GOV.UK One Login
GOV.UK One Login is the way for government services to:
- sign in their users
- prove their users’ identity
This technical documentation gives you information on how to:
- plan the functionality your service needs
- register your service with GOV.UK One Login
- integrate with GOV.UK One Login to authenticate users and prove their identity
- configure your service for production
You can read further documentation about how GOV.UK One Login works.
Contact us if you have any questions on our #govuk-one-login Slack channel.
Documentation updates
These are the most recent changes to this documentation.
| Publication date | Update |
|---|---|
| Sep 6 2024 | Updates guidance “Use the production discovery endpoint” to add the production discovery endpoint. |
| Aug 21 2024 | Updates guidance “Configure your service for production” to add information about how to configure your service for production. |
| Aug 20 2024 | Updates guidance “Receive response for ‘Retrieve user information’” to add a table explaining more about the response from the /userinfo endpoint. |
| Jul 29 2024 | Updates guidance “Error handling for ‘Make a request to the /authorize endpoint” to update we now return HTTP 400 Bad Request errors for requests with incorrect parameters. |
| Jul 18 2024 | New guidance “Validate the core identity claim JWT using a public key”. Contains information about validating the core identity claim JWT using a public key, which GOV.UK One Login publishes in its Decentralized Identifier (DID) documents. |
| Jul 9 2024 | Removes the https://vocab.account.gov.uk/v1/socialSecurityRecord claim |
| Jul 4 2024 | New guidance “Integrating third-party platforms with GOV.UK One Login” which contains information about integrating with GOV.UK One Login using a third-party platform, and contains details about the client_secret_post token authentication method. |
| Jun 21 2024 | Updates guidance “Error handling for ‘Make a request to the /authorize endpoint” to clarify the {"message": "Internal server error"}HTTP 502 Bad gateway error. |
| Jun 18 2024 | Includes example data to help with building mocks: Access example data. |
| May 22 2024 | New guidance Using the integration environment for end-to-end testing to explain how to use the integration environment for end-to-end testing. |
| May 17 2024 | New guidance Build mocks to work with GOV.UK One Login to explain how to build mocks as a part of testing your service. |
| May 2 2024 | New guidance Managing your users’ sessions to explain how to manage your users’ sessions and how to build a logout mechanism for your users. |
| Apr 9 2024 | Updates the technical flow diagram to document the use of the /logout endpoint. |
| Apr 3 2024 | New guidance Understand your user’s return code claim which gives information about any issues with the evidence your user provided to prove their identity. |
| Mar 25 2024 | Removes references to the refresh token and offline_access to simplify integration and the technical flow. |
| Feb 14 2024 | New guidance Choose your sector identifier to explain the use of the sector identifier with a worked example that shows the effect of choosing different sector identifiers. |
| Dec 22 2023 | Updates guidance on making a request to the /authorize endpoint. |
| Dec 21 2023 | New guidance Secure your authorisation request parameters with JWT using a JWT-secured OAuth 2.0 authorisation request (JAR) to improve the security of your integration and protect against tampering. |
| Oct 31 2023 | New guidance Before you integrate with GOV.UK One Login. |
This page was last reviewed on 3 April 2023.