| Excerpt |
|---|
Description of how client application login to the eHealth Infrastructure. |
...
| Info |
|---|
Pay attention to the redirect URLs. The redirect URLs are the addresses where the client sends its users after they log in, log out, or refresh. These URLs must be approved, specific, and not contain wildcards (*), which could pose a security risk. Examples include the ' See Securing Applications and Services Guide (keycloak.org)). |
...
| Info |
|---|
Access Tokens and Refresh Tokens are so-called "opaque tokens" but maybe in JWT format. Client systems must not assume this and the format of AT and RT may change without notice. |
...
The list of system roles available with the currently selected context can be obtained by querying the AS using an HTTP GET with the current Access token at the path /auth/realms/ehealth/protocol/openid-connect/userinfo. The following shows an example request in the realm ehealth of eHealth for a clinical user:
User info
...
To end a session, use end_session_endpoint found in the openid-configuration of the environment (e.g.: openid-configuration)
Example:
...
You can redirect the browser to to /auth/realms/ehealth/protocol/openid-connect/logout?redirect_uri=encodedRedirectUri, which logs you out if you have an SSO session with your browser.
...