# Response examples and parameters
You use BankID to verify the end-user's identity and obtain relevant personal details about them. This page shows response code examples with property descriptions for the OIDC protocol.
# OIDC response examples
This section shows response examples for the ID token and the UserInfo endpoints. You can find detailed scopes and claims descriptions below the code examples.
# Authentication token response example
In the following examples, the ID token user data is set to the "standard scopes", openid, profile nin
.
{
"id_token": "eyJhbGc...",
"access_token": "eyJhbGc...",
"expires_in": 600,
"token_type": "Bearer",
"scope": "openid profile nin"
}
# JWT id_token decoded example
# Header (Algorithm and token type)
{
"alg": "RS256",
"kid": "signing-key-7e5ec5cfa428a64b8e4e990d1aba6bf6",
"typ": "JWT"
}
# Payload (Data)
{
"nbf": 1657278414,
"exp": 1657279014,
"iss": "https://testdomain.sandbox.signicat.dev/auth/open",
"aud": "dev-silly-carriage-435",
"iat": 1657278414,
"at_hash": "AmHqoGoXr1tWVZlbjrR6aQ",
"sid": "1670A333DEA5FAE66072ECDAC88AE4C6",
"sub": "0I3nYK5-NdoLqN1ps8tIWk7WRLOL-BEoU3erWBK28e4=",
"auth_time": 1657278399,
"idp": "sbid",
"family_name": "Svensson",
"given_name": "Sven",
"birthdate": "1990-02-17",
"amr": [
"external"
]
}
# UserInfo response example
Scope: openid profile nin
{
"family_name":"Svensson",
"given_name":"Sven",
"birthdate":"1990-02-17",
"nin":"199002171234",
"nin_type":"PERSON",
"nin_issuing_country":"SE",
"sub":"KuJm0Zfr6JvRZ3PwC1IktAVSMPDtGTD-HEB6Uu0z-mA="
}
The following example also includes the sbid-extra
and sbid-evidence
scopes, with extra information about the certificate validity (for more descriptions, see the table below).
Scope: openid profile nin sbid-extra sbid-evidence
{
"idp_id": "199004181234",
"family_name": "Svensson",
"given_name": "Pernilla",
"birthdate": "1990-04-18",
"nin": "199004181234",
"nin_type": "PERSON",
"nin_issuing_country": "SE",
"sbid_device_ip": "3.127.53.67",
"sbid_certificate_not_before": "2022-10-18T22:00:00.000Z",
"sbid_certificate_not_after": "2023-10-19T21:59:59.000Z",
"sbid_ocsp_responder_id": "C=SE,O=Testbank A AB (publ),SERIALNUMBER=111111111111,CN=Testbank A Customer CA1 v1 for BankID Test OCSP Signing",
"sbid_ocsp_response": "MIIHfgoBAKCCB3cwggdzBgkrBgEFBQcwAQEEggdkMIIHYDCCASyhgYgwgYUxCzAJBgNVBAY...",
"sbid_xml_signature": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PFNpZ25hdHVyZ...",
"sub": "1W8CUMabaa57aHufl-Z3h26EUsTSOMjsEXB--tGH5OE=",
}
# Scopes and claims mapping for OIDC
You can use the following scopes to request user information from an end-user using BankID.
Include user data claims in Id token
By default, all claims listed in this table are returned in the UserInfo endpoint. In addition, you can configure user data claims to be returned in the Id token. You can set this up in the Dashboard > OIDC client (opens new window) under Advanced Security > Id Token User data. The right column shows the values required to include each claim in the Id token.
Scope | Claim | Description | Example | Id Token User data values |
---|---|---|---|---|
profile | family_name | The surname of the end-user. | Svensson | Standard Scopes or All |
given_name | The first name of the end-user. | Sven | Standard Scopes or All | |
birthdate | The date of birth of the end-user. | 1990-02-17 | Standard Scopes or All | |
idp-id | idp_id | 199002171234 | Personal identifier set by the identity provider. | StandardScopes or All |
nin | nin | The national identity number (“fødselsnummer”) of the end-user. See also login_hint. | 199002171234 | All |
nin_type | The type of national identity number. Always PERSON for BankID (Sweden). | PERSON | All | |
nin_issuing_country | The issuing country of the national identity. Always “SE” for BankID (Sweden). | SE | All | |
sbid-extra | sbid_device_ip | The IP address of the end-user's device used for authentication. | 3.127.53.67 | All |
sbid_certificate_not_before | The time from when the certificate is valid. | 2022-10-18T22:00:00.000Z | All | |
sbid_certificate_not_after | The time the certificate expires. | 2023-10-19T21:59:59.000Z | All | |
sbid_ocsp_responder_id | The responder ID of the certificate used to sign the OCSP response. | C=SE,O=Testbank A AB (publ),SERIALNUMBER=111111111111,CN=Testbank A Customer CA1 v1 for BankID Test OCSP Signing | All | |
sbid-evidence | sbid_ocsp_response | The OCSP response. | MIIHfgoBAKCCB3cwggdzBgkrBgEFBQcwAQ... | All |
sbid_xml_signature | The XML signature. | PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNv... | All |
Related information
For information about how to adjust the BankID flow using acr_values
and login_hint
, see Select and configure ID method.