Attributes reference

You use BankID to verify the end-user's identity and obtain relevant personal details about them. This page summarises the user information you can request and receive for the OIDC and the Authentication REST API protocols. We also support SAML 2.0, but this is not documented yet.

OIDC scopes and claims

You can use the following scopes to request user information from an end-user using BankID.

Control the returned claims in ID Token

ID Token is configured by default to return only the claims defined in the OIDC standard (standard scopes).

To control the data returned in the ID Token:

In the Signicat Dashboard, navigate to Products > eID Hub > OIDC Clients.
Choose your OIDC client and select Edit to view the client configuration.
Navigate to the Advanced > Security tab and edit the ID Token User data. You can choose between:
- Standard Scopes (default): Returns the standard OIDC scopes.
- All: Returns all claims.
- Minimal: Returns only sub.

OIDC response examples

This section shows response examples for the ID token and the UserInfo endpoints.

Authentication token response example

In the following examples, the ID token user data is set to the "standard scopes", openid, profile nin.

{
    "id_token": "eyJhbGc...",
    "access_token": "eyJhbGc...",
    "expires_in": 600,
    "token_type": "Bearer",
    "scope": "openid profile nin"
}

JWT id_token decoded example

Header (Algorithm and token type)

{
  "alg": "RS256",
  "kid": "signing-key-7e5ec5cfa428a64b8e4e990d1aba6bf6",
  "typ": "JWT"
}

Payload (Data)

{
  "nbf": 1657278414,
  "exp": 1657279014,
  "iss": "https://testdomain.sandbox.signicat.dev/auth/open",
  "aud": "dev-silly-carriage-435",
  "iat": 1657278414,
  "at_hash": "AmHqoGoXr1tWVZlbjrR6aQ",
  "sid": "1670A333DEA5FAE66072ECDAC88AE4C6",
  "sub": "0I3nYK5-NdoLqN1ps8tIWk7WRLOL-BEoU3erWBK28e4=",
  "auth_time": 1657278399,
  "idp": "sbid",
  "family_name": "Svensson",
  "given_name": "Sven",
  "birthdate": "1990-02-17",
  "amr": [
    "external"
  ]
}

UserInfo response example

Scope: openid profile nin

{
"family_name":"Svensson",
"given_name":"Sven",
"birthdate":"1990-02-17",
"nin":"199002171234",
"nin_type":"PERSON",
"nin_issuing_country":"SE",
"sub":"KuJm0Zfr6JvRZ3PwC1IktAVSMPDtGTD-HEB6Uu0z-mA="
}

The following example also includes the sbid-extra and sbid-evidence scopes, with extra information about the certificate validity (for more descriptions, see the table above).

Scope: openid profile nin sbid-extra sbid-evidence

{
    "idp_id": "199004181234",
    "family_name": "Svensson",
    "given_name": "Pernilla",
    "birthdate": "1990-04-18",
    "nin": "199004181234",
    "nin_type": "PERSON",
    "nin_issuing_country": "SE",
    "sbid_device_ip": "3.127.53.67",
    "sbid_certificate_not_before": "2022-10-18T22:00:00.000Z",
    "sbid_certificate_not_after": "2023-10-19T21:59:59.000Z",
    "sbid_ocsp_responder_id": "C=SE,O=Testbank A AB (publ),SERIALNUMBER=111111111111,CN=Testbank A Customer CA1 v1 for BankID Test OCSP Signing",
    "sbid_ocsp_response": "MIIHfgoBAKCCB3cwggdzBgkrBgEFBQcwAQEEggdkMIIHYDCCASyhgYgwgYUxCzAJBgNVBAY...",
    "sbid_xml_signature": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PFNpZ25hdHVyZ...",
    "sub": "1W8CUMabaa57aHufl-Z3h26EUsTSOMjsEXB--tGH5OE=",
}

Authentication REST API attributes

The Signicat Authentication REST API supports the following request and response attributes for Swedish BankID:

Authentication REST API response example

Here is a full response example for a redirect flow. You can find the user information inside the subject object:

{
    "id": "217f8661-0eca-...",
    "accountId": "a-sdge-...",
    "authenticationUrl": "https://<YOUR_SIGNICAT_DOMAIN>/broker/sp/external-service/login?messageId=21b064c3-28b...",
    "status": "SUCCESS",
    "provider": "sbid",
    "subject": {
        "id": "Gbhk5imsLMs2MEVirGY4-NE3EK-WQ-aYDE9FpbSAPpk=",
        "idpId": "199002171234",
        "name": "Sven Svensson",
        "firstName": "Sven",
        "lastName": "Svensson",
        "dateOfBirth": "1990-02-17",
        "nin": {
            "value": "199002171234",
            "issuingCountry": "SE",
            "type": "PERSON"
        },
        "sbidMrtd": "false"
    },
    "callbackUrls": {
        "success": "https://example.com/success",
        "abort": "https://example.com/abort",
        "error": "https://example.com/error"
    },
    "environment": {
        "ipAddress": "...",
        "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
    },
    "allowedProviders": [
        "sbid"
    ],
    "flow": "redirect",
    "requestedAttributes": [
        "dateOfBirth",
        "firstName",
        "lastName",
        "name",
        "nin",
        "sbidMrtd",
        "idpId"
    ],
    "sessionLifetime": 1200,
    "expiresAt": "2024-06-25T07:05:15.8442885+00:00"
}

OIDC scopes and claims​

OIDC response examples​

Authentication token response example​

JWT id_token decoded example​

Header (Algorithm and token type)​

Payload (Data)​

UserInfo response example​

Authentication REST API attributes​

Authentication REST API response example​