Added Data Validation guidance to ID Token documentation, clarifying RP responsibility for validating identity data against their own compliance requirements
Authorization response iss parameter: The authorization callback now includes the iss parameter per RFC 9207, enabling relying parties to verify the identity of the authorization server that issued the response.
Token response token_type field: The token response now includes token_type: "Bearer" per RFC 6749 §5.1.
Token response access_token value: The access_token field now returns "not_applicable" instead of an empty string. DIP is an identity verification service where the ID token is the primary artifact.
Token endpoint cache headers: The token endpoint now returns Cache-Control: no-store and Pragma: no-cache headers to prevent caching of token responses.
Discovery metadata: Added authorization_response_iss_parameter_supported, code_challenge_methods_supported, and grant_types_supported to the OpenID Configuration endpoint.
personal_number in document details is now always a plain string: For Norwegian documents, this is the fødselsnummer (NNIN). For non-Norwegian documents, this may contain a national identification number from the issuing country, or may be absent.
Removed active_authentication_result and issuer_check from document_details: These legacy fields have been replaced by the check_details array on the document evidence object. Remove these fields from your PAR request document_details and read verification results from check_details instead.
Discovery config documents_check_methods_supported changed: Changed from ["bvr"] to ["vcrypt", "data"].