Upcoming Changes¶
Announcement - April 2025¶
There are important changes for BankID on the OpenID Connect platform in 28th of October 2025.
- Additional security requirements for all clients
- API Version 4 is standard for all Clients
By the end of the year, we are also removing the experimental Consent service that provides additional userdata.
Review all changes
It is recommended to review the full list of updates below with your relevant technical teams.
Additional Security Requirements¶
Security requirements for integrating BankID on the OpenID Connect platform will be updated to:
- Always required to use PKCE (Proof Key for Code Exchange) in Authorization Code flow.
- The following parameters in Authorization Code flow are now required:
response_type
state
nonce
- NNIN (Fødselsnummer)
login_hint
must be securely transmitted using PAR or encrypted request objects. - ID and Access tokens will be signed using ES256 signature algorithm.
API Version 4 standard for all Clients¶
All clients will be forced to use minimum API Version 4. API Versions 1 to 3 will no longer be available.
In summary, the changes are related to:
- Adherance to recommendations in the OIDC specification.
- Deprecation of BankID Server related claims and BankID Proof.
Read all changes here.
Test your integration
You can already use API Version 4, to see the changes in action. Just add the parameter api_version=4
to the Authorize Request.
Consent service deprecation¶
The experimental Consent service that provides unverified user data (email, address, phone), exposed through the Userinfo endpoint, will be discontinued by the end of 2025.
This means it will no longer be possible to collect:
- address
- phone
- nnin
from end-users using the Userinfo integration.
Profile information such as full name, birthdate and potentially NNIN will still be available in the ID Token.
For those using the nnin
scope to trigger user consent, we require you to acquire this consent from the user yourself, and instead use scope nnin_altsub
to always get the NNIN in the ID token - if you are legally eligible to receive NNIN.
New Data Sharing solutions coming soon!
Stay tuned for more information regarding new data sharing solutions from BankID BankAxept AS!