Skip to content

Commit

Permalink
adds Phil's suggestions
Browse files Browse the repository at this point in the history
  • Loading branch information
PippaClarkGDS committed Feb 14, 2025
1 parent 4d90ae9 commit 10ea2bd
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion source/before-integrating/choose-which-user-attributes-your-service-can-request.html.md.erb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Choose which user attributes your service can request
weight: 4
last_reviewed_on: 2024-07-09
last_reviewed_on: 2025-02-12
review_in: 6 months
---

Expand Down
2 changes: 1 addition & 1 deletion source/before-integrating/register-and-manage-your-service.html.md.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ Whoever registers the service will have the entry tied to their email address. I
| Landing Page URL | It's not possible to configure this yet.<br><br>Send an email to [[email protected]](mailto:[email protected]) if you need to configure this. |
| Sector identifier URI | Specify your service's sector identifier.<br><br>You must not change the sector identifier once your service has started to sign up or migrate users. Doing this will change the subject identifiers GOV.UK One Login creates for each individual user.<br><br>There’s further [guidance on choosing your sector identifier][integrate.choose-sector-id].<br><br>If your service has more than one <code>redirect_uri</code>, you must set the sector identifier in line with the [OpenID Connect Core 1.0 specification][external.oidc-connect-core-pairwise-algorithm]]. |
| Scopes | Enter the scopes your service requires. You must include the <code>openid</code> scope.<br><br>You may choose one or more of the following:<br><br><li><code>email</code><br><br><li><code>phone</code><br><br><br>There’s further [guidance on choosing which user attributes your service can request][integrate.choose-request-scope]. |
| Claims | If you’re requesting identity verification, you must include <code>https://vocab.account.gov.uk/v1/coreIdentityJWT</code>. We recommend also including <code>https://vocab.account.gov.uk/v1/returnCode</code> to make your error handling more clear. There's further [guidance on return codes](https://docs.sign-in.service.gov.uk/integrate-with-integration-environment/prove-users-identity/#understand-your-user-s-return-code-claim). In addition, you can choose one or more of the following:<br><br><li><code>https://vocab.account.gov.uk/v1/passport</code><br><br><li><code>https://vocab.account.gov.uk/v1/drivingPermit</code><br><br><li><code>https://vocab.account.gov.uk/v1/coreIdentityJWT</code><br><br><li><code>https://vocab.account.gov.uk/v1/address</code><br><br>There's further guidance on [choosing which claims your service can request][integrate.choose-request-claim]. |
| Claims | If you’re requesting identity verification, you must include <code>https://vocab.account.gov.uk/v1/coreIdentityJWT</code>. We recommend also including <code>https://vocab.account.gov.uk/v1/returnCode</code> to make your error handling more clear. There's further [guidance on return codes](https://docs.sign-in.service.gov.uk/integrate-with-integration-environment/prove-users-identity/#understand-your-user-s-return-code-claim). In addition, you can choose one or more of the following:<br><br><li><code>https://vocab.account.gov.uk/v1/passport</code><br><br><li><code>https://vocab.account.gov.uk/v1/drivingPermit</code><br><br><li><code>https://vocab.account.gov.uk/v1/address</code><br><br>There's further guidance on [choosing which claims your service can request][integrate.choose-request-claim]. |
| Token Authentication method | Specify the token authentication method your service is using. This will be <code>private_key_jwt</code> or <code>client_secret_post</code>.<br><br>There’s further [guidance on using the correct token authentication method for your service][integrate.use-correct-token-auth-method]. |
| Public key | Only include this if your service is using the <code>private_key_jwt</code> token authentication method.<br><br>Enter the contents of your public key Privacy Enhanced Mail (PEM) file (or whichever file was created when you created your key pair).<br><br>There’s further [guidance on generating a key pair][integrate.generate-key-pair]. |
| ID token signing algorithm | Choose either <code>RS256</code> or <code>ES256</code>.<br><br>By default, GOV.UK One Login will sign the <code>id_token</code> JSON Web Token (JWT) using the <code>ES256</code> algorithm but some third party tooling does not support <code>ES256</code>. If your service needs an alternative algorithm, we can sign your `id_token` JWT using the `RS256` algorithm
Expand Down
4 changes: 2 additions & 2 deletions source/integrate-with-integration-environment/authenticate-your-user.html.md.erb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Authenticate your user
weight: 5.5
last_reviewed_on: 2024-07-09
last_reviewed_on: 2025-02-12
review_in: 6 months
---

Expand Down Expand Up @@ -94,7 +94,7 @@ After you’ve made a request for authentication and identity, you should then c
"https://vocab.account.gov.uk/v1/coreIdentityJWT": null,
"https://vocab.account.gov.uk/v1/address": null,
"https://vocab.account.gov.uk/v1/passport": null,
"https://vocab.account.gov.uk/v1/drivingPermit": null
"https://vocab.account.gov.uk/v1/drivingPermit": null,
"https://vocab.account.gov.uk/v1/returnCode": null
}
}
Expand Down
2 changes: 1 addition & 1 deletion source/partials/_authorize-errors.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@
| `unsupported_response_type` | Your service is not registered for the requested `response_type`. <br>You must set the `response_type` to be code: `response_type=code`. |
| `server_error` | The GOV.UK One Login authentication server has experienced an internal server error. |
| `temporarily_unavailable` | If you're only making an authentication request (as opposed to requesting both authentication and identity), this error code means the GOV.UK One Login authentication server is temporarily unavailable, which might be caused by temporary overloading or planned maintenance. <br>Make your request again in a few minutes. <br> <br> If you're making an identity request and you get this error, it means the identity proving and verification does not currently have capacity for this request. |
| `access_denied` | GOV.UK One Login returns this error in 2 scenarios.<br><br>The first scenario is that the session in the user’s browser is unavailable. This can happen when your user’s cookies have been lost or your user changed browsers during the identity verification process. You'll need to [make another authentication and identity request](https://docs.sign-in.service.gov.uk/integrate-with-integration-environment/authenticate-your-user/#make-a-request-for-authentication-and-identity). You must help your user try again, for example going back to the start of your authentication and identity verification process. <br><br>The second scenario is that the identity evidence your user provided has a lower score than the identity confidence specified in your request. As a result, GOV.UK One Login could not return the medium level of identity confidence (`P2`) and instead returned a lower level of identity confidence.<br><br> If you’re using return codes, you will not receive an error for this scenario. Find more information on [understanding the return codes claim](/integrate-with-integration-environment/prove-users-identity/#understand-your-user-s-return-code-claim).<br><br> |
| `access_denied` | GOV.UK One Login returns this error in 2 scenarios.<br><br>The first scenario is that the session in the user’s browser is unavailable. This can happen when your user’s cookies have been lost or your user changed browsers during the identity verification process. You should then [make another authentication and identity request](https://docs.sign-in.service.gov.uk/integrate-with-integration-environment/authenticate-your-user/#make-a-request-for-authentication-and-identity). You must help your user try again, for example going back to the start of your authentication and identity verification process. <br><br>The second scenario is that the identity evidence your user provided has a lower score than the identity confidence specified in your request. As a result, GOV.UK One Login could not return the medium level of identity confidence (`P2`) and instead returned a lower level of identity confidence.<br><br> If you’re using return codes, you will not receive an error for this scenario. Find more information on [understanding the return codes claim](/integrate-with-integration-environment/prove-users-identity/#understand-your-user-s-return-code-claim).<br><br> |

0 comments on commit 10ea2bd

Please sign in to comment.