Client authentication
- Frode Nilsen (Unlicensed)
- Kristoffer Kristoffer (Unlicensed)
- Heikki Henriksen
Owned by Frode Nilsen (Unlicensed)
Last updated: 12 Apr 2019 by Kristoffer Kristoffer (Unlicensed)Version comment
1 min read
Loading data...
OIDC Clients must authenticate with the OIDC Provider for the Token and Introspect Endpoints. Among the standardized authentication methods the following are currently supported by the OIDC Provider from BankID:
- OIDC
client_secret_basicaccording to OAuth2 using the HTTP Basic authentication scheme - OIDC
client_secret_postaccording to OAuth2 by including the Client Credentials (client_idandclient_secret) in the request body
Support for the OIDC authentication schemes private_key_jwt and client_secret_jwt may be added as future option.
OIDC Clients requesting access to VAS-services that uses the OIDC Provider for authorization must in addition authenticate with VAS-Servers using Access Tokens from the OIDC Provider. The type of Access Token and also the scheme for passing such tokens to VAS-servers are specific for each of the supported kinds of Value Added Services.