Scopes and claims (TINFO)
- Frode Nilsen (Unlicensed)
The set of claims supported by TINFO viaĀ Userinfo (TINFO) is shown in the below table. Supported claims contain both standard itemsĀ Ā andĀ custom additions for the OIDC Provider from BankID.Ā The standard claimsĀ iss,Ā sub,Ā Ā andĀ audupdated_atĀ are always returned.Ā The following conditions must otherwise be met for any particular claim to be returned:
- The OIDC Client must request the scope associated with the claim
- The claim must be configured for the OIDC Client at the OIDC Provider
- The end-user must give his consent if the claim demands consent handling
Due to (2) and (3), note that the set of returned claims may differ from the set of requested claims (1). The set of allowed claim for any particular Access Token is resolved by Introspection.
Five different scope configurations are supported as suggested by the below table, corresponding to theĀ standard scopesĀ profile,Ā email,Ā phoneĀ andĀ Ā addressĀ and theĀ non-standard scopeĀ nnin. Note that some of the claims associated with theĀ profileĀ scope are returned with theĀ ID TokenĀ whereas others are returned via Userinfo. Among all supported claims, note thatĀ nninĀ is available only to eligible OIDC Clients.Ā The end-user is always in control of the set of claims that is actually returned since most claims demand consentĀ from the end-user.
The OIDC Provider from BankID supportsĀ signedĀ responses from Userinfo.
Ā = Supported according to standard,Ā 
Ā = In progress / future support,Ā 
Ā = Custom addition,Ā 
Ā = Require end-user consent
| Claim | Support | Consent | Example | Description | Comment | Editorial comment |
|---|---|---|---|---|---|---|
iss | | Ā | https://preview.bankidapis.no | Issuer Identifier for the Issuer | Ā | Ā |
sub | | Ā | 9578-5999-4-1765512 | Subject Identifier | Ā | Ā |
aud | | Ā | DotNetClient | Audience | Always includes client_id | Ā |
updated_at | | Ā | 1468582440 | Update time | Epoc time of latest update of any data element behind any of the supported claims | Must be added |
Profile ( scope = profile ) | ||||||
gender | | | Ā Male | Gender | Gender derived from National Identity Number from associated BankID certificate | Must be added |
Email ( scope = email ) | ||||||
email | | | frobnil@something.com | Preferred email | Ā | Must be added |
email_verified | | Ā | false | Verification status of preferred email | Ā | Must be added |
all_emails | Ā | | {{"email":"frobnil@something.com","email_verified":false},{"email":"frode@elsething.com","email_verified":false}} | Alle emails with verification status | Ā | Must be added |
| Ā | Ā | Ā | Ā | Ā | Ā | Ā |
Phone ( scope = phone ) | ||||||
phone_number | | | 95871775 | Preferred phone numer | Ā | Ā |
phone_number_verified | | Ā | false | Verification status of preferrred phone numer | Depending on the source for the number. Numbers for BankID on Mobile are regarded as verified. | Numbers from other sources may also be regarded verified. |
all_phone_numbers | Ā | | {{"number":"95871775","number_verified":false},{"number":"46897469","number_verified":false},{"number":"94782958","number_verified":false}} | All phone numbers with verification status | Ā | Ā |
Address ( scope = address ) | ||||||
address | | | { "formatted": "Lybekkveien 11C\n0772 Oslo\nNorway", "country": "Norway", "street_address": "Lybekkveien 11C", "postal_code": "0772", "locality": "Oslo", "house_number": "11", "house_letter": "C", "street_name": "Lybekkveien", "verified": false } | Preferred postal address | Standardized claim with both standardized and non-standard sub-claims | Ā |
address.verified | | Ā | false | Verification status of preferred postal address | Ā | Must be added |
address.formatted | | | Lybekkveien 11C\n0772 Oslo\nNorway | Full mailing address | Ā | Ā |
address.street_address | | | Lybekkveien 11C | Full street address | Ā | Ā |
address.locality | | | Oslo | City or locality | Ā | Ā |
address.postal_code | | | 0772 | Postal code | Ā | Ā |
address.country | | | Norway | Country | Ā | Ā |
address.street_name | | | Lybekkveien | Ā Street name component from | Ā | To be reviewed |
address.house_numer | | | 11 | House number component from street_address | Ā | To be reviewed |
address.house_letter | | | C | House letter component from street_address | Ā | To be reviewed |
all_addresses | Ā | | {{ "formatted": "Lybekkveien 11C\n0772 Oslo\nNorway", "country": "Norway", "street_address": "Lybekkveien 11C", "postal_code": "0772", "locality": "Oslo", "house_number": "11", "house_letter": "C", "street_name": "Lybekkveien", "verified": false }, { "formatted": "Munkedamsveien 45A\n0250 Oslo\nNorway", "country": "Norway", "street_address": "Munkedamsveien 45A", "postal_code": "0250", "locality": "Oslo", "house_number": "45", "house_letter": "A", "street_name": "Munkedamsveien", "verified": false } } | All addresses with verification status | Ā | Must be added |
National Identity Number ( scope = nnin ) | ||||||
nnin | | Ā | 181266***** | Norwegian National Identity Number (fĆødselsnummer) | Available only to eligible OIDC Client | Ā |
Ā
Unsupported Claims
The following set ofĀ standard claimsĀ are not supportedĀ by the OIDC Provider from BankID.
Ā = Not supported
| Claim | Support | Ā | Description | Comment |
|---|---|---|---|---|
Profile data ( scope = profile ) | ||||
nickname | | Ā | Casual name | Ā |
profile | | Ā | Profile page URL | Ā |
picture | | Ā | Picture URL | Ā |
website | | Ā | Homepage URL | Ā |
zoneinfo | | Ā | Time zone | Ā |
locale | | Ā | Locale | Ā |
address.region | | Ā | Region | Sub-claim of the address claim |