diff --git a/src/example-no-consent-content-nhs-app-browser.md b/src/example-no-consent-content-nhs-app-browser.md new file mode 100644 index 0000000..9e8cf51 --- /dev/null +++ b/src/example-no-consent-content-nhs-app-browser.md @@ -0,0 +1,15 @@ +--- +layout: base-example.njk +title: NHS login button for NHS services that use the Design System +--- + +

You cannot continue without sharing your information

+ +

The service provider needs your NHS login information to verify your identity.

+ +

If you need medical help, go to 111.nhs.uk or call 111 or your GP.

+ +

Call 999 if it's a life-threatening emergency.

+ +

Close this tab to go back to NHS App.

+ diff --git a/src/images/Guidance-example-no-consent-nhs-app.png b/src/images/Guidance-example-no-consent-nhs-app.png new file mode 100644 index 0000000..863687b Binary files /dev/null and b/src/images/Guidance-example-no-consent-nhs-app.png differ diff --git a/src/images/Guidance-example-wayfinder.png b/src/images/Guidance-example-wayfinder.png deleted file mode 100644 index e51121b..0000000 Binary files a/src/images/Guidance-example-wayfinder.png and /dev/null differ diff --git a/src/images/Guidance-userjourney-consent.png b/src/images/Guidance-userjourney-consent.png deleted file mode 100644 index 40d0a17..0000000 Binary files a/src/images/Guidance-userjourney-consent.png and /dev/null differ diff --git a/src/images/Guidance-userjourney-no-consent.png b/src/images/Guidance-userjourney-no-consent.png new file mode 100644 index 0000000..7da38f8 Binary files /dev/null and b/src/images/Guidance-userjourney-no-consent.png differ diff --git a/src/no-consent-guidance.md b/src/no-consent-guidance.md index 0026626..c65056e 100644 --- a/src/no-consent-guidance.md +++ b/src/no-consent-guidance.md @@ -9,11 +9,11 @@ title: Sharing a user's NHS login information with your service ---

User journey asking users to share their NHS login information

- + Open this user journey flow in new window
- Diagram showing the flow that a user goes down from selecting the NHS button to being authorised by NHS login and back to the partner service. + Diagram showing the flow that a user goes down when they do not agree to share their NHS login information with your service

We ask users to agree to share their NHS login information with your service when:

@@ -32,13 +32,13 @@ title: Sharing a user's NHS login information with your service

If a user does not agree to share their NHS login information, they can go back from the confirmation screen to amend their decision. They can then continue to your service.

If the user still does not agree to share their NHS login information, they are redirected to your service without passing an ID token or authorisation code.

-

Their information is not passed to your service, and you need to display a no-consent error screen.

+

Their information is not passed to your service, and you need to display a 'no-consent error screen'.

How the user is able to continue to your website or app depends on how you handle them. For example, you may have a guest process or alternative authentication journey.

The suggested content on the no-consent error screen differs, depending on the category of service that you belong to:

@@ -55,45 +55,46 @@ title: Sharing a user's NHS login information with your service

There are three different types of implementation of the no-consent error screen. The guidance most suitable for you will depend on what type of service you are.

-

- Services that use Wayfinder +

+ Services that use NHS App

-

Use this version of the no-consent error screen content guidance if your website or app uses Wayfinder.

- +

Use this version of the no-consent error screen content guidance if your website or app uses NHS App or Wayfinder in either the browser or the mobile application.

+ Open this example in new window
- Example of NHS login button alongside other log in or register options + Examples of the mobile app and browser 'no-consent error screen' content for services that use NHS App
- View the no-consent error screen content guidance for services that use Wayfinder + View the no-consent error screen content guidance for services that use NHS App
@@ -101,20 +102,74 @@ title: Sharing a user's NHS login information with your service
  • This version of the no-consent error screen refers to your service as 'The service provider'. This should remain unchanged. Do not use the name of your service as it may not make sense to the user in their journey.
    • -
  • To align with other services that use Wayfinder, only use the content provided and do not change it.
    • +
  • To align with other services that use NHS App, only use the content provided and do not change it.
  • To minimise clinical risk, make sure all anchor tags to emergency services are operational and implemented as suggested.
    • -
  • You can use your service font, headers, footers and styling on this page, but it must follow our styling suggestions.
    • +
  • You can use your service font, headers, footers and styling on this screen, but it must follow our styling guidelines.

How to display content for the no-consent error screen

-

Here is an example of the Wayfinder no-consent error page. You can copy the content and code by selecting the HTML tab below this diagram.

+

Here are two examples of the NHS App no-consent error screen. You can copy the content and code by selecting the HTML tab below each diagram.

You will need to apply your own CSS to the code. You should not add any other content to this screen.

+

The version of copy your service will use depends on whether your service:

+ +

Services that use NHS App in the broswer

+ + Open this example in new window + +
+ +
+
+ +
+ +
+
+
+ Copy code + 
<h1>You cannot continue without sharing your information </h1>
+<p>The service provider needs your NHS login information to verify your identity.</p>
+<p>If you need medical help, go to <a href="https://111.nhs.uk/">111.nhs.uk</a> or call<a href="tel:111">111</a> or your GP.</p>
+<p>Call <a href="tel:999">999</a> if it's a life-threatening emergency.</p> 
+<p>Close this tab to go back to NHS App.</p>
+
+
+ + Close + +
+
+
+
+ +Behaviour of the back button in the browser +

When a user selects the back button in the browser, the preferred action for your service's no-consent error screen is to reload.

+

Current guidance instructs the user to close your service's no-consent error screen tab to return to the NHS App in the browser. +

+

Do not add your own back button to this page.

+ +

Services that use NHS App in the mobile application

+ +
Open this example in new window
- +
    @@ -148,26 +203,20 @@ This should remain unchanged. Do not use the name of your service as it may not
-Styling suggestions +Behaviour of the back navigation in the NHS App (mobile application only) +

A user can return to previous point in their journey in the NHS App by using the native back link.

+ + +Styling guidelines
  • heading font size should be no smaller than 20px.
  • body copy should be no smaller than 16px.
  • hyperlink emergency contact numbers as advised.
-The functionality of the back navigation in the NHS App -

Depending on where they came from, a user can return to a previous point in their journey in the NHS App by using the native back link.

-

The two places from which the user may have entered into the journey are the: -

-
    -
  • message hub
    • -
  • appointment aggregator screen
    • -
-

Rather than returning to the consent screen, a user will return to a point this early in the journey, because their ID token or authorisation code were not passed to your service in the no-consent flow.

-
Contact information: -

For any queries about how the back navigation in the NHS App will work with your service, email app.integration@nhs.net.

+

For any queries about how NHS App will work with your service, email app.integration@nhs.net.

@@ -272,7 +321,7 @@ This should remain unchanged. Do not use the name of your service as it may not
- Example of NHS login button alongside other log in or register options + Example of the no-consent error screen content for all other services
@@ -287,11 +336,11 @@ This should remain unchanged. Do not use the name of your service as it may not
  • In this version we recommend that you insert the name of your service in the [Service name] placeholder.
  • The "dynamic content" placeholder text indicates variable text where you may insert your own copy.
  • To minimise clinical risk, make sure all anchor tags to emergency services are operational and implemented as suggested.
    • -
  • You can use your service font, headers, footers and styling on this page, but it must follow our styling suggestions.
    • +
  • You can use your service font, headers, footers and styling on this screen, but it must follow our styling guidelines.

    • How to display content for the no-consent error screen

    -

    Here is an example of the no-consent error page. You can copy the content and code by selecting the HTML tab below this diagram.

    +

    Here is an example of the no-consent error screen. You can copy the content and code by selecting the HTML tab below this diagram.

    You will need to apply your own CSS to the code.

    @@ -333,7 +382,7 @@ This should remain unchanged. Do not use the name of your service as it may not
    -Styling suggestions +Styling guidelines Dynamic content suggestions -

    Only add your own content when you have information that might be of value to the user to either navigate away from the no-consent error page, or to correct any errors. For example, a contact email or number.

    +

    Only add your own content when you have information that might be of value to the user to either navigate away from the no-consent error screen, or to correct any errors. For example, a contact email or number.

    -

    Contact us if you are unsure which version of the no-consent content guidance is right for your service.

    +

    Contact us if you are unsure which version of the no-consent error screen content guidance is right for your service.