||
phone_number_verified | false | Verification status of preferrred phone numer | Depending on the source for the number. Numbers for BankID on Mobile are regarded as verified. | Numbers from other sources may also be regarded verified. | ||
all_phone_numbers | {{"number":"95871775","number_verified":false},{"number":"46897469","number_verified":false},{"number":"94782958","number_verified":false}} | All phone numbers with verification status | ||||
Address ( scope = address ) | ||||||
address | { "formatted": "Lybekkveien 11C\n0772 Oslo\nNorway", "country": "Norway", "street_address": "Lybekkveien 11C", "postal_code": "0772", "locality": "Oslo", "house_number": "11", "house_letter": "C", "street_name": "Lybekkveien", "verified": false } | Preferred postal address | Standardized claim with both standardized and non-standard sub-claims | |||
address.verified | false | Verification status of preferred postal address | Must be added | |||
address.formatted | Lybekkveien 11C\n0772 Oslo\nNorway | Full mailing address | ||||
address.street_address | Lybekkveien 11C | Full street address | ||||
address.locality | Oslo | City or locality | ||||
address.postal_code | 0772 | Postal code | ||||
address.country | Norway | Country | ||||
address.street_name | Lybekkveien | Street name component from | To be reviewed | |||
address.house_numer | 11 | House number component from street_address | To be reviewed | |||
address.house_letter | C | House letter component from street_address | To be reviewed | |||
all_addresses | {{ "formatted": "Lybekkveien 11C\n0772 Oslo\nNorway", "country": "Norway", "street_address": "Lybekkveien 11C", "postal_code": "0772", "locality": "Oslo", "house_number": "11", "house_letter": "C", "street_name": "Lybekkveien", "verified": false }, { "formatted": "Munkedamsveien 45A\n0250 Oslo\nNorway", "country": "Norway", "street_address": "Munkedamsveien 45A", "postal_code": "0250", "locality": "Oslo", "house_number": "45", "house_letter": "A", "street_name": "Munkedamsveien", "verified": false } } | All addresses with verification status | Must be added | |||
National Identity Number ( scope = nnin ) | ||||||
nnin | 181266***** | Norwegian National Identity Number (fødselsnummer) | Available only to eligible OIDC Client |
Unsupported Claims
The following set of standard claims are not supported by the OIDC Provider from BankID.
= Not supported
Claim | Support | Description | Comment | |
---|---|---|---|---|
Profile data ( scope = profile ) | ||||
nickname | Casual name | |||
profile | Profile page URL | |||
picture | Picture URL | |||
website | Homepage URL | |||
zoneinfo | Time zone | |||
locale | Locale | |||
address.region | Region | Sub-claim of the address claim |