Issue to fetching the token

britishchemist · 7 July 2023 08:35

Hello Team,
I am currently attempting to set up NHS login functionality on my web-based PHP application. I am currently using a sandbox account at the following URL: https://auth.sandpit.signin.nhs.uk.
After successfully redirecting to the login website, I receive the code and state values as query parameters. I then try to obtain an access token using the following parameters:
Array
(
[grant_type] => authorization_code

[code] => a52695ba-20c4-4203-a9aa-4fa60d96b984
[client_assertion_type] => urn:ietf:params:oauth:client-assertion-type:jwt-bearer
[client_assertion] => eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6InRlc3QtMSJ9.eyJzdWIiOiJHb0lSem1mMnRHS21uU2p6TXBXUDNaOTRBaDFiSW9lYSIsImlzcyI6IkdvSVJ6bWYydEdLbW5TanpNcFdQM1o5NEFoMWJJb2VhIiwianRpIjoiNjRhN2E5ZjEzYTIxZCIsImF1ZCI6Imh0dHBzOlwvXC9hdXRoLnNhbmRwaXQuc2lnbmluLm5ocy51a1wvb2F1dGgyXC90b2tlbiIsImV4cCI6MTY4ODcwOTkxN30.D_m_aUyRQcMyZ9Q4FQlDsKNMmCeK0Z83AXk-hflRjuRhJ4ua38SfqhtwdvMpIA8RUGGNWiRwQnJozAg9wgNrueVh9WCIfM3ysG2mbHPsTbQNDK2SzEf3wCkXbqZHyLoEyvoc4B2JYFubv26xfavOw_06lEK8jUhaw8UZVtXklfwu9qoqjq9Tz9bDPltohpPNS4su0p0Ol8jMuS1hr_igYWYgBqsum0wriuL3HmtSXhDNa6DGLVdNQ38HVFuFp4d6EfaVLw3yaio-sEMYBf235r2JzMg4212fh3vWapGsqeUQXIhJS7tmeEVxgtuRlgHC6sPnZZwxoNOFuZ6djRfK98qLpU8BUcy47Tdi6p8spcsiiWDs7cKOI8Lc058Kl71nbcJs5MFT7QOyV9p79dFa9HqTsszw-_-arvnj9aN-PWSLAqQawyWiqF7hm6xZ4_1iAKnnDsDFgTbcAjODgclCNgr5sISC7U5eKsYy39p_gbYtaxW2Y3ssD44bFBxYzuXT6CAGwphqP6DzpRtOEyXfCJieEzx2fhiyURqUIDBESpXmW-1KeaOHLC1qHFVUOgALWnwCXetONJJr3ntFH_KrlbY-ay88gg-8H1LmHccs8O7awGyy_KmRzfG3i8Fv99QakseFQEBq91iT_pPGBlt5Stxv9ZJjvtvYM0a2JqM8QTw
[redirect_uri] => ‘my redirect url’
[client_id] => GoIRzmf2tGKmnSjzMpWP3Z94Ah1bIoea
[client_secret] => “My app secret code”
)
However, no matter which method I use, I consistently receive the error message “Missing Authentication Token.”
Could you please assist me with this issue?

greenbox03 · 7 July 2023 13:34

how about integration env, not sandbox?
Can we co-develop if you are working for NHS?

I am looking for an opportunity to work the project with them

tc1 · 11 July 2023 12:53

IDK if it’s much help, but using https://oidc.mock.signin.nhs.uk, we do this in Node.

You might find the code and demo @ https://oidc.mock.signin.nhs.uk/client useful too.

const _hostname = `https://oidc.mock.signin.nhs.uk`
const token_endpoint=`${_hostname}/token`;//match to hostname on login form

let audience = token_endpoint;
let expiresIn = 60; //short-lived value for jwt
let jwtid = uuidv4(); //create unique identifier for jwt
var client_token_sign_options = { 
	"algorithm": "RS512",
	"subject": client_id,
	"issuer": client_id,
	"audience": audience,
	"jwtid": jwtid,
	"expiresIn": expiresIn
};
var client_token_payload = {}; //the "sub" claim is automatically populated from the signing options in this example
let client_token = jwt.sign(client_token_payload, private_key, client_token_sign_options);

const post_data = {
	"code": event.queryStringParameters.code, //the authorization code returned from the authorization endpoint
  	"client_id": client_id,
  	"redirect_uri":'https://some.host.name/v1/sso/response', // match login form
  	"grant_type": "authorization_code",
  	"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
  	"client_assertion": client_token
};

const token_resp = await fetch(token_endpoint, {
    method: 'POST',
    headers:{
      'Content-Type': 'application/x-www-form-urlencoded'
    },    
    body: new URLSearchParams(post_data)
});

const token_body = await token_resp.text();
const verification_options = {
	"algorithms": ["RS512"],
	"issuer": _hostname
};

let tokens_json = JSON.parse(token_body)

let access_token = tokens_json.access_token; //get the access_token