ID-porten can issue tokens to scopes controlled by Difi, as well as scopes controlled by other organizations.
Such scopes will always follow this syntax:
scope ::= prefix ':' subscope
prefix is a string which is manually linked to a specific organization. It may be the organization name, or other suitable value. An organization may have multiple prefixes.
subscope is created by the owning organization itself using selfservice. ID-porten place no specific rules on how subscopes should be named or structured, as different organizations have vastly different needs to structure their APIs. Nevertheless, some recommendations apply:
folkeregisteretor organization number)
For access to these scopes, you need to contact the organization owning the scope.
|URL to list of scopes||Description|
|https://integrasjon.difi.no/scopes/all||A list of scopes protected by ID-porten in Production|
|https://integrasjon-ver2.difi.no/scopes/all||A list of scopes protected by ID-porten in VER2 environment.|
The following scopes triggers special treatment in ID-porten OIDC provider. They can be used by all customers.
|openid||Triggers an OpenID Connect-compliant authentication|
|profile||Gives access to the /userinfo endpoint|
|no_pid||Triggers a pseudonymous authentication|
|eidas||Include the eIDAS attributes in the id_token|
You need to ask us for permission to be able to use these scopes:
|idporten:dcr*||Scopes allowing for self-service of ID-porten integrations|
|idporten:scopes*||Scopes allowing for self-service of ID-porten/Maskinporten API management|
|global/*||Scopes for global access to the Contact Registry|
|user/*||Scopes giving Contact Registry details for the authenticated users|
© 2019 Direktoratet for forvaltning og IKT(Difi)