Planned changes

As HelseID is a service that evolves over time, it is inevitable that certain parts of the service will eventually be changed or deprecated. The roadmap below shows the changes HelseID will make in the upcoming period and when changes will be implemented in test and production.

Change Description Test Prod
Remove old Test-IDP The old Test-IDP will be removed. October 2024
Remove the endpoint clientinfo_endpoint This endpoint gives out metadata about a Client. The endpoint is scarcely used, and the metadata for a Client is readily available in HelseID Selvbetjening. October 2024 December 2024
Remove old amr claim The old claim helseid://claims/client/claims/amr will be removed. The information will be replaced by the client_amr claim, which is already in production. October 2024 December 2024
Reject implicit or hybrid flow Reject all use of hybrid and implicit flow from clients. November 2024 January 2025
Reject Shared Secret Reject all clients attempting to use Shared Secret for client authentication. November 2024 January 2025
PKCE requirement All clients with user login not using PKCE in the call to the Authorize endpoint will be rejected at runtime. March 2025
PAR requirement All clients with user login not using PAR will be rejected at runtime. during 2025

Completed changes

Change Description Test Prod
Remove PREG Personregisteret (PREG) will be deprecated in the test environment. All test persons will be fetched from Persontjenesten, which contains synthetic persons from SyntPop. September 2024
Remove the old Test-IDP The old Test-IDP will be removed. October 2024