Hello Team,
I am currently attempting to set up NHS login functionality on my web-based PHP application. I am currently using a sandbox account at the following URL: https://auth.sandpit.signin.nhs.uk.
After successfully redirecting to the login website, I receive the code and state values as query parameters. I then try to obtain an access token using the following parameters:
Array
(
[grant_type] => authorization_code
[code] => a52695ba-20c4-4203-a9aa-4fa60d96b984
[client_assertion_type] => urn:ietf:params:oauth:client-assertion-type:jwt-bearer
[client_assertion] => eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6InRlc3QtMSJ9.eyJzdWIiOiJHb0lSem1mMnRHS21uU2p6TXBXUDNaOTRBaDFiSW9lYSIsImlzcyI6IkdvSVJ6bWYydEdLbW5TanpNcFdQM1o5NEFoMWJJb2VhIiwianRpIjoiNjRhN2E5ZjEzYTIxZCIsImF1ZCI6Imh0dHBzOlwvXC9hdXRoLnNhbmRwaXQuc2lnbmluLm5ocy51a1wvb2F1dGgyXC90b2tlbiIsImV4cCI6MTY4ODcwOTkxN30.D_m_aUyRQcMyZ9Q4FQlDsKNMmCeK0Z83AXk-hflRjuRhJ4ua38SfqhtwdvMpIA8RUGGNWiRwQnJozAg9wgNrueVh9WCIfM3ysG2mbHPsTbQNDK2SzEf3wCkXbqZHyLoEyvoc4B2JYFubv26xfavOw_06lEK8jUhaw8UZVtXklfwu9qoqjq9Tz9bDPltohpPNS4su0p0Ol8jMuS1hr_igYWYgBqsum0wriuL3HmtSXhDNa6DGLVdNQ38HVFuFp4d6EfaVLw3yaio-sEMYBf235r2JzMg4212fh3vWapGsqeUQXIhJS7tmeEVxgtuRlgHC6sPnZZwxoNOFuZ6djRfK98qLpU8BUcy47Tdi6p8spcsiiWDs7cKOI8Lc058Kl71nbcJs5MFT7QOyV9p79dFa9HqTsszw-_-arvnj9aN-PWSLAqQawyWiqF7hm6xZ4_1iAKnnDsDFgTbcAjODgclCNgr5sISC7U5eKsYy39p_gbYtaxW2Y3ssD44bFBxYzuXT6CAGwphqP6DzpRtOEyXfCJieEzx2fhiyURqUIDBESpXmW-1KeaOHLC1qHFVUOgALWnwCXetONJJr3ntFH_KrlbY-ay88gg-8H1LmHccs8O7awGyy_KmRzfG3i8Fv99QakseFQEBq91iT_pPGBlt5Stxv9ZJjvtvYM0a2JqM8QTw
[redirect_uri] => ‘my redirect url’
[client_id] => GoIRzmf2tGKmnSjzMpWP3Z94Ah1bIoea
[client_secret] => “My app secret code”
)
However, no matter which method I use, I consistently receive the error message “Missing Authentication Token.”
Could you please assist me with this issue?
how about integration env, not sandbox?
Can we co-develop if you are working for NHS?
I am looking for an opportunity to work the project with them
IDK if it’s much help, but using https://oidc.mock.signin.nhs.uk, we do this in Node.
You might find the code and demo @ https://oidc.mock.signin.nhs.uk/client useful too.
const _hostname = `https://oidc.mock.signin.nhs.uk`
const token_endpoint=`${_hostname}/token`;//match to hostname on login form
let audience = token_endpoint;
let expiresIn = 60; //short-lived value for jwt
let jwtid = uuidv4(); //create unique identifier for jwt
var client_token_sign_options = {
"algorithm": "RS512",
"subject": client_id,
"issuer": client_id,
"audience": audience,
"jwtid": jwtid,
"expiresIn": expiresIn
};
var client_token_payload = {}; //the "sub" claim is automatically populated from the signing options in this example
let client_token = jwt.sign(client_token_payload, private_key, client_token_sign_options);
const post_data = {
"code": event.queryStringParameters.code, //the authorization code returned from the authorization endpoint
"client_id": client_id,
"redirect_uri":'https://some.host.name/v1/sso/response', // match login form
"grant_type": "authorization_code",
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": client_token
};
const token_resp = await fetch(token_endpoint, {
method: 'POST',
headers:{
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams(post_data)
});
const token_body = await token_resp.text();
const verification_options = {
"algorithms": ["RS512"],
"issuer": _hostname
};
let tokens_json = JSON.parse(token_body)
let access_token = tokens_json.access_token; //get the access_token
The endpoint used in this reply is no longer valid - I’m trying to work out how to replace it at the moment - if I get anywhere I will post it here.