# Response examples and parameters
You use BankID to verify the end-user's identity and obtain relevant personal details about them. This page shows response code examples with property descriptions for the OIDC protocol.
# OIDC response examples
This section shows response examples for the ID token and the UserInfo endpoints. You can find detailed scopes and claims descriptions below the code examples.
# Authentication token response example
In the following examples, the ID token user data is set to the "standard scopes", openid, profile nin.
{
"id_token": "eyJhbGc...",
"access_token": "eyJhbGc...",
"expires_in": 600,
"token_type": "Bearer",
"scope": "openid profile nin"
}
# JWT id_token decoded example
# Header (Algorithm and token type)
{
"alg": "RS256",
"kid": "signing-key-7e5ec5cfa428a64b8e4e990d1aba6bf6",
"typ": "JWT"
}
# Payload (Data)
{
"nbf": 1657278414,
"exp": 1657279014,
"iss": "https://testdomain.sandbox.signicat.dev/auth/open",
"aud": "dev-silly-carriage-435",
"iat": 1657278414,
"at_hash": "AmHqoGoXr1tWVZlbjrR6aQ",
"sid": "1670A333DEA5FAE66072ECDAC88AE4C6",
"sub": "0I3nYK5-NdoLqN1ps8tIWk7WRLOL-BEoU3erWBK28e4=",
"auth_time": 1657278399,
"idp": "sbid",
"family_name": "Svensson",
"given_name": "Sven",
"birthdate": "1990-02-17",
"amr": [
"external"
]
}
# UserInfo response example
Scope: openid profile nin
{
"family_name":"Svensson",
"given_name":"Sven",
"birthdate":"1990-02-17",
"nin":"199002171234",
"nin_type":"PERSON",
"nin_issuing_country":"SE",
"sub":"KuJm0Zfr6JvRZ3PwC1IktAVSMPDtGTD-HEB6Uu0z-mA="
}
The following example also includes the sbid-extra and sbid-evidence scopes, with extra information about the certificate validity (for more descriptions, see the table below).
Scope: openid profile nin sbid-extra sbid-evidence
{
"idp_id": "199004181234",
"family_name": "Svensson",
"given_name": "Pernilla",
"birthdate": "1990-04-18",
"nin": "199004181234",
"nin_type": "PERSON",
"nin_issuing_country": "SE",
"sbid_device_ip": "3.127.53.67",
"sbid_certificate_not_before": "2022-10-18T22:00:00.000Z",
"sbid_certificate_not_after": "2023-10-19T21:59:59.000Z",
"sbid_ocsp_responder_id": "C=SE,O=Testbank A AB (publ),SERIALNUMBER=111111111111,CN=Testbank A Customer CA1 v1 for BankID Test OCSP Signing",
"sbid_ocsp_response": "MIIHfgoBAKCCB3cwggdzBgkrBgEFBQcwAQEEggdkMIIHYDCCASyhgYgwgYUxCzAJBgNVBAY...",
"sbid_xml_signature": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PFNpZ25hdHVyZ...",
"sub": "1W8CUMabaa57aHufl-Z3h26EUsTSOMjsEXB--tGH5OE=",
"sub_legacy": "1W8CUMabaa57aHufl-Z3h26EUsTSOMjsEXB--tGH5OE="
}
# Scopes and claims mapping for OIDC
By default, all claims listed in this table are returned in UserInfo. It is also possible to configure "Id Token User Data" for the client (when setting up the security of the OIDC client) so the claims are returned in both the ID token and the UserInfo. The configuration of “Id Token User Data" required to include each claim in the ID token is listed in the right column.
| Scope | Claim | Description | Example | Id Token User Data configuration for claim to be included in ID token |
|---|---|---|---|---|
| profile | family_name | The surname of the end-user. | Svensson | Standard Scopes or All |
| given_name | The first name of the end-user. | Sven | Standard Scopes or All | |
| birthdate | The date of birth of the end-user. | 1990-02-17 | Standard Scopes or All | |
| nin | nin | The national identity number (“fødselsnummer”) of the end-user. See also login_hint. | 199002171234 | All |
| nin_type | The type of national identity number. Always PERSON for BankID (Sweden). | PERSON | All | |
| nin_issuing_country | The issuing country of the national identity. Always “SE” for BankID (Sweden). | SE | All | |
| sbid-extra | sbid_device_ip | The IP address of the end-user's device used for authentication. | 3.127.53.67 | All |
| sbid_certificate_not_before | The time from when the certificate is valid. | 2022-10-18T22:00:00.000Z | All | |
| sbid_certificate_not_after | The time the certificate expires. | 2023-10-19T21:59:59.000Z | All | |
| sbid_ocsp_responder_id | The responder ID of the certificate used to sign the OCSP response. | C=SE,O=Testbank A AB (publ),SERIALNUMBER=111111111111,CN=Testbank A Customer CA1 v1 for BankID Test OCSP Signing | All | |
| sbid-evidence | sbid_ocsp_response | The OCSP response. | MIIHfgoBAKCCB3cwggdzBgkrBgEFBQcwAQ... | All |
| sbid_xml_signature | The XML signature. | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNv... | All |
Related information
For information about how to adjust the BankID flow using acr_values and login_hint, see Select and configure ID method.