Skip to main content

Get an identity - Get an Identity Technical Spikes Summary

July 2022

This is a summary of the technical spikes we undertook when considering the technical architecure and application technology and software design of the "Get an Identity" service.

ADR's

We have used ADR (Architecture Decision Record) templates to record our technical architecture decisions arising from the spikes mentioned in this summary.

Our ADR's to date

Early tech spike

Questions we were trying to answer:

  • Do we need to custom build anything?
  • How do we (and when) can we integrate to Gov Sign ?

The answers being, "yes" we need to build something and "yes" we can successfully integrate a dummy service. Details and justifications can be found in the relevant ADR's and by running the Gov Sign OIDC Proof of Concept application.

Tech spikes related to building our own Auth Server.

Given our descision to underpin "Get an Identity" service by building an authentication server using OIDC/OAUTH protocols we wanted to test some hypothesis that we had started to create:

Initial findings

While the spike to build “Get an identity” as a Single Sign-on (SSO) provider based on OAuth v2.0 and OpenID Connect was successful, it uncovered a number of significant risks to taking this approach. Full write up can be found in the tech spikes write up folder

Based on the risks identified in the first spike we initiated another spike to test if switching the auth server technology would provide sufficient mitigation to the risks we found.

Conclusions and ADR's

We found that we could build our test application much more easily using .Net. The OpenIddict library provided the functionality we required with very little effort. It was clear that the libraries are actively maintained. We also managed to test that we could support the interaction design history for our first service integration. Full write up can be found in the tech spikes write up folder.

We therefore made the decision to continue to base the technical architecture of "Get an Identity" on an OAUth/OIDC server pattern and to use .Net C#.