HelseID is an OAuth based token service widely used in the Norwegian health sector. It is a fundamental building part of making sensitive health information available across systems and organizations in Norway. There are very strict requirements on how to share this kind of data in Norway, so to make this work the technical solution must be really, really focused on security. Baseline OAuth is simply not good enough. As a consequence HelseID has it's own security profile for using OAuth. In this session we will walk you through this profile, try to justify our choices and talk about the future. Check out our new channel: NDC Clips: @ndcclips Check out more of our featured speakers and talks at https://ndcconferences.com/ https://ndcoslo.com/