The Authorization endpoint

The Authorization endpoint is available at the path /connect/authorize relative to the authority. For instance, the Authorization endpoint in the test environment will look like this:

https://helseid-sts.test.nhn.no/connect/authorize

This endpoint and its use is described here.

The Authorization endpoint performs authentication of the user. This is done by using a web browser and send it to the Authorization endpoint in HelseID. HelseID will then authenticate the user by inspecting the parameters that was sent to the endpoint, and by sending the user to an IDP of choice.

Using the PAR (Pushed Authorization Request) endpoint

For new Clients that wants to log on a user, the use of the PAR endpoint is is mandatory. This means that the only parameters that the Client should send in the request to the Authorization endpoint (via the Web browser), is

  • client_id: An identifier for the Client. You will receive this value from HelseID Selvbetjening.
  • request_uri: The request URI that was sent in the PAR endpoint response

No use of the PAR endpoint

If your client does not yet support PAR (Pushed Authorization Requests), the parameters described for the PAR endpoint must be used against the Authorize endpoint via the web browser. If you are using the request parameter, you will also need to apply the response_mode parameters with the value POST.