Authorisation - NHS Identity - separate authentication and authorisation model

15 votes

Currently, the only way to complete authorisation for a user-restricted API is using "combined authentication and authorisation" - authentication with NHS Identity occurs as part of the OAuth 2.0 authorisation flow. This feature will allow external software to authenticate separately with NHS Identity (using Open ID Connect) before authorising for an API. This will give full access to NHS Identity OIDC features.

Done make-design-and-build-easier platform platform-phase-2 Suggested by: API Management Team (16 Jul, '20) • Upvoted: 06 May, '21 • Comments: 1

Comments: 1

10 Jun, '21
Tony Heap Admin
This feature is now available. In fact it's been available for quite some time already, we have been somewhat remiss at updating the status, apologies. For details, see https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/user-restricted-restful-apis-nhs-cis2-separate-authentication-and-authorisation .

Add a comment

Message

0 / 1,000

Name

* Your name will be publicly visible

* Your email will be visible only to moderators

I consent to my submitted information being stored and used according to Feature Upvote's Privacy Policy and Acceptable Use Policy.