...
Additionally, PKB already allows patients to open their PKB medical record in the NHS App using NHS login.
This page outlines implementation details of two additional SSO mechanisms:
...
NHS login with assertedLoginIdentity
Since we’re using some external links to manage certain datapoints, there’s a possibility of losing one’s session while away from the PKB site. To avoid prompting the user with a login every time they use an external service, the following flow is implemented:
When the user logged in through NHS clicks a link pointing to an external service, we generate a token called assertedLoginIdentity, and add it to the URL as a query parameter. The external service needs to add this same parameter to the callback URL pointing back to PKB.
When the user comes back to PKB using the callback URL, containing the assertedLoginIdentity parameter, we do a login check via NHS. The token in this parameter helps to identify the user, and log them in without any action necessary from them. Once this automatic login is completed, we continue to redirect the user to the requested page within PKB.
Prompt parameter
If the external service wants to enforce an NHS login prompt, they can also add the optional prompt parameter to the callback URL. This parameter will be passed to NHS, causing a login prompt even when the user has an NHS login session. If the prompt parameter is not provided, we automatically pass prompt=none to NHSWe also accept asserted_login_identity tokens as means of authenticating a user. To use this method, the following parameters need to be added to the URL:
assertedLoginIdentity: containing the login identity token.prompt(optional): optionally set to force a login prompt from the user.
The user will be automatically logged in via NHS using the token provided.
PKB customer sites:deploy |developer |information governance |procurement |manual
...