How GOV.UK One Login works
GOV.UK One Login is an OpenID Connect (OIDC)-compliant service that helps you authenticate your users who are using services they’ve logged into with their GOV.UK One Login.
GOV.UK One Login uses 2 different environments:
- an integration environment, which contains sample users and data for you to test your service’s integration with GOV.UK One Login
- a production environment, which is the live environment for real users to access and use your service’s integration with GOV.UK One Login
Understand the flow GOV.UK One Login uses
- Your service asks the user to sign in or create an account.
- If your service needs confidence your user is who they say they are, GOV.UK One Login will request proof of identity.
- GOV.UK One Login collects evidence of the user’s identity.
- GOV.UK One Login provides information about your user.
You can read guidance about cookies on GOV.UK if you want to learn more about cookies.
To understand the technical flow, for example the endpoints, requests and tokens, there’s a more detailed technical diagram you can use.
Understand the technical flow GOV.UK One Login uses
- To make an authorisation request, your service sends the user to the
- The user logs in (or creates an account if they do not have one) and proves their identity if your service needs them to. GOV.UK One Login lets your user know how their data will be shared with your service.
- GOV.UK One Login returns an authorisation code to your service.
- Your service makes a token request to the
/tokenendpoint and includes the authorisation code in the request.
- Your service receives an ID token, an access token and a refresh token in the response.
- Your service makes a request to the
/userinfoendpoint to retrieve user information. You can read more about choosing which user attributes your service can request.
- Your service receives a response containing user attributes.