NHS Login Integration for Pharmacy2U

Pharmacy2U is the UK's largest online pharmacy, delivering NHS prescriptions and healthcare products to over a million customers. I joined as a Front-End Engineer working on the customer-facing platform — a high-traffic React/Next.js/TypeScript application where authentication, registration and onboarding were among the most commercially sensitive user journeys on the product.

The work I'm highlighting here is the NHS Login integration — the largest single epic I delivered during my time there — though my broader responsibilities extended across registration flow improvements, validation architecture, performance, and general product quality.

What NHS Login is and why it mattered

NHS Login is a government-backed identity service that allows patients to prove their identity and access NHS digital services using a single set of credentials. Integrating it into the Pharmacy2U platform meant customers could register and sign in using their existing NHS identity — removing the need to create and manage a separate Pharmacy2U account, and bringing a layer of trust and legitimacy to the onboarding experience that a proprietary login flow cannot offer.

For a prescription service handling sensitive health data, the trust dimension is not incidental. A user who recognises NHS Login as a familiar, government-endorsed mechanism is meaningfully more likely to complete registration with confidence than one encountering an unknown third-party identity flow.

What the integration involved

This was not a case of dropping in an auth library and calling it done. The integration required coordinating an external identity provider — NHS Login — with Pharmacy2U's own identity service, backend APIs, and front-end application flows across multiple parts of the platform.

On the core authentication journey, I built the new user flows for both registration and sign-in via NHS Login, implementing redirect and callback handling, response-driven UI states, and session management behaviour aligned to NHS-imposed requirements — including immediate session expiry when a session timed out, which was a specific NHS acceptance criterion rather than a product choice.

The integration extended into surrounding platform areas in ways that added meaningful complexity. In the account dashboard, NHS-authenticated users cannot follow the standard "change login details" path — their credentials are managed by NHS Login, not Pharmacy2U — so I implemented conditional routing to redirect those users to the NHS Login portal instead. In checkout, I integrated logic to inspect a user's email address and direct them to the correct authentication method for their account, handling the case where a user might not remember which sign-in method they originally used.

A key challenge throughout was making the experience behave correctly across a wide range of edge cases — incomplete flows, session interruptions, mismatched account states, users arriving via different entry points — while satisfying both Pharmacy2U's product requirements and the formal acceptance criteria set by the NHS partnership team.

Presenting to the NHS partnership team

A notable aspect of this project was that it involved external stakeholders beyond the internal product team. I presented work-in-progress directly to the NHS partnership team as part of the approval process — an unusual responsibility for a front-end engineer, and a signal of the trust placed in me to represent the technical implementation clearly and credibly to an external party.

Outcome

The integration delivered a more secure, lower-friction, higher-trust onboarding experience for new Pharmacy2U customers. It extended the platform's authentication capability in a way that is particularly meaningful in a healthcare context — leveraging an identity that patients already have and already trust, rather than asking them to create and manage another set of credentials for a prescription service.