Getting access to Auth and testing your service

HMPPS Auth has three environments:

Prod - this is the environment your users will access your live service in. Access to production is restricted as it includes real data about people in prison.
Preprod - this environment is a copy of the prod environment. Every two weeks preprod will be overwritten to match the prod environment.
Dev (T3) - this environment is for testing and does not include any real data about people in prison.

We have put together diagrams below to provide information about tokens in HMPPS Auth. It should help explain the types of tokens which need to be requested from the DPS Tech Team.
We have covered a number of scenarios which describe typical shape of applications, their stack, interactions with Auth and other services.
There are a few concepts which influence the grant types to request:
User roles
- Roles which can be assigned to a user or an API
System roles
- Roles which should not be assigned to users and they are provided to systems for talking to other APIs. For example ROLE_COMMUNITY
Controlled roles
- Endpoints protected by roles which are controlled because they require additional approval before they can be added to a client credential. For example ROLE_GLOBAL_SEARCH

This section does not discuss how to appropriately protect your endpoints with roles.

When your services makes calls to services which are authenticated with user roles. You can use grant type of Authorization Code

When your API makes calls to services which are authenticated with system or controlled roles.

When both your frontend and API make calls to services which are authenticated with system or controlled roles.

Content coming soon.

Content coming soon.

_{This page was last reviewed on 04-Sep-2024, next review will be on 04-Dec-2024.}