PDS - Patient Access - Authentication issues

Hi everyone,

We’re currently exploring PDS and more particularly the authentication side of it (Using Patient Access), and we’ve encountered an issue which blocks us.

We’ve been following the documentation from NHS England/PDS regarding authentication (User-restricted RESTful APIs - NHS login separate authentication and authorisation - NHS Digital). We are using Patient Access with a separate authentication between NHS Login and PDS (the NHS Wales App already have an authentication with NHS Login).

Following this process, we’re blocked on step 7. After using the NHS Wales App to get an ID Token, and as far as I can tell, we have a correct JWT assertion. We’re trying to call the endpoint https://int.api.service.nhs.uk/oauth2/token to exchange it with an PDS Access token.
When doing this the API responds with the following error :
Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Date: Tue, 23 Jan 2024 14:24:31 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json
Content-Length: 272
}
Response: {“fault”:{“faultstring”:“Execution of JavaScript.FilterScopesTokenExchange failed with error: Javascript runtime error: "TypeError: Cannot call method "slice" of null. (FilterScopesTokenExchange.js:9)"”,“detail”:{“errorcode”:“steps.javascript.ScriptExecutionFailed”}}}

We’ve been trying several times between 3pm and 4:30pm (23rd).

Would you be able to assist us with one?

Thanks a million,

Xavier

Hi @xaviers

Thanks for your query.

Can you message me directly with your:

  • Full request (Please include GET, POST, PUT, host, path, query parameters, request headers and request body where applicable)
  • Full response (Please provide response headers, response code/reason phrase, response body)
  • Your JWT

Kind regards,
Ernest

Hi @xaviers

Is this issue resolved?

If you still require assistance, please DM me the requested details to enable our support team to troubleshoot further.

Kind regards,
Ernest

Sorry Ernest, issue not yet solved.

I’m just trying to find how to send a direct message

@ernest.kissiedu1, i did reply to you using the slack on NHS Login (You have an account there)

Hi @xaviers

You can select my username on the Dev Community and select Message or use the Chat option.

Kind regards,
Ernest

Hi @xaviers

This error usually happens when the consumer has sent in something other than the ID token from cis2 or nhs-login on the subject-token field.

Note: We have raised a ticket on our backlog to improve the error handling.

Kind regards,
Ernest

Hi @ernest.kissiedu1 ,

Thank you for your help on the points above.

We’ve been able to try with an ID token this time, and we’re getting the following error :

{
“error” : “unauthorized_client”,
“error_description” :“you have tried to request authorization but your application is not configured to use this authorization grant type”,
“message_id”: “rrt-4367996775556187358-a-geu2-20717-3459196-1”
}

I cannot find anything on our side to configure/misconfigured. Would you be able to assist us with this?

Hello @alex.carrie will help us on this one.

Thank you

Xavier

@xaviers I understand the cause of the issue was an incorrect user type. A P5 user was in use instead of a P9 one and PDS is P9.

I’m glad to hear this is now resolved. If you have any further queries do not hesitate to get in touch.

Regards,
Ernest