Scopes and claims

Table of scopes and claims
Scope Claims included Low level (P0) Medium level (P5) High level (P9)
OpenID Connect requests: openid1 • Issuer identifier for the issuer of the response: iss
• Partner service identifier: aud
• Subject identifier for the user at the issuer: sub
Yes Yes Yes
User's default profile: profile • NHS number: nhs_number
• Surname: family_name
• Date of birth: birthdate
• Identity proofing level: identity_proofing_level
No Yes2 Yes
User's basic demographics: basic_demographics3 • Surname: family_name
• Date of birth: birthdate
• Identity proofing level: identity_proofing_level
No Yes Yes
User's additional demographic information: profile_extended • First name from PDS: given_name No Yes Yes
Email address: email • Email address: email
• Verified email address: email_verified
Yes Yes Yes
Phone number: phone • Phone number: phone_number
• Verified phone number: phone_number_verified
• Phone number matched to PDS: phone_number_pds_matched4
Yes Yes Yes
Landline number: landline • Landline number: landline_number
• Verified landline number: landline_number_verified
Yes Yes Yes
GP registration details: gp_registration_details5 • ODS code: gp_ods_code No Yes Yes
GP surgery information: gp_integration_credentials • Linkage key: gp_linkage_key
• ODS code: gp_ods_code
• Account ID: gp_user_id
No No Yes6
Client specific metadata for the user account: client_metadata7 • Client user metadata: client_user_metadata Yes Yes Yes


  1. The OpenID scope is a mandatory requirement for all partners.
  2. NHS number is part of a user’s claimed identity. The user must not be given or presented with the NHS number which has been traced by NHS login. NHS login must have a clear understanding of the use case of the NHS number, and will confirm that the use of this is within the tolerance level of the NHS login service.
  3. User basic demographics and default profile scopes are mutually exclusive. Both cannot be requested together.
  4. This claim will be true if the phone used for 2FA matches a contact number on PDS.
  5. This scope is not required if the gp_integration_credentials scope is requested.
  6. Available only to NHS England IM1 enabled partners and partners connected to IM1 via an approved third party supplier. This does not include GP suppliers’ own Patient Facing Services (PFS) API. The scope is protected by a high level of authentication.
  7. This is a bespoke scope which should only be selected once agreed by NHS login.

These are not available as claims for NHS login:

  • User's gender or sex
  • User's post code
  • User's address

Scopes and claims perform differently for partners supporting multiple levels of user identity verification and step-up journeys between the different levels of verification. Contact the NHS login onboarding team for more information.

Please refer to the external interface specification Section and Section for further technical details.

Edit this page on GitHub