I’m trying to follow https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/testing-with-our-mock-authorisation-service-using-nhs-cis2---separate-authentication#2-using-our-mock-identity-provider-for-openid-connect-oidc- to setup NHS sign in through our application so we can use user restricted APIs, but am having trouble getting the example code to work as expected.
The first call to ‘https://int.api.service.nhs.uk/mock-jwks/keycloak-client-credentials’ (with our registered API key) is fine, and returns "cis2": {"client_id":"pytest-nhsd-apim"
When I reuse this in the second API call to https://identity.ptl.api.platform.nhs.uk/realms/Cis2-mock-int/protocol/openid-connect/auth however it returns an error page with “Invalid parameter: redirect_uri” displayed.
This occurs for both the example domain in the docs, and a number of other domains I tried including our actual application’s integration testing domain which is on the public internet.
See also this unresolved post from 3 months ago, with the same error : 'Invalid parameter: redirect_uri' when trying to use the intergration mock cis2 login - #5 by George_Paddon
Are we doing something wrong ?
It appears to work if I use google.com as the redirect domain but as noted there this is useless from an integration testing point of view because we can’t test the complete sign in flow.
Does the mock API support any redirect_uri domain ? Do we need to pre-register them somehow ?
If the mock API doesn’t support end to end testing, is there a set of mock authorization_code we can use with the token endpoint to at least continue the flow from there ?