# Response examples and parameters

You use BankID to verify the end-user's identity and obtain relevant personal details about them. This page shows response code examples with property descriptions for the OIDC protocol.

# OIDC response examples

This section shows response examples for the ID token and the UserInfo endpoints. You can find detailed scopes and claims descriptions below the code examples.

# Authentication token response example

In the following examples, the ID token user data is set to the "standard scopes", openid, profile nin.

{
    "id_token": "eyJhbGc...",
    "access_token": "eyJhbGc...",
    "expires_in": 600,
    "token_type": "Bearer",
    "scope": "openid profile nin"
}

# JWT id_token decoded example

# Header (Algorithm and token type)
{
  "alg": "RS256",
  "kid": "signing-key-7e5ec5cfa428a64b8e4e990d1aba6bf6",
  "typ": "JWT"
}
# Payload (Data)
{
  "nbf": 1657278414,
  "exp": 1657279014,
  "iss": "https://testdomain.sandbox.signicat.dev/auth/open",
  "aud": "dev-silly-carriage-435",
  "iat": 1657278414,
  "at_hash": "AmHqoGoXr1tWVZlbjrR6aQ",
  "sid": "1670A333DEA5FAE66072ECDAC88AE4C6",
  "sub": "0I3nYK5-NdoLqN1ps8tIWk7WRLOL-BEoU3erWBK28e4=",
  "auth_time": 1657278399,
  "idp": "sbid",
  "family_name": "Svensson",
  "given_name": "Sven",
  "birthdate": "1990-02-17",
  "amr": [
    "external"
  ]
}

# UserInfo response example

Scope: openid profile nin

{
"family_name":"Svensson",
"given_name":"Sven",
"birthdate":"1990-02-17",
"nin":"199002171234",
"nin_type":"PERSON",
"nin_issuing_country":"SE",
"sub":"KuJm0Zfr6JvRZ3PwC1IktAVSMPDtGTD-HEB6Uu0z-mA="
}

The following example also includes the sbid-extra and sbid-evidence scopes, with extra information about the certificate validity (for more descriptions, see the table below).

Scope: openid profile nin sbid-extra sbid-evidence

{
    "idp_id": "199004181234",
    "family_name": "Svensson",
    "given_name": "Pernilla",
    "birthdate": "1990-04-18",
    "nin": "199004181234",
    "nin_type": "PERSON",
    "nin_issuing_country": "SE",
    "sbid_device_ip": "3.127.53.67",
    "sbid_certificate_not_before": "2022-10-18T22:00:00.000Z",
    "sbid_certificate_not_after": "2023-10-19T21:59:59.000Z",
    "sbid_ocsp_responder_id": "C=SE,O=Testbank A AB (publ),SERIALNUMBER=111111111111,CN=Testbank A Customer CA1 v1 for BankID Test OCSP Signing",
    "sbid_ocsp_response": "MIIHfgoBAKCCB3cwggdzBgkrBgEFBQcwAQEEggdkMIIHYDCCASyhgYgwgYUxCzAJBgNVBAY...",
    "sbid_xml_signature": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PFNpZ25hdHVyZ...",
    "sub": "1W8CUMabaa57aHufl-Z3h26EUsTSOMjsEXB--tGH5OE=",
}

# Scopes and claims mapping for OIDC

You can use the following scopes to request user information from an end-user using BankID.

Include user data claims in Id token

By default, all claims listed in this table are returned in the UserInfo endpoint. In addition, you can configure user data claims to be returned in the Id token. You can set this up in the Dashboard > OIDC client (opens new window) under Advanced Security > Id Token User data. The right column shows the values required to include each claim in the Id token.

Scope Claim Description Example Id Token User data values
profile family_name The surname of the end-user. Svensson Standard Scopes or All
given_name The first name of the end-user. Sven Standard Scopes or All
birthdate The date of birth of the end-user. 1990-02-17 Standard Scopes or All
idp-id idp_id 199002171234 Personal identifier set by the identity provider. StandardScopes or All
nin nin The national identity number (“fødselsnummer”) of the end-user. See also login_hint. 199002171234 All
nin_type The type of national identity number. Always PERSON for BankID (Sweden). PERSON All
nin_issuing_country The issuing country of the national identity. Always “SE” for BankID (Sweden). SE All
sbid-extra sbid_device_ip The IP address of the end-user's device used for authentication. 3.127.53.67 All
sbid_certificate_not_before The time from when the certificate is valid. 2022-10-18T22:00:00.000Z All
sbid_certificate_not_after The time the certificate expires. 2023-10-19T21:59:59.000Z All
sbid_ocsp_responder_id The responder ID of the certificate used to sign the OCSP response. C=SE,O=Testbank A AB (publ),SERIALNUMBER=111111111111,CN=Testbank A Customer CA1 v1 for BankID Test OCSP Signing All
sbid-evidence sbid_ocsp_response The OCSP response. MIIHfgoBAKCCB3cwggdzBgkrBgEFBQcwAQ... All
sbid_xml_signature The XML signature. PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNv... All

Related information

For information about how to adjust the BankID flow using acr_values and login_hint, see Select and configure ID method.

Last updated: 15/03/2024 12:07 UTC