work

govuk-one-login · Jan 27, 2025 · 30f97b7 · 30f97b7
1 parent 52d6b5c
commit 30f97b7
Show file tree

Hide file tree

Showing 8 changed files with 59 additions and 20 deletions.
diff --git a/...-login-exchange-platform/about-one-login-signal-exchange-platform-works/index.html.md.erb b/...-login-exchange-platform/about-one-login-signal-exchange-platform-works/index.html.md.erb
@@ -9,15 +9,15 @@ layout: shared_signals_outbound
 
 # How the GOV.UK One Login Signal Exchange platform Works 
 
-When a user is redirected from your service to GOV.UK One Login, One Login will record the users activity during the users interaction with GOV.UK One Login. As the user interacts with One Login, certain activities will trigger different signals which the GOV.UK One Login Transmitter may send programatically to your receiver using a `POST` request.
+When a user is redirected from your service to GOV.UK One Login, One Login will record the users activity during their interaction with GOV.UK One Login. As the user interacts with One Login, certain activities will trigger different signals which the GOV.UK One Login Transmitter may send programatically to your receiver using a `POST` request.
 
 The signals will be sent asynchronously and independant to the One Login authentication flow.
 
 <%= image_tag "signal-exhange-overview.svg", { :alt => '' } %>
 
 ## What kind of events can you receive
 
-GOV.UK Signals exchange platform uses [Shared Signals Events Framework][external.ssf-framework] (SSE) to send user related activity. Events that are supported by GOV.UK One Login are
+GOV.UK One Login Signals Exchange Platform uses the [Shared Signals Events Framework][external.ssf-framework] (SSE) to send user related activity. Events that are supported by the platform are
 
 * Specific to users interacting with GOV.UK One Login with your service
 * Events related to the user but not to an interaction with your service.

diff --git a/...gin-exchange-platform/integrating-with-signal-exchange-platform/configuration.html.md.erb b/...gin-exchange-platform/integrating-with-signal-exchange-platform/configuration.html.md.erb
@@ -0,0 +1,35 @@
+---
+title: View Your configuration
+weight: 4
+last_reviewed_on: 2024-04-10
+review_in: 6 months
+hide_in_navigation: false
+layout: shared_signals_outbound
+---
+
+# View Your configuration
+
+The GOV.UK One Login Signals Exchange Platform Transmitter API uses the [Stream endpoint Endpoint][external.ssfOut-stream-read-endpoint] as a way to view the configuration of the integration.
+
+In order to view your configuration, you must first authenticate against the GOV.UK One Login Transmitter OAuth token endpoint:
+
+<%= partial "partials/ssf_out_transmitter-token-endpoint" %>
+
+Once you've obtained an `ACCESS_TOKEN`, you can make the following request to view your configuration 
+
+```bash
+curl --request POST \
+  --url STREAM_ENDPOINT \
+  --header 'Authorization: Bearer ACCESS_TOKEN' \
+  --header 'Content-Type: application/json' \
+```
+
+Below are the stream endpoints for our 
+
+- [Integration][external.ssfOut-stream-endpoint-int] Environment
+- [Production][external.ssfOut-stream-endpoint-prod] Environment
+
+Once you have managed to view your configuration, you can then begin testing in the GOV.UK One Login [integration evironment][link to testing in integration]
+
+
+<%= partial "partials/links" %>
diff --git a/.../one-login-exchange-platform/integrating-with-signal-exchange-platform/health.html.md.erb b/.../one-login-exchange-platform/integrating-with-signal-exchange-platform/health.html.md.erb
@@ -9,7 +9,7 @@ layout: shared_signals_outbound
 
 # Perform a Health sheck
 
-The health check uses the [Verification Endpoint][external.ssfOut-verfication-endpoint] as a way to confirm the connection between the GOV.UK One Login Transmitter and your receiver as well as test your [receiver][ssfOut.receiver].
+The health check uses the [Verification Endpoint][external.ssfOut-verfication-endpoint] as a way to confirm the connection between the GOV.UK One Login Transmitter and your receiver as well as a way to test your [receiver][ssfOut.receiver].
 
 In order to send a health check, you must first authenticate against the GOV.UK One Login Transmitter OAuth token endpoint:
 
@@ -21,11 +21,11 @@ Once you've obtained an `ACCESS_TOKEN` you can then send a `POST` request to the
 curl --request POST \
   --url VERIFIFCATION_ENDPOINT \
   --header 'Authorization: Bearer ACCESS_TOKEN' \
-  --header 'content-type: application/json' \
+  --header 'Content-Type: application/json' \
   --data PAYLOAD
 ```
 
-Where `PAYLOAD` is the following JSON converted to a JSON string:
+Where the **optional** `PAYLOAD` field is the following JSON object converted to a JSON string:
 
 ```json
 {
@@ -39,7 +39,7 @@ Below are the verfication endpoints for our
 - [Production][external.ssfOut-verify-endpoint-prod] Environment
 
 
-Once the request is made, the value of `state` will be included in the verification signal to your receiver endpoint. The value of `state` must be 
+Once the request is made, the value of `state` will be included in the verification signal to your receiver endpoint if supplied. The value of `state` must be 
 
 * Any alphanumeric character
 * Maximum length of 64 characters

diff --git a/...e/one-login-exchange-platform/integrating-with-signal-exchange-platform/index.html.md.erb b/...e/one-login-exchange-platform/integrating-with-signal-exchange-platform/index.html.md.erb
@@ -9,7 +9,7 @@ layout: shared_signals_outbound
 
 # Integrating with One Login Signal Exchange Platform
 
-Before integrating with OneLogin, there are several [services][ssfOut.before-you-integrate] that need to be built. 
+Before integrating with the One Login Signal Exchange Platform, there are several [services][ssfOut.before-you-integrate] that need to be built. 
 
 To get started, first setup an [OAuth2 Service][ssfOut.oauth2]
 <%= partial "partials/links" %>
diff --git a/...e/one-login-exchange-platform/integrating-with-signal-exchange-platform/oauth.html.md.erb b/...e/one-login-exchange-platform/integrating-with-signal-exchange-platform/oauth.html.md.erb
@@ -9,14 +9,14 @@ layout: shared_signals_outbound
 
 # OAuth Token Endpoint
 
-GOV.UK One Login Signal Exchange platform uses the [OAuth2 Client Credentials Flow][external.oauth-client-credentials-flow] to authenticate between One Login and your service when sending events.
+GOV.UK One Login Signal Exchange platform uses the [OAuth2 Client Credentials Grant][external.oauth-client-credentials-flow] to authenticate between One Login and your service when sending events.
 
 GOV.UK One Login Transmitter will initiate the client credentials flow by making this API request  
 
 ```bash
 curl --request POST \
   --url https://YOUR.SERVICE.gov.uk/oauth2/token \
-  --header 'content-type: application/x-www-form-urlencoded' \
+  --header 'Content-Type: application/x-www-form-urlencoded' \
   --data client_id=CLIENT_ID \
   --data client_secret=CLIENT_SECRET \
   --data grant_type=client_credentials
@@ -37,7 +37,7 @@ The expected response should look like the following
 There are certain assumptions that we make about your endpoint. These are
 
 * Validity of `access_token`
-    * GOV.UK must be able to request a new token without invalidating previously issued tokens
+    * GOV.UK One Login Transmitter must be able to request a new token without invalidating previously issued tokens
     * The token must be valid for a minimum of 1 hour
 * Throughput
     * The `/token` endpoint will need to be able to support a [high throughput][ssfOut.event-delivery]

diff --git a/...ne-login-exchange-platform/integrating-with-signal-exchange-platform/receiver.html.md.erb b/...ne-login-exchange-platform/integrating-with-signal-exchange-platform/receiver.html.md.erb
@@ -9,20 +9,20 @@ layout: shared_signals_outbound
 
 # Receiver Endpoint
 
-The receiver endpoint is where the GOV.UK One Login Transmitter will send signals realated to user activity. 
+The receiver endpoint is where the GOV.UK One Login Transmitter will send signals related to user activity. 
 
 After obtaining an `ACCESS_TOKEN` from the [OAuth Token Endpoint][ssfOut.oauth2], the transmitter will make the following request when attempting to send the signal
 
 ```bash
 curl --request POST \
   --url https://your.service.gov.uk/receiver \
-  --header 'accept: application/json' \
-  --header 'authorization: Bearer ACCESS_TOKEN' \
-  --header 'content-type: application/secevent+jwt' \
+  --header 'Accept: application/json' \
+  --header 'Authorization: Bearer ACCESS_TOKEN' \
+  --header 'Content-Type: application/secevent+jwt' \
   --data SIGNAL
 ```
 
-The payload is a [Security Event Token][external.security-event-token] (SET) which builds upon the JSON Web Token (JWT) [format][external.jwt-rfc] and can be decoded as a regular JWT. You must return a `HTTP 202 (Accepted)` within 5 seconds of the `POST` request. Any other responses will be treated as an error and will be attempted to be [delivered again][ssfOut.event-delivery]
+The `SIGNAL` is a [Security Event Token][external.security-event-token] (SET) which builds upon the JSON Web Token (JWT) [format][external.jwt-rfc] and can be decoded as a regular JWT. You must return a `HTTP 202 (Accepted)` within 5 seconds of the `POST` request. Any other responses will be treated as an error and will be attempted to be [delivered again][ssfOut.event-delivery]
 
 ## Signature Verfication
 
@@ -50,11 +50,11 @@ As we may send SETs at a [high throughput][ssfOut.event-delivery], you must impl
 
 A single user interaction with GOV.UK One Login may generate several events therfore it is important that you configure your receiver endpoint be setup to support a high throughput. We recommend that your receiver endpoint is setup to support a minimum of 100 signals per second. 
 
-The GOV.UK One Login Signal Exchange Platform will work with you identify the expected delivery rate of signals based on a number of factors. These factors include
+The GOV.UK One Login Signal Exchange Platform will work with you identify the expected delivery rate of signals based on a number of factors, as well as implement rate limiting to prevent your infrastructure from being overwhelmed with signals. These factors include
 
 * Your expected throughput of users attempting to use GOV.UK One Login
 * Events that you have subscribed to
-* If you are strictly an Auth only service or if you are using Identity Proofing and Verification Service
+* If you are strictly an Auth only service or if you are a Identity Proofing and Verification Service
 
 <%= warning_text('You must not conduct any security testing, penetration testing, performance testing, or IT health checks of the GDS estate. You must also not use personal identifiable information (PII) – GOV.UK One Login will provide example data.') %>
 
@@ -65,9 +65,11 @@ You should also assume that the GOV.UK One Login Transmitter *may* deliver:
 * events out of order
 * duplicate events
 
+GOV.UK One Login Transmitter will make a best effort attempt to ensure that events are delivered in order and that there is no duplicate.
+
 ### Transmitter Error Handling
 
-If the transmitter receives any response other than `HTTP 202 (Accepted)`, then it is considered an error. The transmitter may attempt redelivery every 30 seconds upto 5 times. After the 5th attempt, the failed signals may be kept for upto 14 days before they are discarded. The failed signals can be redelivered upon request.
+If the transmitter receives any response other than `HTTP 202 (Accepted)`, then it is considered an error. The transmitter may attempt redelivery every 30 seconds upto 5 times. After the 5th attempt, the failed signals may be kept for upto 14 days before they are discarded. The failed signals may be redelivered upon request.
 
 Once you have setup your transmitter, you may test the integration by either
 

diff --git a/source/partials/_links.erb b/source/partials/_links.erb
@@ -27,6 +27,8 @@
 [external.ssfOut-jwks-endpoint-prod]: https://shared-signals-transmitter.transaction.account.gov.uk/jwks.json
 [external.ssfOut-verify-endpoint-int]: https://ssf-transmitter.transaction.integration.account.gov.uk/stream
 [external.ssfOut-verify-endpoint-prod]: https://shared-signals-transmitter.transaction.account.gov.uk/stream
+[external.ssfOut-stream-endpoint-int]: https://ssf-transmitter.transaction.integration.account.gov.uk/stream
+[external.ssfOut-stream-endpoint-prod]: https://shared-signals-transmitter.transaction.account.gov.uk/stream
 [external.ssfOut-token-endpoint-int]: https://auth.ssf-transmitter.transaction.integration.account.gov.uk/oauth2/token
 [external.ssfOut-token-endpoint-prod]: https://auth.shared-signals-transmitter.transaction.account.gov.uk/oauth2/token
 

diff --git a/source/partials/_ssf_out_transmitter-token-endpoint.erb b/source/partials/_ssf_out_transmitter-token-endpoint.erb
@@ -1,7 +1,7 @@
 ```bash
 curl --request POST \
   --url TOKEN ENDPOINT \
-  --header 'content-type: application/x-www-form-urlencoded' \
+  --header 'Content-Type: application/x-www-form-urlencoded' \
   --data client_id=CLIENT_ID \
   --data client_secret=CLIENT_SECRET \
   --data grant_type=client_credentials
@@ -10,7 +10,7 @@ Where
 
 * `CLIENT_ID`: The `CLIENT_ID` supplied to you [before you integrate][ssfOut.before-you-integrate]
 * `CLIENT_SECRET`: The `CLIENT_SECRET` supplied to you [before you integrate][ssfOut.before-you-integrate]
-* `ENDPOINT`: The token endpoint of Transmitter API. Below are the token endpoints for out
+* `ENDPOINT`: The token endpoint of Transmitter API. Below are the token endpoints for our
   * [Integration Environment][external.ssfOut-token-endpoint-int]
   * [Production Environment][external.ssfOut-token-endpoint-prod]