Token
- Frode Nilsen (Unlicensed)
Owned by Frode Nilsen (Unlicensed)
31 Jan 2018
5 min read
Loading data...
| URL | https://<oidc-baseurl>/protocol/openid-connect/token |
|---|---|
| Request method | POST with parameters as application/x-www-form-urlencoded data |
| Client authentication | See supported methods |
| Request parameters | See below |
| Response elements | See below |
| Example | See below |
Token is a standard endpoint used for exchanging either an Authorization Code with a set of tokens (ID Token, Access Token and Refresh Token) or to exchange a Refresh Token with a new (and refreshed) set of previously received tokens.
Request parameters
Request parameters are different for Authorization Code exchange and Refresh Token exchange. In addition to the parameters shown below comes parameters related to Client authentication.
Authorization Code exchange
| Name | Support | Description |
|---|---|---|
grant_type |  | authorization_code |
code | | Value from response of the foregoing Authorize request |
redirect_uri | |
Note: Repeating this uri in the token request a countermeasure against code leakage attacks |
Refresh Token exchange
| Name | Support | Description |
|---|---|---|
grant_type | | refresh_token |
refresh_token | | Value from any foregoing Token response |
scope | | Requested scopes for the new set of tokens |
Response elements
Reponses are similar for Authorization Code exchange and Refresh Token exchange. In both cases the response is a JSON structure according to standard containing all supported token types. The content of any Access Token returned is given by the scopes "negotiated" with the OIDC Provider in the foregoing Authorize request.
Example
The following example shows a request / response pair for an Authorization Code exchange with the Token endpoint. The example is generated from Postman (which is configured as a client at the OIDC Provider) corresponding to the example shown for the Authorize endpoint.
Authorization Code Exchange
POST /auth/realms/preprod/protocol/openid-connect/token HTTP/1.1
Host: oidc-preprod.bankidapis.no
Connection: close
Content-Length: 306
Accept: */*
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
Authorization: Basic UG9zdG1hbjo5YWE3NDBhZi03NGIxLTQ2ODMtOWFhNi02NWJiNDBmYmY1Zjk=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
redirect_uri=https%3A%2F%2Fwww.getpostman.com%2Foauth2%2Fcallback&grant_type=authorization_code&state=10455063&code=uss.iq5WXmK5dDQCprQn8kMz_EIiBrAYA0hxOc9jZM0pZfo.bf0a4c9f-2d00-43d8-8288-01b83ab1e580.1714e8ff-0adf-449f-8c50-bf0a77617a43
HTTP/1.1 200 OK
Date: Thu, 16 Nov 2017 13:14:36 GMT
Server: WildFly/10
X-Powered-By: Undertow/1
Content-Type: application/json
Content-Length: 3770
Via: 1.1 oidc-preprod.bankidapis.no
Connection: close
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YmViYmEyZS1lMTBjLTQ3ZDgtYTYzYy05MmFiNTViNGJiNGYiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlBvc3RtYW4iLCJhdXRoX3RpbWUiOjE1MTA4MzgwNTAsInNlc3Npb25fc3RhdGUiOiJiZjBhNGM5Zi0yZDAwLTQzZDgtODI4OC0wMWI4M2FiMWU1ODAiLCJuYW1lIjoiRnJvZGUgQmVja21hbm4gTmlsc2VuIiwiZ2l2ZW5fbmFtZSI6IkZyb2RlIEJlY2ttYW5uIiwiZmFtaWx5X25hbWUiOiJOaWxzZW4iLCJhY3IiOiI0IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fSwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.DD5TUdN-OYDp9EfHVaNuQurDGcElTx48RlUygUfkxFR7181qJtAO69Pz7u6-7aavo9D9QHRqrXSengUSoyXOl0BmtwPBIuLuEdjKBHtQgvoAOW-xf_7J8mKNcq2_pLp9WO5ajG5N9mvls-DlgE_1nt_MKNtp_bYso11bSn59QIKlUsQ4jY2VqaItsCW04aa1ZFOK5JbuW4quqkqwM0vVglT99oh3CBVLmP3G6JT-i0OVBETSx8sX5-GS7IKuZf-WNzKO3aE4LQc6pweSPbuEpfG9J4EOU5PockJnQNW9keVEdhH_5Nw5Bj_FL8DmFhx03KnkWex9VfT0QfcICwMILA",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YzQxN2QzYi0yMDI1LTRhODctYjYxYS1jZDA2NDllZjgzOGYiLCJleHAiOjE1MTA4Mzk5NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.HN8ZSjaNbiKVts238C41lR6AC4sJyqpjRn2vxoVdG7Dhg6jmwHvk-8vkapPmxQ_s-oCVlMZbDsJAGj1Ecxs-jVZIC4WbL2vlJ_pJpt8d0PaXFu3G1XhnZjSs4d3lWXHLnlrOBMFAUUCEwIGMAuCaS4ef-tSFL0fzG55mb3JlxVJLO6uvlYaIUx_K_5hrQ0e12GreMsXsgwFUnK1JQPThk11dGeHntNEm84nMtz7QfcrV2Ob0RyOcRB796Qbv_NK5BoH9GXZQswW09KpukUPNLru7mvkuPUtnLnAd9ng0QlnrolAv9UOgQJQ2NSw7q70kB7cJ5_J2KSpsOdg49lc-aQ",
"token_type": "bearer",
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJjMzdjN2FlZi00NDdkLTRmMWEtYTMyMi0wMjc4MmZmN2QwMGIiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJQb3N0bWFuIiwic3ViIjoiYjNmNGQ5MTktOGNjNS00MTNjLTllMTEtM2MyYzY3NWIyZjhmIiwidHlwIjoiSUQiLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjoxNTEwODM4MDUwLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwibmFtZSI6IkZyb2RlIEJlY2ttYW5uIE5pbHNlbiIsImdpdmVuX25hbWUiOiJGcm9kZSBCZWNrbWFubiIsImZhbWlseV9uYW1lIjoiTmlsc2VuIiwiYmlydGhkYXRlIjoiMTk2Ni0xMi0xOCIsInVwZGF0ZWRfYXQiOjE0NzQ4OTAzNTEwMDAsImFjciI6IjQiLCJubmluX2FsdHN1YiI6IjE4MTI2NjM1NTQ3IiwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.jPESXd1TFFpiaIiOPDgXbqT1INR6yHdql1ZNsjX77Zf4RnI0xaM_SNC0ZRUdARcSXkZYRNmOUXLAeXh-DAY0Rew31RMXEK_MHJKh-6C0Ooed67ei_cJxephvqe1o7_3HPvpHfOKWPVoJbg7_ytWRLaDRivkmOdkMZzUsFpCeY1GhwUD_g_-Otnsbv-FSQgJ-w-vrehQGHfiuIlP-QYMKxA7cH_-ViJh4NuQ6xzLSafNYCx0vk2NDS9wKwnjaj0Sl2AWL5zaZZ_EEfrFXEg-hWDcAc5YdECM0APFoPESqzi0Cu26bOpnQP7ZuO9DNhB2eoeSOIlC6hu89TIALyB2S8w",
"not-before-policy": 0,
"session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580"
}
The following are decoding of the tokens returned in the above response:
Decoded Tokens
Access Token
{
"jti": "5bebba2e-e10c-47d8-a63c-92ab55b4bb4f",
"exp": 1510838469,
"nbf": 0,
"iat": 1510838169,
"iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
"aud": "tinfo",
"sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
"typ": "Bearer",
"azp": "Postman",
"auth_time": 1510838050,
"session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
"name": "Frode Beckmann Nilsen",
"given_name": "Frode Beckmann",
"family_name": "Nilsen",
"acr": "4",
"allowed-origins": [],
"realm_access": {
"roles": [
"nnin_altsub",
"profile"
]
},
"resource_access": {
"tinfo": {
"roles": [
"address",
"phone",
"email"
]
}
},
"amr": "BID",
"preferred_username": "Nilsen, Frode Beckmann",
"bankid_altsub": "9578-6000-4-30799"
}
Refresh Token
{
"jti": "5c417d3b-2025-4a87-b61a-cd0649ef838f",
"exp": 1510839969,
"nbf": 0,
"iat": 1510838169,
"iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
"aud": "tinfo",
"sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
"typ": "Refresh",
"azp": "Postman",
"auth_time": 0,
"session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
"realm_access": {
"roles": [
"nnin_altsub",
"profile"
]
},
"resource_access": {
"tinfo": {
"roles": [
"address",
"phone",
"email"
]
}
}
}
ID Token
{
"jti": "c37c7aef-447d-4f1a-a322-02782ff7d00b",
"exp": 1510838469,
"nbf": 0,
"iat": 1510838169,
"iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
"aud": "Postman",
"sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
"typ": "ID",
"azp": "Postman",
"auth_time": 1510838050,
"session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
"name": "Frode Beckmann Nilsen",
"given_name": "Frode Beckmann",
"family_name": "Nilsen",
"birthdate": "1966-12-18",
"updated_at": 1474890351000,
"acr": "4",
"nnin_altsub": "181266*****",
"amr": "BID",
"preferred_username": "Nilsen, Frode Beckmann",
"bankid_altsub": "9578-6000-4-30799"
}
The following example shows a request / response pair for an Refresh Token Exchange with the Token endpoint corresponding to the above example on a Authorization Code Exchange.
Refresh Token Exchange
POST /auth/realms/preprod/protocol/openid-connect/token HTTP/1.1
Host: oidc-preprod.bankidapis.no
Connection: close
Content-Length: 1167
Authorization: Basic UG9zdG1hbjo5YWE3NDBhZi03NGIxLTQ2ODMtOWFhNi02NWJiNDBmYmY1Zjk=
Postman-Token: b88036f2-c45b-995c-9c63-b5c48b968304
Cache-Control: no-cache
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
grant_type=refresh_token&scope=openid+profile+nnin_altsub&refresh_token=eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJmZjRkYWM3Ni1mMzVjLTQ1M2YtYTQ2MS0wOTY5MjI3YjU1YTIiLCJleHAiOjE1MTA4Mzk4NzYsIm5iZiI6MCwiaWF0IjoxNTEwODM4MDc2LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.d1INYQxzn0ofCg2zIVS8zd0K7GUbuLHRH6TwDsiDiiHkNZCg9wA6ef4S6HT0Wjg4CHqCv7mmZamChwsX_GlbsujtkTysUvRx_57LeGXQYDsCNVU0UrnhZ2dbfL9-YUwa5-An6Fdm0swkBn_5ivpqWK3cLBnl00Rirv8TTqT07mYpvIdFdVpc0QbOayhdVuVNYjKnEhBrliUVoaOfdrq1wtxecPsEx5uFOgxwR1VvMuDMBm25Fc4LPUwkSyYdCQEQi2BjfbjyJkwUdu8ASYN5GrDs_vW1FvIHTijIJvhawtmXCOusMxxkNXkF9V1PFGtXlzBA4YRQZCUyIvy2zhTgbQ
HTTP/1.1 200 OK
Date: Thu, 16 Nov 2017 13:16:09 GMT
Server: WildFly/10
X-Powered-By: Undertow/1
Content-Type: application/json
Content-Length: 3770
Via: 1.1 oidc-preprod.bankidapis.no
Connection: close
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YmViYmEyZS1lMTBjLTQ3ZDgtYTYzYy05MmFiNTViNGJiNGYiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IkJlYXJlciIsImF6cCI6IlBvc3RtYW4iLCJhdXRoX3RpbWUiOjE1MTA4MzgwNTAsInNlc3Npb25fc3RhdGUiOiJiZjBhNGM5Zi0yZDAwLTQzZDgtODI4OC0wMWI4M2FiMWU1ODAiLCJuYW1lIjoiRnJvZGUgQmVja21hbm4gTmlsc2VuIiwiZ2l2ZW5fbmFtZSI6IkZyb2RlIEJlY2ttYW5uIiwiZmFtaWx5X25hbWUiOiJOaWxzZW4iLCJhY3IiOiI0IiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fSwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.DD5TUdN-OYDp9EfHVaNuQurDGcElTx48RlUygUfkxFR7181qJtAO69Pz7u6-7aavo9D9QHRqrXSengUSoyXOl0BmtwPBIuLuEdjKBHtQgvoAOW-xf_7J8mKNcq2_pLp9WO5ajG5N9mvls-DlgE_1nt_MKNtp_bYso11bSn59QIKlUsQ4jY2VqaItsCW04aa1ZFOK5JbuW4quqkqwM0vVglT99oh3CBVLmP3G6JT-i0OVBETSx8sX5-GS7IKuZf-WNzKO3aE4LQc6pweSPbuEpfG9J4EOU5PockJnQNW9keVEdhH_5Nw5Bj_FL8DmFhx03KnkWex9VfT0QfcICwMILA",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiI1YzQxN2QzYi0yMDI1LTRhODctYjYxYS1jZDA2NDllZjgzOGYiLCJleHAiOjE1MTA4Mzk5NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJ0aW5mbyIsInN1YiI6ImIzZjRkOTE5LThjYzUtNDEzYy05ZTExLTNjMmM2NzViMmY4ZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm5uaW5fYWx0c3ViIiwicHJvZmlsZSJdfSwicmVzb3VyY2VfYWNjZXNzIjp7InRpbmZvIjp7InJvbGVzIjpbImFkZHJlc3MiLCJwaG9uZSIsImVtYWlsIl19fX0.HN8ZSjaNbiKVts238C41lR6AC4sJyqpjRn2vxoVdG7Dhg6jmwHvk-8vkapPmxQ_s-oCVlMZbDsJAGj1Ecxs-jVZIC4WbL2vlJ_pJpt8d0PaXFu3G1XhnZjSs4d3lWXHLnlrOBMFAUUCEwIGMAuCaS4ef-tSFL0fzG55mb3JlxVJLO6uvlYaIUx_K_5hrQ0e12GreMsXsgwFUnK1JQPThk11dGeHntNEm84nMtz7QfcrV2Ob0RyOcRB796Qbv_NK5BoH9GXZQswW09KpukUPNLru7mvkuPUtnLnAd9ng0QlnrolAv9UOgQJQ2NSw7q70kB7cJ5_J2KSpsOdg49lc-aQ",
"token_type": "bearer",
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3VkZaSVp2UlBOY1lSUUZUcEQ4MHVJaElpVVB4WUNkaEtoUjZudjJDQnJnIn0.eyJqdGkiOiJjMzdjN2FlZi00NDdkLTRmMWEtYTMyMi0wMjc4MmZmN2QwMGIiLCJleHAiOjE1MTA4Mzg0NjksIm5iZiI6MCwiaWF0IjoxNTEwODM4MTY5LCJpc3MiOiJodHRwczovL29pZGMtcHJlcHJvZC5iYW5raWRhcGlzLm5vL2F1dGgvcmVhbG1zL3ByZXByb2QiLCJhdWQiOiJQb3N0bWFuIiwic3ViIjoiYjNmNGQ5MTktOGNjNS00MTNjLTllMTEtM2MyYzY3NWIyZjhmIiwidHlwIjoiSUQiLCJhenAiOiJQb3N0bWFuIiwiYXV0aF90aW1lIjoxNTEwODM4MDUwLCJzZXNzaW9uX3N0YXRlIjoiYmYwYTRjOWYtMmQwMC00M2Q4LTgyODgtMDFiODNhYjFlNTgwIiwibmFtZSI6IkZyb2RlIEJlY2ttYW5uIE5pbHNlbiIsImdpdmVuX25hbWUiOiJGcm9kZSBCZWNrbWFubiIsImZhbWlseV9uYW1lIjoiTmlsc2VuIiwiYmlydGhkYXRlIjoiMTk2Ni0xMi0xOCIsInVwZGF0ZWRfYXQiOjE0NzQ4OTAzNTEwMDAsImFjciI6IjQiLCJubmluX2FsdHN1YiI6IjE4MTI2NjM1NTQ3IiwiYW1yIjoiQklEIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiTmlsc2VuLCBGcm9kZSBCZWNrbWFubiIsImJhbmtpZF9hbHRzdWIiOiI5NTc4LTYwMDAtNC0zMDc5OSJ9.jPESXd1TFFpiaIiOPDgXbqT1INR6yHdql1ZNsjX77Zf4RnI0xaM_SNC0ZRUdARcSXkZYRNmOUXLAeXh-DAY0Rew31RMXEK_MHJKh-6C0Ooed67ei_cJxephvqe1o7_3HPvpHfOKWPVoJbg7_ytWRLaDRivkmOdkMZzUsFpCeY1GhwUD_g_-Otnsbv-FSQgJ-w-vrehQGHfiuIlP-QYMKxA7cH_-ViJh4NuQ6xzLSafNYCx0vk2NDS9wKwnjaj0Sl2AWL5zaZZ_EEfrFXEg-hWDcAc5YdECM0APFoPESqzi0Cu26bOpnQP7ZuO9DNhB2eoeSOIlC6hu89TIALyB2S8w",
"not-before-policy": 0,
"session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580"
}
The following are decoding of the tokens returned in the above response:
Decoded tokens
Access Token
{
"jti": "5bebba2e-e10c-47d8-a63c-92ab55b4bb4f",
"exp": 1510838469,
"nbf": 0,
"iat": 1510838169,
"iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
"aud": "tinfo",
"sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
"typ": "Bearer",
"azp": "Postman",
"auth_time": 1510838050,
"session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
"name": "Frode Beckmann Nilsen",
"given_name": "Frode Beckmann",
"family_name": "Nilsen",
"acr": "4",
"allowed-origins": [],
"realm_access": {
"roles": [
"nnin_altsub",
"profile"
]
},
"resource_access": {
"tinfo": {
"roles": [
"address",
"phone",
"email"
]
}
},
"amr": "BID",
"preferred_username": "Nilsen, Frode Beckmann",
"bankid_altsub": "9578-6000-4-30799"
}
Refresh Token
{
"jti": "5c417d3b-2025-4a87-b61a-cd0649ef838f",
"exp": 1510839969,
"nbf": 0,
"iat": 1510838169,
"iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
"aud": "tinfo",
"sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
"typ": "Refresh",
"azp": "Postman",
"auth_time": 0,
"session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
"realm_access": {
"roles": [
"nnin_altsub",
"profile"
]
},
"resource_access": {
"tinfo": {
"roles": [
"address",
"phone",
"email"
]
}
}
}
ID Token
{
"jti": "c37c7aef-447d-4f1a-a322-02782ff7d00b",
"exp": 1510838469,
"nbf": 0,
"iat": 1510838169,
"iss": "https://oidc-preprod.bankidapis.no/auth/realms/preprod",
"aud": "Postman",
"sub": "b3f4d919-8cc5-413c-9e11-3c2c675b2f8f",
"typ": "ID",
"azp": "Postman",
"auth_time": 1510838050,
"session_state": "bf0a4c9f-2d00-43d8-8288-01b83ab1e580",
"name": "Frode Beckmann Nilsen",
"given_name": "Frode Beckmann",
"family_name": "Nilsen",
"birthdate": "1966-12-18",
"updated_at": 1474890351000,
"acr": "4",
"nnin_altsub": "181266*****",
"amr": "BID",
"preferred_username": "Nilsen, Frode Beckmann",
"bankid_altsub": "9578-6000-4-30799"
}