# Guidelines
Here are guidelines to keep in mind when implementing the login in your system.
# DocCheck Login service – your Identity Provider (IdP)
The DocCheck Login service behaves like many identity provider (IdP) services.
The service is invoked via the DocCheck login button — which is provided via the platform DocCheck Access (opens new window).
Login request
Users must always authenticate first via the DocCheck login URL. Submitting user credentials to DocCheck from your own forms is not permitted.
# Handling the callback
After successful authentication via the DocCheck login client, the callback is triggered and the authorization code is provided. Your callback URL must handle it and exchange the code for an access token. More info: OAuth2 service or Endpoints.
OIDC support
The DocCheck Login service currently does not support OpenID Connect (OIDC). Therefore, a JSON Web Token (JWT) is not provided.
# Implementation guidelines
Keep the following in mind when implementing DocCheck Login:
- The HTML for the login button provided by DocCheck must not be modified in a way that
- limits or changes the function of the login form or process
- changes the src attribute
- prevents loading the script directly from the DocCheck server
Place the login button in a publicly accessible part of your website (e.g., professional information section).
Users must clearly recognize the DocCheck login option (e.g., DocCheck logo/mascot — Logo media library (opens new window)).