/userinfo endpoint not behaving as expected

Hi,

I am trying to use the /userinfo endpoint to get the user’s “nhsd-session-urid”, following step 7 of:
https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/user-restricted-restful-apis-nhs-cis2-combined-authentication-and-authorisation”.

However it doesn’t return what I expected (See screenshot).

How can I get the user’s “nhsd-session-urid” to use in the PDS API?

Thanks,
Tom

Hi Tom,

Although you’re eventual aim is to use PDS FHIR API, you’re current query relates to API Platform. As such, I have swapped the category from PDS to API Platform.

This should help resolve your query faster.

is this not a scope thing?

response_type=code&scope=openid profile nationalrbacaccess email nhsperson associatedorgs nationalrbacaccess selectedrole

using dev or int I get

Hi,

Thanks for the help.

Which API call are you the scope in and are you putting it as a header or parameter?

I’ve tried putting that text in all of the API calls but I still can’t get it to bring back more than my original screenshot.

Thanks,
Tom

it will be the intial request that you make

https://am.nhsdev.auth-ptl.cis2.spineservices.nhs.uk/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare/authorize?response_type=code&scope=openid profile nationalrbacaccess email nhsperson associatedorgs nationalrbacaccess selectedrole&client_id=xxxxx.apps.supplier&redirect_uri=https://xxxx/oauth2/authresp&prompt=login

Thank you for the help.

It was because I was using the incorrect test patient.

1 Like