Signing and encryption
This release of the OIDC Provider from BankID supports signing of the following data elements:
- ID Tokens
- Default Access Tokens
- Default Refresh Tokens
- Responses from the TINFO service
A pair of statically configured assymmetric keys are used for signing according to details returned by the Jwk endpoint. OIDC Clients must validate signatures as part of token validation to ensure that tokens are not tampered with after being issued by the OIDC Provider from BankID. The same applies for validation of responses from the TINFO-service.
Signing and encryption of request elements and/or encryption of response elements may be added as future options.