Open ID Connect (OIDC) support on the OAuth server
Currently we use OAuth 2.0 to authorise external software to access APIs for healthcare workers. There is no standard way for external software to get the end user's details (name, role profiles etc). One way to do this would be to support token exchange (there's a separate feature for this). Another way would be to add Open ID Connect to the OAuth server. Under the covers this would retrieve the user's details from NHS Identity.
Under consideration make-design-and-build-easier platform platform-phase-2 Suggested by: API Management Team • Upvoted: 02 Sep, '22 • Comments: 1
Tony Heap Admin
We have now added a user info endpoint to the auth server - see https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/user-restricted-restful-apis-nhs-identity-combined-authentication-and-authorisation#step-6-determine-the-user-s-role for details.
But we haven't done full OIDC because we don't return a ID token for the user from the token endpoint yet. That's still to do.