eHealth Ontario

ONE ID OpenID Connect Specification

The ONE ID OpenID Connect Specification is an open standard for token-based authentication (using OpenID protocols) and authorization (using OAuth 2.0 protocols) on the Internet.

At eHealth Ontario, OpenID Connect is used with the ONE ID Provincial Federation model to enable organizations to access EHR services containing information such as drug and immunization data. This access occurs through single sign-on (SSO) within the ONE ID Provincial Federation. SSO is the process where a user logs on once and is able to access a range of applications through multiple channels without having to log on again.

Scope

The ONE ID OpenID Connect Specification provides details regarding attributes and values required by the OpenID and OAuth 2.0 protocols to authenticate and authorize systems and users, thereby enabling access to the requested EHR services.

This specification provides application developers with step-by-step instructions to implement OpenID and OAuth 2.0 flows for integration with EHR services, including requirements for the HTTP requests and corresponding responses and tokens.

The current specification does not yet include the flows to enable organizations to join the ONE ID Provincial Federation as Identity Providers.

Status

This specification is for trial use and will go through a formal governance committee review and approval process.

Get Our Standards Package

Sign up and download the complete ONE ID OpenID Connect Specification Standard Package

This publication has been exempted from translation under the French Language Services Act as per O. Reg. 671/92. This publication is technical in nature and is available in English only due to its limited targeted audience.

Usage Agreement

The content of eHealth Ontario’s standards and specifications including but not limited to, information, materials and texts provided on this website is protected, by copyright law and international treaties.

This information has been posted with the intent that it be available and accessible for personal and non-commercial use. Reproduction of multiple copies of eHealth Ontario EHR interoperability standards and specifications content from our website, in whole or in part, for commercial use, resale or distribution is strictly prohibited except with the prior written permission of eHealth Ontario.

eHealth Ontario is committed to respecting your privacy and protecting your personal information. The handling of personal information by eHealth Ontario is governed by the Freedom of Information and Protection of Privacy Act (FIPPA). For more information, view our Privacy Statement.

Status

  • October 08, 2019

    Now available for public access

Back To Main Standards Page

Related Standards