Deprecations¶
This is a list of the active deprecation warnings in BankID OIDC along with end of life dates.
Please review this list regularly to ensure your systems are up to date in order to avoid any service interruptions.
Enforcement of API version 3¶
Notice: Nov 21. 2024
Enforcement: May 21. 2025
API version 3 will be enforced for all clients.
Please ensure your integration is compatible with the changes specified on the API Version page.
You can opt-in to use API version 3 already, please see the API Version page for more information.
Removal of jwks_uri_enc and encryption of login_hint¶
Deprecated: 01 Sep 2022
End of Life: 2024
The BankID OIDC separate encryption of the login_hint
is replaced
with the OIDC standard encryption of a request
object.
Instead of encrypting the login_hint using keys from the jwks_uri_enc
endpoint,
the login_hint should be added as a cleartext parameter to the request
object
and the request
objects should be encrypted using keys from the jwks_uri
endpoint.
See details about encryption.
Lowercased token_type in Token response¶
Deprecated: 15 Feb 2022
API Version: From version 3
The token response claim token_type
has wrongly been lowercased bearer
. This is being corrected to Bearer
as per the standard.
You can opt-in to use API Version 3 to get the correct token_type
value.
Make sure your system can handle capitalized token_type
in the Token response. For example,
some openid client libraries use this value later for Authorization etc.
Token claim session_state is being replaced by sid¶
Deprecated: 15 Feb 2022
End of Life: 2025
Today, all tokens will have both sid and session_state
claims representing the same value
(GUID related to session handling).
session_state
will soon be removed from all tokens so make sure you do not depend on this claim.
Use sid claim if you depend on this value.