Token
URL | https://<oidc-baseurl>/protocol/openid-connect/token |
---|---|
Request | POST with 24875638 in body as application/x-www-form-urlencoded data |
Authentication | OIDC/OAuth2 client authentication according to supported methods |
Success response | 200 OK with JSON containing 24875638 |
Error response | 400 Bad request with JSON containing standard error reponse elements |
Example | See 24875638 |
Token is a standard endpoint used for requesting various combinations of ID Token, Access Token and Refresh Token. The type of request (and corresponding response) is determined by the grant_type
24875638 as described further below.
Request parameters
The OIDC Provider supports three different grant types as described in the following, each with a corresponding set of request parameters. In addition comes request parameters related to Client authentication.
Authorization Code
This grant type is associated with the Authorization code flow and Hybrid flow. In both cases the other parameters shown below are related to a preceeding Authorize request that involves interaction with the end-user.
Name | Description |
---|---|
grant_type | authorization_code |
code | Value from response of the foregoing Authorize request |
redirect_uri |
Note: Repeating this uri in the token request a countermeasure against code leakage attacks |
Client Credentials
This grant type is associated with the Client credential flow. This grant type does not involve any end-user interaction and is not related to any preceeding Authorize request.
Name | Description |
---|---|
grant_type | client_credentials |
scope | List of scopes specifying what kind of resources (dataset) the OIDC Client requests access to. |
Refresh Token
This grant type is used to refresh a previously issued Access Token via a corresponding Refresh Token issued along with the previous Access Token.
Name | Description |
---|---|
grant_type | refresh_token |
refresh_token | JWT value for the refresh token from any foregoing Token response |
scope | Requested scopes for the new set of tokens. Note: The scopes must be identical to or narrower that the original scopes of the associated Authorize request. Note that scope values are case-sensitive. |
Response elements
Reponses are similar for Authorization Code and Refresh Token but different for Client Credentials.
Authorization Code and Refresh Token
The response for Authorization Code and Refresh Token is a JSON structure according to Keycloack default with the following claims
Name | Description | Comment |
---|---|---|
id_token | JWT encoded ID Token | Standard claim with Keycloack specific content |
access_token | JWT encoded Access Token | Standard claim with Keycloack specific content |
token_type | Always Bearer | Standard claim |
expires_in | Life-time of access_token. | Standard claim. Related to the exp claim inside the Access Token. See session handling |
refresh_token | JWT encoded Refresh Token | Standard claim with Keycloack specific content |
refresh_expires_in | Life-time of refresh_token | Keycloack specific claim. Related to the exp claim inside the Refresh Token. See session handling |
not-before-policy | TBD | Keycloack specific claim |
session_state | TBD | Keycloack specific claim |
Client Credentials
The response for Client Credentials is a JSON structure similar to that for Authorization Code and Refresh Token with the exception that the id_token
claim is not present.
Example
The following example shows a request / response pair for an Authorization Code Grant. The example is generated from Postman (which is configured as a client at the OIDC Provider) corresponding to the example shown for the Authorize endpoint.
POST /auth/realms/preprod/protocol/openid-connect/token HTTP/1.1 Host: oidc-preprod.bankidapis.no Connection: close Content-Length: 306 Accept: */* Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop Authorization: Basic UG9zdG1hbjo5YWE3NDBhZi03NGIxLTQ2ODMtOWFhNi02NWJiNDBmYmY1Zjk= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback&grant_type=authorization_code&state=10455063&code=uss.iq5WXmK5dDQCprQn8kMz_EIiBrAYA0hxOc9jZM0pZfo.bf0a4c9f-2d00-43d8-8288-01b83ab1e580.1714e8ff-0adf-449f-8c50-bf0a77617a43 HTTP/1.1 200 OK Date: Thu, 16 Nov 2017 13:14:36 GMT Server: WildFly/10 X-Powered-By: Undertow/1 Content-Type: application/json Content-Length: 3770 Via: 1.1 oidc-preprod.bankidapis.no Connection: close { "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YmViYmEyZS1lMTBjLTQ3ZDgtYTYzYy05MmFiNTViNGJiNGYiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlBvc3RtYW4iLCJhdXRoX3RpbWUiOjE1MTA4MzgwNTAsInNlc3Npb25fc3RhdGUiOiJiZjBhNGM5Zi0yZDAwLTQzZDgtODI4OC0wMWI4M2FiMWU1ODAiLCJuYW1lIjoiRnJvZGUgQmVja21hbm4gTmlsc2VuIiwiZ2l2ZW5fbmFtZSI6IkZyb2RlIEJlY2ttYW5uIiwiZmFtaWx5X25hbWUiOiJOaWxzZW4iLCJhY3IiOiI0IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fSwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.DD5TUdN-OYDp9EfHVaNuQurDGcElTx48RlUygUfkxFR7181qJtAO69Pz7u6-7aavo9D9QHRqrXSengUSoyXOl0BmtwPBIuLuEdjKBHtQgvoAOW-xf_7J8mKNcq2_pLp9WO5ajG5N9mvls-DlgE_1nt_MKNtp_bYso11bSn59QIKlUsQ4jY2VqaItsCW04aa1ZFOK5JbuW4quqkqwM0vVglT99oh3CBVLmP3G6JT-i0OVBETSx8sX5-GS7IKuZf-WNzKO3aE4LQc6pweSPbuEpfG9J4EOU5PockJnQNW9keVEdhH_5Nw5Bj_FL8DmFhx03KnkWex9VfT0QfcICwMILA", "expires_in": 300, "refresh_expires_in": 1800, "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YzQxN2QzYi0yMDI1LTRhODctYjYxYS1jZDA2NDllZjgzOGYiLCJleHAiOjE1MTA4Mzk5NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.HN8ZSjaNbiKVts238C41lR6AC4sJyqpjRn2vxoVdG7Dhg6jmwHvk-8vkapPmxQ_s-oCVlMZbDsJAGj1Ecxs-jVZIC4WbL2vlJ_pJpt8d0PaXFu3G1XhnZjSs4d3lWXHLnlrOBMFAUUCEwIGMAuCaS4ef-tSFL0fzG55mb3JlxVJLO6uvlYaIUx_K_5hrQ0e12GreMsXsgwFUnK1JQPThk11dGeHntNEm84nMtz7QfcrV2Ob0RyOcRB796Qbv_NK5BoH9GXZQswW09KpukUPNLru7mvkuPUtnLnAd9ng0QlnrolAv9UOgQJQ2NSw7q70kB7cJ5_J2KSpsOdg49lc-aQ", "token_type": "bearer", "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJjMzdjN2FlZi00NDdkLTRmMWEtYTMyMi0wMjc4MmZmN2QwMGIiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJQb3N0bWFuIiwic3ViIjoiYjNmNGQ5MTktOGNjNS00MTNjLTllMTEtM2MyYzY3NWIyZjhmIiwidHlwIjoiSUQiLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjoxNTEwODM4MDUwLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwibmFtZSI6IkZyb2RlIEJlY2ttYW5uIE5pbHNlbiIsImdpdmVuX25hbWUiOiJGcm9kZSBCZWNrbWFubiIsImZhbWlseV9uYW1lIjoiTmlsc2VuIiwiYmlydGhkYXRlIjoiMTk2Ni0xMi0xOCIsInVwZGF0ZWRfYXQiOjE0NzQ4OTAzNTEwMDAsImFjciI6IjQiLCJubmluX2FsdHN1YiI6IjE4MTI2NjM1NTQ3IiwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.jPESXd1TFFpiaIiOPDgXbqT1INR6yHdql1ZNsjX77Zf4RnI0xaM_SNC0ZRUdARcSXkZYRNmOUXLAeXh-DAY0Rew31RMXEK_MHJKh-6C0Ooed67ei_cJxephvqe1o7_3HPvpHfOKWPVoJbg7_ytWRLaDRivkmOdkMZzUsFpCeY1GhwUD_g_-Otnsbv-FSQgJ-w-vrehQGHfiuIlP-QYMKxA7cH_-ViJh4NuQ6xzLSafNYCx0vk2NDS9wKwnjaj0Sl2AWL5zaZZ_EEfrFXEg-hWDcAc5YdECM0APFoPESqzi0Cu26bOpnQP7ZuO9DNhB2eoeSOIlC6hu89TIALyB2S8w", "not-before-policy": 0, "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580" }
The following are decoding of the tokens returned in the above response:
Access Token { "jti": "5bebba2e-e10c-47d8-a63c-92ab55b4bb4f", "exp": 1510838469, "nbf": 0, "iat": 1510838169, "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod", "aud": "tinfo", "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f", "typ": "Bearer", "azp": "Postman", "auth_time": 1510838050, "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580", "name": "Frode Beckmann Nilsen", "given_name": "Frode Beckmann", "family_name": "Nilsen", "acr": "4", "allowed-origins": [], "realm_access": { "roles": [ "nnin_altsub", "profile" ] }, "resource_access": { "tinfo": { "roles": [ "address", "phone", "email" ] } }, "amr": "BID", "preferred_username": "Nilsen, Frode Beckmann", "bankid_altsub": "9578-6000-4-30799" } Refresh Token { "jti": "5c417d3b-2025-4a87-b61a-cd0649ef838f", "exp": 1510839969, "nbf": 0, "iat": 1510838169, "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod", "aud": "tinfo", "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f", "typ": "Refresh", "azp": "Postman", "auth_time": 0, "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580", "realm_access": { "roles": [ "nnin_altsub", "profile" ] }, "resource_access": { "tinfo": { "roles": [ "address", "phone", "email" ] } } } ID Token { "jti": "c37c7aef-447d-4f1a-a322-02782ff7d00b", "exp": 1510838469, "nbf": 0, "iat": 1510838169, "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod", "aud": "Postman", "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f", "typ": "ID", "azp": "Postman", "auth_time": 1510838050, "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580", "name": "Frode Beckmann Nilsen", "given_name": "Frode Beckmann", "family_name": "Nilsen", "birthdate": "1966-12-18", "updated_at": 1474890351000, "acr": "4", "nnin_altsub": "181266*****", "amr": "BID", "preferred_username": "Nilsen, Frode Beckmann", "bankid_altsub": "9578-6000-4-30799" }
The following example shows a request / response pair for an Refresh Token Exchange with the Token endpoint corresponding to the above example on a Authorization Code Exchange.
POST /auth/realms/preprod/protocol/openid-connect/token HTTP/1.1 Host: oidc-preprod.bankidapis.no Connection: close Content-Length: 1167 Authorization: Basic UG9zdG1hbjo5YWE3NDBhZi03NGIxLTQ2ODMtOWFhNi02NWJiNDBmYmY1Zjk= Postman-Token: b88036f2-c45b-995c-9c63-b5c48b968304 Cache-Control: no-cache Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: */* Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 grant_type=refresh_token&scope=openid+profile+nnin_altsub&refresh_token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJmZjRkYWM3Ni1mMzVjLTQ1M2YtYTQ2MS0wOTY5MjI3YjU1YTIiLCJleHAiOjE1MTA4Mzk4NzYsIm5iZiI6MCwiaWF0IjoxNTEwODM4MDc2LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.d1INYQxzn0ofCg2zIVS8zd0K7GUbuLHRH6TwDsiDiiHkNZCg9wA6ef4S6HT0Wjg4CHqCv7mmZamChwsX_GlbsujtkTysUvRx_57LeGXQYDsCNVU0UrnhZ2dbfL9-YUwa5-An6Fdm0swkBn_5ivpqWK3cLBnl00Rirv8TTqT07mYpvIdFdVpc0QbOayhdVuVNYjKnEhBrliUVoaOfdrq1wtxecPsEx5uFOgxwR1VvMuDMBm25Fc4LPUwkSyYdCQEQi2BjfbjyJkwUdu8ASYN5GrDs_vW1FvIHTijIJvhawtmXCOusMxxkNXkF9V1PFGtXlzBA4YRQZCUyIvy2zhTgbQ HTTP/1.1 200 OK Date: Thu, 16 Nov 2017 13:16:09 GMT Server: WildFly/10 X-Powered-By: Undertow/1 Content-Type: application/json Content-Length: 3770 Via: 1.1 oidc-preprod.bankidapis.no Connection: close { "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YmViYmEyZS1lMTBjLTQ3ZDgtYTYzYy05MmFiNTViNGJiNGYiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlBvc3RtYW4iLCJhdXRoX3RpbWUiOjE1MTA4MzgwNTAsInNlc3Npb25fc3RhdGUiOiJiZjBhNGM5Zi0yZDAwLTQzZDgtODI4OC0wMWI4M2FiMWU1ODAiLCJuYW1lIjoiRnJvZGUgQmVja21hbm4gTmlsc2VuIiwiZ2l2ZW5fbmFtZSI6IkZyb2RlIEJlY2ttYW5uIiwiZmFtaWx5X25hbWUiOiJOaWxzZW4iLCJhY3IiOiI0IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fSwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.DD5TUdN-OYDp9EfHVaNuQurDGcElTx48RlUygUfkxFR7181qJtAO69Pz7u6-7aavo9D9QHRqrXSengUSoyXOl0BmtwPBIuLuEdjKBHtQgvoAOW-xf_7J8mKNcq2_pLp9WO5ajG5N9mvls-DlgE_1nt_MKNtp_bYso11bSn59QIKlUsQ4jY2VqaItsCW04aa1ZFOK5JbuW4quqkqwM0vVglT99oh3CBVLmP3G6JT-i0OVBETSx8sX5-GS7IKuZf-WNzKO3aE4LQc6pweSPbuEpfG9J4EOU5PockJnQNW9keVEdhH_5Nw5Bj_FL8DmFhx03KnkWex9VfT0QfcICwMILA", "expires_in": 300, "refresh_expires_in": 1800, "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YzQxN2QzYi0yMDI1LTRhODctYjYxYS1jZDA2NDllZjgzOGYiLCJleHAiOjE1MTA4Mzk5NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.HN8ZSjaNbiKVts238C41lR6AC4sJyqpjRn2vxoVdG7Dhg6jmwHvk-8vkapPmxQ_s-oCVlMZbDsJAGj1Ecxs-jVZIC4WbL2vlJ_pJpt8d0PaXFu3G1XhnZjSs4d3lWXHLnlrOBMFAUUCEwIGMAuCaS4ef-tSFL0fzG55mb3JlxVJLO6uvlYaIUx_K_5hrQ0e12GreMsXsgwFUnK1JQPThk11dGeHntNEm84nMtz7QfcrV2Ob0RyOcRB796Qbv_NK5BoH9GXZQswW09KpukUPNLru7mvkuPUtnLnAd9ng0QlnrolAv9UOgQJQ2NSw7q70kB7cJ5_J2KSpsOdg49lc-aQ", "token_type": "bearer", "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJjMzdjN2FlZi00NDdkLTRmMWEtYTMyMi0wMjc4MmZmN2QwMGIiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJQb3N0bWFuIiwic3ViIjoiYjNmNGQ5MTktOGNjNS00MTNjLTllMTEtM2MyYzY3NWIyZjhmIiwidHlwIjoiSUQiLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjoxNTEwODM4MDUwLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwibmFtZSI6IkZyb2RlIEJlY2ttYW5uIE5pbHNlbiIsImdpdmVuX25hbWUiOiJGcm9kZSBCZWNrbWFubiIsImZhbWlseV9uYW1lIjoiTmlsc2VuIiwiYmlydGhkYXRlIjoiMTk2Ni0xMi0xOCIsInVwZGF0ZWRfYXQiOjE0NzQ4OTAzNTEwMDAsImFjciI6IjQiLCJubmluX2FsdHN1YiI6IjE4MTI2NjM1NTQ3IiwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.jPESXd1TFFpiaIiOPDgXbqT1INR6yHdql1ZNsjX77Zf4RnI0xaM_SNC0ZRUdARcSXkZYRNmOUXLAeXh-DAY0Rew31RMXEK_MHJKh-6C0Ooed67ei_cJxephvqe1o7_3HPvpHfOKWPVoJbg7_ytWRLaDRivkmOdkMZzUsFpCeY1GhwUD_g_-Otnsbv-FSQgJ-w-vrehQGHfiuIlP-QYMKxA7cH_-ViJh4NuQ6xzLSafNYCx0vk2NDS9wKwnjaj0Sl2AWL5zaZZ_EEfrFXEg-hWDcAc5YdECM0APFoPESqzi0Cu26bOpnQP7ZuO9DNhB2eoeSOIlC6hu89TIALyB2S8w", "not-before-policy": 0, "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580" }
The following are decoding of the tokens returned in the above response:
Access Token { "jti": "5bebba2e-e10c-47d8-a63c-92ab55b4bb4f", "exp": 1510838469, "nbf": 0, "iat": 1510838169, "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod", "aud": "tinfo", "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f", "typ": "Bearer", "azp": "Postman", "auth_time": 1510838050, "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580", "name": "Frode Beckmann Nilsen", "given_name": "Frode Beckmann", "family_name": "Nilsen", "acr": "4", "allowed-origins": [], "realm_access": { "roles": [ "nnin_altsub", "profile" ] }, "resource_access": { "tinfo": { "roles": [ "address", "phone", "email" ] } }, "amr": "BID", "preferred_username": "Nilsen, Frode Beckmann", "bankid_altsub": "9578-6000-4-30799" } Refresh Token { "jti": "5c417d3b-2025-4a87-b61a-cd0649ef838f", "exp": 1510839969, "nbf": 0, "iat": 1510838169, "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod", "aud": "tinfo", "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f", "typ": "Refresh", "azp": "Postman", "auth_time": 0, "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580", "realm_access": { "roles": [ "nnin_altsub", "profile" ] }, "resource_access": { "tinfo": { "roles": [ "address", "phone", "email" ] } } } ID Token { "jti": "c37c7aef-447d-4f1a-a322-02782ff7d00b", "exp": 1510838469, "nbf": 0, "iat": 1510838169, "iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod", "aud": "Postman", "sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f", "typ": "ID", "azp": "Postman", "auth_time": 1510838050, "session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580", "name": "Frode Beckmann Nilsen", "given_name": "Frode Beckmann", "family_name": "Nilsen", "birthdate": "1966-12-18", "updated_at": 1474890351000, "acr": "4", "nnin_altsub": "181266*****", "amr": "BID", "preferred_username": "Nilsen, Frode Beckmann", "bankid_altsub": "9578-6000-4-30799" }