Test connections
This page describes how you can test an authentication with OpenID Connect using OAuth Tools, a public web application to test and experiment with OIDC flows.
For testing purposes, this guide shows steps to complete an Authorization Code Flow using Norwegian BankID. However, you may easily adapt the instructions to test all the other eIDs available in the Signicat eID and Wallet Hub.
Additionally, you can find eID-specific test guides in the respect eID documentation.
We recommend you run test authentications by using a sandbox account.
Initial preparations
Before you can run a test authentication, make sure to complete the following configuration in the Signicat Dashboard.
If you are new to Signicat, we recommend you first read the Get started with Signicat page.
1. Add an eID
To add an eID to your Signicat account, do the following:
- In the Signicat Dashboard, navigate to Products > eID and Wallet Hub > eIDs.
- Click + Add new in the top right.
- Choose the eID from the list. Then, fill in any required configuration and click Add.
- Now, review that the eID is available and displayed as "Active" in the eIDs page.
2. Create an OIDC client
You need to create an OIDC client with the relevant scopes. To do this:
- Go to Signicat Dashboard > Products > eID and Wallet Hub > OIDC clients.
- Click Create client.
- In the Primary Grant Type field, select AuthorizationCode from the dropdown menu.
- In the Client name field, give your client a name.
- In the Redirect URI field, set
https://oauth.tools/callback/code. - In the Scope field, set
profileandnin, in addition toopenid. Optionally, you may add more attributes depending on what user data the eID supports.
3. Add a secret
To add a secret to your OIDC client, do the following:
- In the Signicat Dashboard, navigate to Products > eID and Wallet Hub > OIDC clients.
- Select Edit next to your client name.
- In the client menu, go to the Secrets tab, then select Add secret.
- Enter a name for your client secret, then select Generate secret.
Test connection
You can test an authentication by importing your OIDC client inside the OAuth Tools environment.
1. Import your client in OAuth Tools
- Go to Signicat Dashboard > Products > eID and Wallet Hub > OIDC clients.
- Click the Edit button beside your new OIDC client.
- Select the Overview tab, then click Try out this client on oauth.tools!.
2. Configure Signicat Playground settings
You only need to configure the Signicat Playground settings the first time you use OAuth Tools. After that, your configuration will be cached and available for future tests.
- In OAuth tools, expand the dropdown menu beside Signicat Playground, then select Settings.
- On the Endpoints tab, verify that the contents of the Metadata URL in OAuth Tools matches the contents of the Well-Known URL for client field in the Signicat Dashboard. When you enter the URL, click Discover to fetch the other endpoints.
Where can I find this?
To find the Well-Known URL for client field in the Signicat Dashboard:
- Go to Signicat Dashboard > Products > eID and Wallet Hub > OIDC clients.
- Click the Edit button beside your new OIDC client.
- In the Overview tab, locate the Well-Known URL for client field. This is
https://<YOUR_SIGNICAT_DOMAIN>/auth/open/.well-known/openid-configuration
- On the Clients tab, verify that your client is visible, and that the Code toggle button is enabled.
- Close the settings page.
3. Configure Authorization Code Flow settings
- In the left-side menu, select Authorization Code.
- In section (1) Settings, set the following:
4. Start flow
- In section (2) Start Flow, click the Run button. This will redirect you to the Norwegian BankID portal.
- Optional. If you have activated many eIDs in the Signicat Dashboard and you have left the ACR values empty, you will be redirected to the Select identity provider screen. To proceed, choose Norwegian BankID.
- In the Norwegian BankID portal, use the following test credentials:
National ID OTP Password 01100844350otpqwer123410103933108otpqwer1234Test users for Norwegian Bank IDPre-generated test users for Norwegian BankID may become unavailable after a series of failed attempts. If this happens, you can generate more test users.
- Upon successful authentication, Norwegian BankID redirects to the Redirect URI of your OIDC client. This is
https://oauth.tools/callback/code. - In OAuth Tools, in (3) Redeem Authorization Code, click Redeem Code.
After you redeem the authorisation code, you will find the Access Token and the ID Token in the pane on the right-hand side. In particular, the ID Token > Payload contains the JSON with the personal information of the end-user.
Payload example
{
"iss":"https://<YOUR_SIGNICAT_DOMAIN>/auth/open",
"nbf":1780326261,
"iat":1780326261,
"exp":1780326861,
"aud":"<OIDC_CLIENT_ID>",
"amr":["external"],
"at_hash":"WSabMjkG...coOtemlQClQ",
"sid":"2D27D47B593142CD747F821ED20E7330",
"sub":"mVyIHdx-vovALfhWgoVs...Hzbknv0BNH9AcIxZHhI4=",
"auth_time":1780326258,
"idp":"nbid",
"nin":"01100844350",
"nin_type":"BIRTH",
"nin_issuing_country":"NO",
"idp_issuer":"https://auth.current.bankid.no/auth/realms/current",
"transaction_id":"8612c10c-30dd-0449-bc5e-25a3f8fdc47e",
"sandbox":true,
"acr":"high"
}
5. Call Userinfo endpoint
The UserInfo endpoint is part of the OpenID Connect standard (OIDC) specification and is designed to return claims about the authenticated user.
- In the left-side menu, select Userinfo.
- In section (1) Settings, select Authorization Code Flow: Access Token from the dropdown menu.
- Click the Call Userinfo Endpoint button.
- The Userinfo is shown in the pane on the right-hand side.
You have now tested an OIDC authentication flow using your OIDC client.
You can explore more flow types and additional OIDC functionality on the https://oauth.tools/ website.