OpenID Configuration¶
The OpenID Configuration endpoint is a standard endpoint that returns configuration metadata needed to integrate with the BankID OIDC Provider.
| Environment | URL |
|---|---|
| Production | https://auth.bankid.no/auth/realms/prod/.well-known/openid-configuration |
| Current (Test) | https://auth.current.bankid.no/auth/realms/current/.well-known/openid-configuration |
API¶
Request¶
GET https://auth.current.bankid.no/auth/realms/current/.well-known/openid-configuration
Response¶
Status¶
200 OK
Headers¶
Content-Type: application/json
Body¶
The response is a standard OpenID Configuration JSON object with some extensions:
fraud-data-baseurl- The base URL for the Fraud Data API.signdoc-baseurl- The base URL for the Sign Document API.aml-baseurl- The base URL for the Anti Money Laundering API.release- The release version of the OIDC provider.token_introspection_endpoint- The endpoint for token introspection.jwks_uri_enc- The endpoint for encryption keys.pushed_authorization_request_endpoint- The endpoint for pushed authorization requests.require_pushed_authorization_requests- Whether pushed authorization requests are required.tls_client_certificate_bound_access_tokens- Whether the access tokens are bound to the client certificate.code_challenge_methods_supported- The supported code challenge methods.
Example¶
{
"issuer": "https://auth.current.bankid.no/auth/realms/current",
"authorization_endpoint": "https://auth.current.bankid.no/auth/realms/current/precheck/auth",
"token_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/token",
"introspection_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/token/introspect",
"userinfo_endpoint": "https://userinfo.current.bankid.no/userinfo",
"end_session_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/logout",
"jwks_uri": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/certs",
"check_session_iframe": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/login-status-iframe.html",
"grant_types_supported": [
"authorization_code",
"implicit",
"refresh_token",
"password",
"client_credentials"
],
"acr_values_supported": [
"urn:bankid:bis",
"urn:bankid:bid",
"3",
"4"
],
"response_types_supported": [
"code",
"none",
"id_token",
"token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"subject_types_supported": [
"public",
"pairwise"
],
"id_token_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
"id_token_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"id_token_encryption_enc_values_supported": [
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"userinfo_signing_alg_values_supported": [
"RS256"
],
"request_object_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512",
"none"
],
"request_object_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"request_object_encryption_enc_values_supported": [
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"response_modes_supported": [
"query",
"fragment",
"form_post"
],
"token_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth",
"client_secret_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
"introspection_endpoint_auth_methods_supported": [
"private_key_jwt",
"client_secret_basic",
"client_secret_post",
"tls_client_auth",
"client_secret_jwt"
],
"introspection_endpoint_auth_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
"authorization_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
],
"authorization_encryption_alg_values_supported": [
"RSA-OAEP",
"RSA-OAEP-256",
"RSA1_5"
],
"authorization_encryption_enc_values_supported": [
"A256GCM",
"A192GCM",
"A128GCM",
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512"
],
"claims_supported": [
"at_hash",
"birthdate",
"bankid_altsub",
"given_name",
"nonce",
"acr",
"c_hash",
"updated_at",
"nnin_altsub",
"auth_time",
"name",
"session_state",
"family_name",
"sub",
"amr",
"iss",
"typ",
"aud",
"nbf",
"azp",
"exp",
"iat",
"jti",
"realm_access",
"resource_access"
],
"claim_types_supported": [
"normal"
],
"claims_parameter_supported": false,
"scopes_supported": [
"openid",
"profile",
"address",
"email",
"phone",
"nnin_altsub",
"nnin",
"sign",
"signdoc/read_write",
"fraud-data-rs/GetSecurityData",
"aml_person/basic",
"aml_person/monitor",
"aml_person/OFAC",
"aml_organization/basic",
"aml_organization/monitor",
"aml_organization/OFAC",
"operational-status/read",
"bankid_proof",
"chgpwd"
],
"request_parameter_supported": true,
"request_uri_parameter_supported": true,
"require_request_uri_registration": true,
"code_challenge_methods_supported": [
"plain",
"S256"
],
"tls_client_certificate_bound_access_tokens": true,
"require_pushed_authorization_requests": false,
"pushed_authorization_request_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/ext/par/request",
"fraud-data-baseurl": "https://frauddata-rs-current.bankidapis.no/",
"release": "2024-03",
"signdoc-baseurl": "https://signdoc-rs-current.bankidapis.no/",
"ui_locales_supported": [
"nb",
"en",
"nn"
],
"aml-baseurl": "https://aml-current.bankidapis.no/",
"token_introspection_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/token/introspect",
"jwks_uri_enc": "https://auth.current.bankid.no/auth/realms/current/encryption/keys"
}