Authorisation - NHS Identity - separate authentication and authorisation model

15 votes

Currently, the only way to complete authorisation for a user-restricted API is using "combined authentication and authorisation" - authentication with NHS Identity occurs as part of the OAuth 2.0 authorisation flow. This feature will allow external software to authenticate separately with NHS Identity (using Open ID Connect) before authorising for an API. This will give full access to NHS Identity OIDC features.

Done make-design-and-build-easier platform platform-phase-2 Suggested by: Tony Heap Upvoted: 06 May, '21 Comments: 1

Comments: 1