If your use case requires verifying the signature (which is not required, but possible), you have an option to request the evidence data as returned by the underlying e-ID provider.
This can be done by adding
scope=openid evidence (or
login_hint=scope:evidence) to your authorize request.
With this configuration, the issued JWT will contain two additional claims:
The full content of
ocspResponse is omitted for brevity.
When included in the payload,
ocspResponse claims will significantly increase the size of the JWT token, potentially causing it to exceed the size limitations of an HTTP header. The bloated JWTs would thus become unusable as Bearer tokens for accessing APIs.
In this case, a more compact ID Token with only essential claims will be issued from the Token endpoint. The client can subsequently fetch all data about the user from the Userinfo endpoint.
code id_token response type, the ID Token from the token endpoint will always be the same (and have nothing but a
sub that is user-specific). In contrast, when using the
response_type=code, the full ID Token is returned immediately in exchange for code.
Swedish BankID test users are created at the demo web site.
For more information on how to configure your device for test and setup test users: Get a test BankID
Note that, as is also described on the website, using test BankID users does require a reconfiguration of the BankID application. This means it cannot be used for real BankID. So if you are Swedish and already have BankID on your phone, you may want to use a spare phone for testing.
To start accepting real users with Swedish BankID, you must first request a certificate to identify your organization.
Criipto acts as a reseller for Swedbank, which means that you will have to go through a simple approval process with Swedbank. The process is managed by Criipto.
After Criipto has received the filled out form, we send it to Swedbank where it will be reviewed and typically approved within a few business days.
Once your organization and your intended use of BankID has been approved we will create and install the actual certificate in your Criipto tenant. and you will be ready to continue the process in the getting ready for production guide.