# Response examples and parameters

You use BankID to verify the end-user's identity and obtain relevant personal details about them. This page shows response code examples with property descriptions for the OIDC protocol.

# OIDC response examples

This section shows response examples for the ID token and the UserInfo endpoints. You can find detailed scopes and claims descriptions below the code examples.

# Authentication token response example

In the following examples, the ID token user data is set to the "standard scopes", openid, profile nin.

    "id_token": "eyJhbGc...",
    "access_token": "eyJhbGc...",
    "expires_in": 600,
    "token_type": "Bearer",
    "scope": "openid profile nin"

# JWT id_token decoded example

# Header (Algorithm and token type)
  "alg": "RS256",
  "kid": "signing-key-7e5ec5cfa428a64b8e4e990d1aba6bf6",
  "typ": "JWT"
# Payload (Data)
  "nbf": 1657278414,
  "exp": 1657279014,
  "iss": "https://testdomain.sandbox.signicat.dev/auth/open",
  "aud": "dev-silly-carriage-435",
  "iat": 1657278414,
  "at_hash": "AmHqoGoXr1tWVZlbjrR6aQ",
  "sid": "1670A333DEA5FAE66072ECDAC88AE4C6",
  "sub": "0I3nYK5-NdoLqN1ps8tIWk7WRLOL-BEoU3erWBK28e4=",
  "auth_time": 1657278399,
  "idp": "sbid",
  "family_name": "Svensson",
  "given_name": "Sven",
  "birthdate": "1990-02-17",
  "amr": [

# UserInfo response example

Scope: openid profile nin


The following example also includes the sbid-extra and sbid-evidence scopes, with extra information about the certificate validity (for more descriptions, see the table below).

Scope: openid profile nin sbid-extra sbid-evidence

    "idp_id": "199004181234",
    "family_name": "Svensson",
    "given_name": "Pernilla",
    "birthdate": "1990-04-18",
    "nin": "199004181234",
    "nin_type": "PERSON",
    "nin_issuing_country": "SE",
    "sbid_device_ip": "",
    "sbid_certificate_not_before": "2022-10-18T22:00:00.000Z",
    "sbid_certificate_not_after": "2023-10-19T21:59:59.000Z",
    "sbid_ocsp_responder_id": "C=SE,O=Testbank A AB (publ),SERIALNUMBER=111111111111,CN=Testbank A Customer CA1 v1 for BankID Test OCSP Signing",
    "sbid_ocsp_response": "MIIHfgoBAKCCB3cwggdzBgkrBgEFBQcwAQEEggdkMIIHYDCCASyhgYgwgYUxCzAJBgNVBAY...",
    "sbid_xml_signature": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PFNpZ25hdHVyZ...",
    "sub": "1W8CUMabaa57aHufl-Z3h26EUsTSOMjsEXB--tGH5OE=",
    "sub_legacy": "1W8CUMabaa57aHufl-Z3h26EUsTSOMjsEXB--tGH5OE="

# Scopes and claims mapping for OIDC

By default, all claims listed in this table are returned in UserInfo. It is also possible to configure "Id Token User Data" for the client (when setting up the security of the OIDC client) so the claims are returned in both the ID token and the UserInfo. The configuration of “Id Token User Data" required to include each claim in the ID token is listed in the right column.

Scope Claim Description Example Id Token User Data configuration for claim to be included in ID token
profile family_name The surname of the end-user. Svensson Standard Scopes or All
given_name The first name of the end-user. Sven Standard Scopes or All
birthdate The date of birth of the end-user. 1990-02-17 Standard Scopes or All
nin nin The national identity number (“fødselsnummer”) of the end-user. See also login_hint. 199002171234 All
nin_type The type of national identity number. Always PERSON for BankID (Sweden). PERSON All
nin_issuing_country The issuing country of the national identity. Always “SE” for BankID (Sweden). SE All
sbid-extra sbid_device_ip The IP address of the end-user's device used for authentication. All
sbid_certificate_not_before The time from when the certificate is valid. 2022-10-18T22:00:00.000Z All
sbid_certificate_not_after The time the certificate expires. 2023-10-19T21:59:59.000Z All
sbid_ocsp_responder_id The responder ID of the certificate used to sign the OCSP response. C=SE,O=Testbank A AB (publ),SERIALNUMBER=111111111111,CN=Testbank A Customer CA1 v1 for BankID Test OCSP Signing All
sbid-evidence sbid_ocsp_response The OCSP response. MIIHfgoBAKCCB3cwggdzBgkrBgEFBQcwAQ... All
sbid_xml_signature The XML signature. PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNv... All

Related information

For information about how to adjust the BankID flow using acr_values and login_hint, see Select and configure ID method.

Last updated: 10/10/2023 10:56 UTC