Skip to content

Deprecations

This is a list of the active deprecation warnings in BankID OIDC along with end of life dates.

Please review this list regularly to ensure your systems are up to date in order to avoid any service interruptions.

Enforcement of API version 3

Notice: Nov 21. 2024

Enforcement: May 21. 2025

API version 3 will be enforced for all clients.

Please ensure your integration is compatible with the changes specified on the API Version page.

You can opt-in to use API version 3 already, please see the API Version page for more information.

Removal of jwks_uri_enc and encryption of login_hint

Deprecated: 01 Sep 2022

End of Life: 2024

The BankID OIDC separate encryption of the login_hint is replaced with the OIDC standard encryption of a request object.

Instead of encrypting the login_hint using keys from the jwks_uri_enc endpoint, the login_hint should be added as a cleartext parameter to the request object and the request objects should be encrypted using keys from the jwks_uri endpoint.

See details about encryption.

Lowercased token_type in Token response

Deprecated: 15 Feb 2022

API Version: From version 3

The token response claim token_type has wrongly been lowercased bearer. This is being corrected to Bearer as per the standard.

You can opt-in to use API Version 3 to get the correct token_type value.

Make sure your system can handle capitalized token_type in the Token response. For example, some openid client libraries use this value later for Authorization etc.

Token claim session_state is being replaced by sid

Deprecated: 15 Feb 2022

End of Life: 2025

Today, all tokens will have both sid and session_state claims representing the same value (GUID related to session handling).

session_state will soon be removed from all tokens so make sure you do not depend on this claim. Use sid claim if you depend on this value.