Skip to content

OpenID Configuration

The OpenID Configuration endpoint is a standard endpoint that returns configuration metadata needed to integrate with the BankID OIDC Provider.

Environment URL
Production https://auth.bankid.no/auth/realms/prod/.well-known/openid-configuration
Current (Test) https://auth.current.bankid.no/auth/realms/current/.well-known/openid-configuration

API

Request

GET https://auth.current.bankid.no/auth/realms/current/.well-known/openid-configuration

Response

Status

200 OK

Headers

Content-Type: application/json

Body

The response is a standard OpenID Configuration JSON object with some extensions:

  • signdoc-baseurl - The base URL for the Sign Document API.
  • aml-baseurl - The base URL for the Anti Money Laundering API.
  • release - The release version of the OIDC provider.
  • token_introspection_endpoint - The endpoint for token introspection.
  • jwks_uri_enc - The endpoint for encryption keys.
  • pushed_authorization_request_endpoint - The endpoint for pushed authorization requests.
  • require_pushed_authorization_requests - Whether pushed authorization requests are required.
  • tls_client_certificate_bound_access_tokens - Whether the access tokens are bound to the client certificate.
  • code_challenge_methods_supported - The supported code challenge methods.
Example
{
  "issuer": "https://auth.current.bankid.no/auth/realms/current",
  "authorization_endpoint": "https://auth.current.bankid.no/auth/realms/current/precheck/auth",
  "token_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/token",
  "introspection_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/token/introspect",
  "userinfo_endpoint": "https://userinfo.current.bankid.no/userinfo",
  "end_session_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/logout",
  "jwks_uri": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/certs",
  "check_session_iframe": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/login-status-iframe.html",
  "grant_types_supported": [
    "authorization_code",
    "implicit",
    "refresh_token",
    "password",
    "client_credentials"
  ],
  "acr_values_supported": [
    "urn:bankid:bis",
    "urn:bankid:bid",
    "3",
    "4"
  ],
  "response_types_supported": [
    "code",
    "none",
    "id_token",
    "token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "subject_types_supported": [
    "public",
    "pairwise"
  ],
  "id_token_signing_alg_values_supported": [
    "PS384",
    "ES384",
    "RS384",
    "HS256",
    "HS512",
    "ES256",
    "RS256",
    "HS384",
    "ES512",
    "PS256",
    "PS512",
    "RS512"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA1_5"
  ],
  "id_token_encryption_enc_values_supported": [
    "A256GCM",
    "A192GCM",
    "A128GCM",
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256"
  ],
  "request_object_signing_alg_values_supported": [
    "PS384",
    "ES384",
    "RS384",
    "HS256",
    "HS512",
    "ES256",
    "RS256",
    "HS384",
    "ES512",
    "PS256",
    "PS512",
    "RS512",
    "none"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA1_5"
  ],
  "request_object_encryption_enc_values_supported": [
    "A256GCM",
    "A192GCM",
    "A128GCM",
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post"
  ],
  "token_endpoint_auth_methods_supported": [
    "private_key_jwt",
    "client_secret_basic",
    "client_secret_post",
    "tls_client_auth",
    "client_secret_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "PS384",
    "ES384",
    "RS384",
    "HS256",
    "HS512",
    "ES256",
    "RS256",
    "HS384",
    "ES512",
    "PS256",
    "PS512",
    "RS512"
  ],
  "introspection_endpoint_auth_methods_supported": [
    "private_key_jwt",
    "client_secret_basic",
    "client_secret_post",
    "tls_client_auth",
    "client_secret_jwt"
  ],
  "introspection_endpoint_auth_signing_alg_values_supported": [
    "PS384",
    "ES384",
    "RS384",
    "HS256",
    "HS512",
    "ES256",
    "RS256",
    "HS384",
    "ES512",
    "PS256",
    "PS512",
    "RS512"
  ],
  "authorization_signing_alg_values_supported": [
    "PS384",
    "ES384",
    "RS384",
    "HS256",
    "HS512",
    "ES256",
    "RS256",
    "HS384",
    "ES512",
    "PS256",
    "PS512",
    "RS512"
  ],
  "authorization_encryption_alg_values_supported": [
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA1_5"
  ],
  "authorization_encryption_enc_values_supported": [
    "A256GCM",
    "A192GCM",
    "A128GCM",
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512"
  ],
  "claims_supported": [
    "at_hash",
    "birthdate",
    "bankid_altsub",
    "given_name",
    "nonce",
    "acr",
    "c_hash",
    "updated_at",
    "nnin_altsub",
    "auth_time",
    "name",
    "session_state",
    "family_name",
    "sub",
    "amr",
    "iss",
    "typ",
    "aud",
    "nbf",
    "azp",
    "exp",
    "iat",
    "jti",
    "realm_access",
    "resource_access"
  ],
  "claim_types_supported": [
    "normal"
  ],
  "claims_parameter_supported": false,
  "scopes_supported": [
    "openid",
    "profile",
    "address",
    "email",
    "phone",
    "nnin_altsub",
    "nnin",
    "sign",
    "signdoc/read_write",
    "aml_person/basic",
    "aml_person/monitor",
    "aml_person/OFAC",
    "aml_organization/basic",
    "aml_organization/monitor",
    "aml_organization/OFAC",
    "operational-status/read",
    "bankid_proof",
    "chgpwd"
  ],
  "request_parameter_supported": true,
  "request_uri_parameter_supported": true,
  "require_request_uri_registration": true,
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "tls_client_certificate_bound_access_tokens": true,
  "require_pushed_authorization_requests": false,
  "pushed_authorization_request_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/ext/par/request",
  "fraud-data-baseurl": "https://frauddata-rs-current.bankidapis.no/",
  "release": "2024-03",
  "signdoc-baseurl": "https://signdoc-rs-current.bankidapis.no/",
  "ui_locales_supported": [
    "nb",
    "en",
    "nn"
  ],
  "aml-baseurl": "https://aml-current.bankidapis.no/",
  "token_introspection_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/token/introspect",
  "jwks_uri_enc": "https://auth.current.bankid.no/auth/realms/current/encryption/keys"
}