Examples have been provided for both creating the ID token that will be used when accessing eMed URLs by iframe, as well as how to embed our iframe journeys for best results.
Authentication #
This Node.js code snippet generates an ID token for a patient:
/**
* This is an example script which signs and generates an 'ID token' for a user.
* An 'ID Token' is a JWT that has been signed and encrypted (using 'Nested JWT') and contains patient details
* It requires the following files to be present in the `./keys` directory:
* - client-private.pem: The partner's private key for signing the JWT token
* - emed-public.pem: eMed's public key for encrypting the JWT token
*/
const { JWK, JWE, JWS } = require("node-jose");
const fs = require("fs");
const path = require("path");
const getKey = async (owner, type) => {
const filepath = `./keys/${owner}-${type}.pem`;
const keyInput = fs.readFileSync(path.resolve(__dirname, filepath), "utf8");
return JWK.asKey(keyInput, "pem");
};
const encrypt = async (publicKey, input) => {
const buffer = Buffer.from(input);
return JWE.createEncrypt({ format: "compact", contentAlg: "A256GCM", alg: "RSA-OAEP" }, publicKey)
.update(buffer)
.final();
};
const sign = async (privateKey, payload) => {
const opt = { compact: true, fields: { typ: "jwt", alg: "RS256" } };
const buffer = Buffer.from(payload);
return JWS.createSign(opt, privateKey).update(buffer).final();
};
async function start() {
const privateKey = await getKey("partner", "private");
const emedPublicKey = await getKey("emed", "public");
// Create a signed JWT token using partner private key
const signedPayload = await sign(
privateKey,
JSON.stringify({
email: "patient@org-name.co.uk",
given_name: "Test",
family_name: "User",
birthdate: "1990-01-31",
gender: "female",
phone_number: "+447909090909",
iat: Math.floor(Date.now() / 1000),
exp: Math.floor(Date.now() / 1000) + 30, // ID Tokens with a >30 expiry will be rejected by eMed services
iss: "org-name-issuer",
sub: "some-patient-id",
aud: "https://emed.com",
nonce: "b02edbfd-fafd-4670-bc18-676b203f7de4",
org: "org-name",
address: {
street_address: "123 Fake Street",
locality: "Fake Town",
region: "Fake City",
postal_code: "SW1A1AA",
},
})
);
// Get the JWT string and create a JWE token using eMed's public key.
// The signed JWT string is the payload of this JWE token.
const encryptedIdToken = await encrypt(emedPublicKey, signedPayload);
console.log(`encrypted id token:`);
console.log(`${encryptedIdToken}`);
}
start();
Embedding the eMed iFrame #
This snippet adds the iframe to your website:
<iframe id="emed-appointment-booking" src="https://embed-uk.preprod.babylontech.co.uk/partners/consultations/new#id_token=CHANGE_ME" frameborder="0" allowfullscreen="1" scrolling="auto" allow="camera *; microphone *"></iframe>
Please note
- The URL provided in the iframe src attribute (https://embed-uk.preprod.babylontech.co.uk/partners/consultations/new) is for the test environment. The URL should also contain a fragment for the authentication. See User provisioning and authentication for more details. The exact URL for the production environment will differ. See Environments. Ensure you replace this URL with the correct production URL provided by eMed once your development and testing phases are complete.
- We recommend wrapping the iframe in a responsive container. This practice ensures that the iframe’s size adjusts dynamically to fit your users’ devices’ screen sizes and resolutions, maintaining a seamless and accessible user experience across all platforms.