DocCheck Login documentation
K

# Personal & Consent

Summary

In the legacy system, we configured the consent form for you. In the new system, you have more flexibility and can configure consent, scopes, and mandatory scopes yourself in DocCheck Access.

# 1) Introduction & Context

  • Personal refers to personal data that becomes available after the user consents.
  • Scopes define which data is requested and subsequently retrievable.
  • The consent form appears during the login flow and provides transparent information about the data release.

# Core functions

  • Privacy: provide the privacy policy URL of your website where the Login Client is implemented.
  • Scopes: choose which data you request; only granted scopes are returned by the User Data endpoint.
  • Mandatory scopes: cannot be deselected individually in the consent dialog.
  • Additional info: optional note on the form (e.g., purpose of processing, contact, links).
  • Languages: form can be served in multiple languages; additional note can be language‑specific.

More info: Return values of the User Data endpoint and “Data Mapping & Payload” (link to follow).

# 2) Per‑license specifics

# Economy

# Routing

  • If you used routing in the legacy system, you can now implement it more flexibly on your own:
    • Fetch the required data from the User Data endpoint after login.
    • Define required scopes as mandatory, so the data is reliably available.
    • Use the additional info to explain your routing behavior and the required scopes.
    • For parameter transfer, use the state parameter; all necessary parameters must be transported within it.

# UniqueID

  • unique_id is a system scope and does not require separate consent.
  • You decide whether you need it for your correlation.

# Business

  • If you need the same scope set as in the legacy system, refer to “Data Mapping & Payload” (link to follow) and select the corresponding scopes in the Button Configurator.
  • Additionally, extended scopes are available (e.g., name, email, address, discipline); mark them as mandatory if needed.

Tip for mirroring the legacy “Personal” form:

  • Economy: typically select unique_id, profession, country, language.
  • Business: add personal data scopes such as name (first/last), email, address, and optionally discipline to match your former dataset.

# 3) Configuration & Implementation (short)

  1. In DocCheck Access → Login Client → “Configure”: provide the privacy policy URL, optionally add additional notes per language, set mandatory scopes.
  2. In “Button Configurator”: choose the language, select scopes, optionally add state for parameters/routing.
  3. Explain the purpose: ensure your additional note and privacy policy clearly state why you collect each scope and how you use it.
  4. Update your code and verify the OAuth2 endpoints.

# Decision checklist (Business)

  • Which scopes do we really need (minimize)?
  • Which of them must be mandatory (cannot be deselected)?
  • What explanatory text (additional info) do we show to justify the data need?

# Further reading

ON THIS PAGE
1) Introduction & Context
Core functions
2) Per‑license specifics
Economy
Routing
UniqueID
Business
3) Configuration & Implementation (short)
Decision checklist (Business)
Further reading