Identity Providers¶
BankID offers ways at authenticating end users at different levels of assurance.
Relaying Parties (RP) can include parameters in the authorization request to request a particular Level of assurance.
Supported acr values¶
The standard parameter for this in the Authorization Request is acr_values.
| Name | acr_values |
amr claim |
acr claim |
|---|---|---|---|
| BankID High | urn:bankid:bid | ["bid", "bid-mfa", "bid-app", "bid-pwd"] | urn:bankid:bid;LOA=4 |
| BankID Biometric | urn:bankid:bis | Info | urn:bankid:bis;LOA=3 |
Also, refer to the OpenID configuration acr_values_supported
property for the latest list of supported acr_values.
Supported amr values¶
From API Version 2 we deliver the amr claims as an array of String as per the OIDC spec.
bid- BankID on LOA High authentication was performed.bid-mfa- BankID authentication using multiple factorsbid-otp- BankID authentication involved Code Device (kodebrikke)bid-app- BankID authentication involved BankID Appbid-pwd- BankID authentication involved user typed password
Warning
Note that these values should be taken as indications as to which methods were used in the transaction, and not treated as a security mechanism.