e-IDs
Learn more about Norwegian BanKID token contents, how to create test users and how to gain access to production.
{
"identityscheme": "nobankid-oidc",
"nameidentifier": "ee9b1bb905a6458e9f3b9d068f1a3765",
"sub": "{ee9b1bb9-05a6-458e-9f3b-9d068f1a3765}",
"uniqueuserid": "9578-6000-4-351726",
"certissuer": "CN=BankID - TestBank1 - Bank CA 3,OU=123456789,O=TestBank1 AS,C=NO;OrginatorId=9980;OriginatorName=BINAS;OriginatorId=9980",
"certsubject": "CN=CriiptoTest\\, Mikkel,O=TestBank1 AS,C=NO,SERIALNUMBER=9578-6000-4-351726",
"birthdate": "1946-03-27",
"socialno": "27034698436",
"family_name": "CriiptoTest",
"given_name": "Mikkel",
"name": "Mikkel CriiptoTest",
"country": "NO"
}
The socialno
field is the social security number. The uniqueUserId
identifies the legal person corresponding to the login, and is not considered sensitive.
Two types of Norwegian BankID are available:
Test users are created through the web page at https://ra-preprod.bankidnorge.no/#/search/endUser.
You can test it out at our authentication demo site, which is a small sample hosted by Criipto.
For testing you may order up to three test SIM cards through Criipto once you have signed up for Norwegian BankID.
Basic user information, full name, and date of birth are always made available. Additional data may be requested and is released with explicit user consent only.
For applications configured to use a dynamic
scope
strategy, the following scope
tokens can be supplied: address
, email
, phone
and ssn
.
Data type | Released | Verified | scope | login_hint |
---|---|---|---|---|
Full name | Always | Yes | ||
Date of birth | Always | Yes | ||
SSN ("fødselsnummer" in Norwegian) | User consent | Yes | ssn | scope:ssn |
Address | With user consent | No | address | scope:address |
With user consent | No | email | scope:email | |
Phone number | With user consent | No | phone | scope:phone |
https://YOUR_SUBDOMAIN.criipto.id/oauth2/authorize?scope=openid email address&...
Alternatively, you can send them in the login_hint
https://YOUR_SUBDOMAIN.criipto.id/oauth2/authorize?...&login_hint=scope:email scope:address&...
which can be a useful if you are working with technology that does not let you control the scope
value.
Access to the SSN is governed by Norwegian law, as described in the Ordering Norwegian BankID guide.
The unverified data are supplied by end-users and not verified by Vipps or the Norwegian banks.
End-users must explicitly grant consent to releasing the data to you.
The consent model is enforced by Vipps (operator of BankID), and they also provide the consent and data collection dialogs.
If you request SSN, it will be treated as a required value. End users will not be allowed to complete a login until they have explicitly given their consent to release SSN.
All other additional data are treated as optional values. A login may complete even if the user does not consent to release the requested data.
You can use the Criipto management dashboard dashboard.criipto.com to configure access to the optional user data, in the Identity Sources -> NO BankID section.
To start accepting real users with Norwegian BankID, you must first request your client credentials - a set of secret keys - from the Norwegian BankID organisation.
Prerequisites for ordering
In order to apply for the BankID client credentials for a company you must meet the basic requirements:
To order the actual keys please send a request to
with answers to these questions:
After Criipto has received the above information, we order the client credntials from your bank by filling out an online agreement, which is then sent to the appointed persons at your company for signing. Criipto will also sign the agreement
When all signatures are in place the signed agreement is sent to your bank for further processing and eventual issuance of your client credentials.
Once you have received credentials, they must be entered into the Criipto Verify management UI to configure your NO BankID integration.