api-userinfo
The userinfo endpoint may be used to retrieve additional information about an end user beyond what is contained in the ID Token. The end user in question is given by the sub value contained in the access token.
By including the supported scopes in the Authorize request, the end user will be presented with consent dialogues (see User Experience) for the requested end user information. If consent is given, you'll be able to access the TINFO resource server by utilizing the userinfo endpoint to get the requested end user data by using the Access token as Bearer token.
Experimental
The consent dialogue views and the optional end user information, with the exception of Norwegian National Identity number, are considered experimental. The service can be used freely by merchants, but further development and feature request will not be prioritized going forward. We advice merchants that require information such as email, address and phone number to handle this in their own application as the user may choose to not provide this information through the BankID OIDC service.
Overview
URL |
| ||||||
|---|---|---|---|---|---|---|---|
Request | GET without any parameters CORS is not supported | ||||||
Authentication | Access Token as Bearer Token in Authorization Header | ||||||
Response |
Error responses contains further information on the reason according to standard. | ||||||
Example | See below |
Response elements
Userinfo returns signed responses in JWT format. The claims contained in the encoded JWT includes supported standard claims (see table below) along with the following additional claims:
Claim | Example | Description |
|---|---|---|
| Userinfo (TINFO) Resource Server | |
|
| Requesting OIDC client |
Standard claims
Claim | Scope | Support | Consent | Comment |
|---|---|---|---|---|
|
| Yes |
| Subject Identifier. Also contained in ID Token |
|
| Yes |
| Common Name from associated BankID certificate. Also contained in ID Token |
|
| Yes |
| First name part of the |
|
| Yes |
| Last name (surname) part of the |
|
| No |
|
|
|
| No |
|
|
|
| No |
|
|
|
| No |
|
|
|
| No |
|
|
|
| No |
|
|
|
| Yes | Consent required | Email is registered by end user themselves via consent dialogues after authentication |
|
| No |
|
|
|
| No |
|
|
|
| Yes |
| Birthdate from associated BankID certificate. Also contained in ID Token |
|
| No |
|
|
|
| No |
|
|
|
| Yes | Consent required | Phone number is registered by end user themselves via consent dialogues after authentication |
|
| No |
|
|
|
| Yes | Consent required | JSON structure with sub-elements as shown below Address is registered by the end user themselves via consent dialogues after authentication |
|
| Yes | (see address) | Full address string |
|
| Yes | (see address) | Street address |
|
| Yes | (see address) | Norwegian "poststed" |
|
| No | (see address) |
|
|
| Yes | (see address) | Norwegian "postnummer" |
|
| No | (see address) |
|
|
| Yes |
| Epoch time for latest update of any of the supported TINFO data elements |
nnin | nnin | Yes | Consent required | Norwegian National Identity Number |
Example
Response
Decoded response
{
"iss": "https://userinfo.current.bankid.no",
"sub": "9578-6000-4-00001",
"aud": "oidc-testclient",
"name": "Ola Normann",
"given_name": "Ola",
"family_name": "Normann",
"updated_at": 1519992419860,
"email": "normann@example.org",
"birthdate": "110286",
"phone_number": "95871775",
"address": {
"formatted": "Veien 311\nOslo 0772",
"street_address": "Veien 311",
"locality": "0772",
"postal_code": "Oslo"
}
}