Upon client initiation of a an OIDC Authorization Code Flow for a citizen user, federation is performed as shown below. Citizen access to the eHealth Infrastructure goes through NemLogin.

...

NemLogin provides a set of SAML attributes in a SAML assertion which is used to identify the citizen. Other attributes are also part of the SAML attribute; they are however not currently used. The table below lists the current attributes that are delivered by NemLogin:

Citizen User Access Tokens

Citizens accessing the eHealth Infrastructure is are handled a bit differently from other users accessing the platform. A citizen does not carry a context of system roles and organisation. Instead, access is limited to Patient data about the citizen herself/himself.

Using the provided SAML attributes, the infrastructure searches for a Patient resource that corresponds to the citizen. If found, the infrastructure automatically sets the Patient context in the access token and the user_id is set to the Patient resource reference. The citizen cannot switch context and can access only Patient data being scoped to that Patient context.

In case no Patient is found, the access token user_id is set to a UUID instead of a Patient resource reference. This design ensures that federated NemLogin can be verified without blocking the citizen from accessing the platform. When no Patient is found, the citizen is accessing the infrastructure prior to before having been enrolled (created as a Patient) by an employee through https://docs.ehealth.sundhed.dk/latest-released/igfhir/OperationDefinition-ehealth-patient-create.html .

...