I see that CIS specifically mentions Cognito, Okta, Auth0. Is there similar guidance for NHS Login? It supports OIDC so I am imagining it works with the likes of Auth0, Clerk, etc.
Can anyone vouch for this?
Are there any quirks to be aware of?
Yes, you’d be able to integrate NHS login as an external IdP in those systems. Challenges can be:
- /token client auth uses private_key_jwt method
- Signing needs RS512 - this wasn’t available on AzureAD B2C
Other than that, should be pretty straightforward
1 Like
Thanks …
Following some further investigation, it does seem the way the NHS is handling things goes outside the norms of what these sort of services support.
Not least it is next to impossible to support the UI/UX that the NHS wants without rolling some custom code (or perhaps some hackery).
Our intention is to look at hosting some middleware of our own to handle the NHS login interaction, before we hand off to clerk.