Authorisation - NHS Identity - separate authentication and authorisation model
Currently, the only way to complete authorisation for a user-restricted API is using "combined authentication and authorisation" - authentication with NHS Identity occurs as part of the OAuth 2.0 authorisation flow. This feature will allow external software to authenticate separately with NHS Identity (using Open ID Connect) before authorising for an API. This will give full access to NHS Identity OIDC features.
Comments: 1
-
10 Jun, '21
Tony Heap AdminThis feature is now available. In fact it's been available for quite some time already, we have been somewhat remiss at updating the status, apologies. For details, see https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/user-restricted-restful-apis-nhs-cis2-separate-authentication-and-authorisation .