Question 1

What does FastLogin actually do?

Accepted Answer

FastLogin is the identity layer that every Fastclinic product depends on. It handles registration, phone and email verification, KYC for providers, multi-factor authentication, OAuth2 / OIDC token issuance, session management, and the per-user audit trail. When a patient signs in to Doorcta to start a consultation, when a doctor signs in to OneHealth to access records, when a finance lead signs in to FastCredits to top up an org balance — they are all signing in through FastLogin. There is exactly one set of credentials per person across the entire ecosystem.

Question 2

Why centralise identity instead of letting each product do its own auth?

Accepted Answer

Because every duplicated auth surface is a duplicated attack surface, a duplicated KYC liability, and a duplicated source of audit drift. When a provider's MDCN licence is revoked, we want it revoked everywhere within minutes — not weeks. When a patient grants access to one product, we want that consent recorded against one ledger, not scattered across five databases. Centralising identity lets us run one well-monitored credential store, one phishing-resistant MFA policy, and one hash-chained audit log that regulators can verify.

Question 3

Is FastLogin a custom build or off-the-shelf?

Accepted Answer

It is a Go service built on Ory Kratos and Ory Hydra — both production-grade open-source identity stacks — with a Fastclinic-built admin and self-service UI on top. Kratos handles credential storage, MFA factors, recovery, and the registration state machine. Hydra handles OAuth2 / OIDC, scope enforcement, and token lifecycle. The Go service in front orchestrates KYC via Didit, the seven-year hash-chained audit trail, organisation entitlements, and the partner-client onboarding flow. We did not write a credential store ourselves and we are not going to.

Question 4

Where does the data live?

Accepted Answer

On African data residency: a Nigerian-region AWS account that the Fastclinic Limited (RC 1919428) data controller operates. Identities, sessions, MFA secrets, KYC artefacts, and audit logs do not leave that region in normal operation. The Didit liveness check is the one external processor: a selfie image is sent to Didit for the verification window, then deleted on Didit's side after thirty days and on our side within twenty-four hours of the verification result.

Question 5

How long do FastLogin tokens last?

Accepted Answer

Access tokens are valid for fifteen minutes. Refresh tokens are valid for twenty-four hours and rotate on every use, so a leaked refresh token is single-use. Each Fastclinic product caches FastLogin's public JWKS keys for five minutes, which means a key rotation propagates across the entire ecosystem in five minutes without any product redeploy. These numbers come from the runtime Hydra client config — they are not aspirational.

Question 6

What does AAL2 mean and why does FastLogin require it?

Accepted Answer

AAL2 is NIST's term for authentication assurance level 2 — the user has proven possession of a phishing-resistant factor like a passkey or a TOTP authenticator, not just a password. FastLogin enrols every user with both a passkey and a TOTP secret during registration so that no user is locked out if a single device is lost. Sensitive operations like clinical record access and financial actions require an AAL2-fresh session. Hydra refuses to issue scoped tokens for those scopes when the session is only AAL1.

Question 7

Can a third-party Nigerian healthcare app integrate FastLogin?

Accepted Answer

Yes — that is what the partner-client surface is for. We register your app as a Hydra OAuth2 client, point it at the standard authorization-code-with-PKCE flow, and your users get the same one-click sign-in and centralised consent screen that Doorcta and OneHealth use. Your app stores no passwords. Your app sees no MFA secrets. You get a verified user identity, the scopes the user consented to, and a fifteen-minute access token. Talk to the developer documentation for the integration timeline.

Question 8

What happens if FastLogin is down?

Accepted Answer

Existing fifteen-minute access tokens continue to validate against the cached JWKS until they expire. New sign-ins are blocked. The runbook recovery path is to roll back the most recent FastLogin or Kratos or Hydra deployment from the audit-immutable change log, page the on-call, and post a customer-facing status update within fifteen minutes of detection. Outage history and SLA targets live on the trust page. Critically, the cached-JWKS design means that for the first five minutes of any FastLogin issue, every relying party still validates already-issued tokens locally. That gives operators a real recovery window before user-visible impact, which is the difference between an SSO outage that takes the whole ecosystem down and one that the average user never notices.

Question 9

How do I integrate FastLogin into a third-party Nigerian app?

Accepted Answer

We register your app as a Hydra OAuth2 client with the redirect URIs and post-logout URIs you specify. You implement the standard authorization-code-with-PKCE flow against our well-known OIDC discovery document. On the success callback you receive an ID token (JWT) signed by Hydra; you verify it against our JWKS endpoint and read the user identity claims. Token refresh, user-info endpoint, and revocation all follow OAuth2 / OIDC standards verbatim — there is nothing Fastclinic-specific in the protocol layer. The Fastclinic-specific work is on your end: deciding which scopes you need, building your consent rationale text, and storing the user identity by FastLogin user ID rather than by email. The developer documentation walks through each step with code samples in TypeScript, Go, and Python.

Question 10

How is consent tracked across products?

Accepted Answer

Every consent grant is an event in the audit chain with the user ID, the requesting client (product or partner), the scope set, the timestamp, and the AAL of the session that granted it. When the user revokes consent for a scope, that is also an event — the chain shows the grant, the revoke, and the duration. Hydra enforces revocation by refusing to issue tokens for revoked scopes; existing access tokens with those scopes age out within fifteen minutes. The OneHealth team built their entire access-grant surface on this primitive, which is the kind of leverage you only get from one identity layer.

One sign-in for every Fastclinic product.

Patient

Healthcare Provider

Organisation Admin

Capabilities

Integrations

Compliance & safety

Plain answers

Ready to ship with FastLogin?

One sign-in for every Fastclinic product.

Patient

Healthcare Provider

Organisation Admin

Capabilities

Integrations

Compliance & safety

Plain answers

01What does FastLogin actually do?

02Why centralise identity instead of letting each product do its own auth?

03Is FastLogin a custom build or off-the-shelf?

04Where does the data live?

05How long do FastLogin tokens last?

06What does AAL2 mean and why does FastLogin require it?

07Can a third-party Nigerian healthcare app integrate FastLogin?

08What happens if FastLogin is down?

09How do I integrate FastLogin into a third-party Nigerian app?

10How is consent tracked across products?

Ready to ship with FastLogin?