Describe the bug
A clear and concise description of what the bug is.

I'm locked out of my medical records because the Services Card app does not support Android 14.

To Reproduce
Steps to reproduce the behavior:

1. Have a modern handset.
2. Try to use the BC Services Card App.
3. Have the app explode saying "14" is not supported.

Expected behavior
A clear and concise description of what you expected to happen.

A default "compatible with future versions" developer mindset.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: Android
• Browser: BC Services Card
• Version: 3.5.0

Smartphone (please complete the following information):

• Device: Pixel 6
• OS: 14
• Browser: BC Services Card
• Version: 14

Additional context
Add any other context about the problem here.

Please consider security as a mindset, and not "what's understood today".

Describe the bug
This could be a problem with how the backend handles conflicting data for a single user. Even when you are inputting the right information, you receive the data mismatch error. Additionally, I'm posting my request here because the healthgatway support team seems unable to comprehend the issue, and clearing cache and cookies may not always be the solution. The reporucing steps are based on hypothetical scenario which I think can be the reason. Adding the traceID for the error so you can debug more.

errorCode":"ImmunizationServer-I","traceId":"03327e3770191d7dd26b78b65f62942b","actionCode":"MISMATCH

To Reproduce

• Request a virtual health card number for the user - Upload a health record from another country with the same virtual health card number to obtain BC vaccine evidence
• Apply for service card for the same user, this based on my understanding will generate new health number so you will have two records.
• Once the records are confirmed, they will be tied to your virtual number, and you should be able to print BC vaccine proof - you should get a data mismatch error even after inputting correct information.

Expected behavior
The records should be able to be printed. I'm going to set aside some time to examine the code in order to better understand the flow and provide context. Any assistance is greatly welcomed, as we are unable to print the record and it is really important to us.

There is a fundamental design flaw in the vaccine card system.

The QR code issued to vaccinated individuals is generated once and then embedded in a PDF file, which is downloaded by the user to be printed or stored on their smartphone.

Unfortunately, this means that a valid QR code can be copied and shared with any number of people. Those individuals could then "scan green" whether vaccinated or not.

• If a "green scan" simply implies the verification of the QR code payload, there's no way to fix this.
• If a "green scan" involves calling a backend endpoint to validate the payload, all you can do is limit the number of green scans per QR code in a short period of time. This means people sharing QR codes might get spurious bad scans, come back in 15 minutes and scan green then.

It would have been better to have a proper smartphone app that generated a new QR code for the user every few seconds. BOTH the user's session auth token AND a seeded time-based authenticator code AND a nonce to prevent replay attacks should have been used to generate the QR code. A backend API call would be necessary to verify those three items, and biometric auth could restrict access to the app to one person.

Or you could just require a BC service card login every time a user needs to present a QR code, and generate a one-time-use code for each scan.

This would mean that people without smartphones wouldn't be able to use the vaxpass, but they could just print out their vaccination record and carry it with them.

No Project Lifecycle Badge found in your readme!

Hello! I scanned your readme and could not find a project lifecycle badge. A project lifecycle badge will provide contributors to your project as well as other stakeholders (platform services, executive) insight into the lifecycle of your repository.

What is a Project Lifecycle Badge?

It is a simple image that neatly describes your project's stage in its lifecycle. More information can be found in the project lifecycle badges documentation.

What do I need to do?

I suggest you make a PR into your README.md and add a project lifecycle badge near the top where it is easy for your users to pick it up :). Once it is merged feel free to close this issue. I will not open up a new one :)

Both GET request for this URL https://www.healthgateway.gov.bc.ca/api/immunizationservice/v1/api/Immunization?hdid=xxx and https://www.healthgateway.gov.bc.ca/api/immunizationservice/v1/api/AuthenticatedVaccineStatus?hdid=xxx returns this response:

The server didn't respond in time.
</body></html>```

Describe the bug
When attempting to establish a browser on my MacBook as a trusted device the default device name provided by the app uses that of the mobile device used to enrol (Galaxy S8) rather than the new trusted device (Fred's Macbook).

To Reproduce
Steps to reproduce the behaviour:

1. In the browser visit https://www.healthgateway.gov.bc.ca/
2. press login button
3. This directs user to https://id.gov.bc.ca/login/entry#start
4. Select Already Setup - Use a Mobile card
   6 Open app and enter pairing code.
5. Bowser redirects to https://id.gov.bc.ca/login/entry#
6. Do you want to remember? Name this device prompts with "Galaxy S8" rather than info about the device being enrolled that is available (See https://www.deviceinfo.me/ ).

Expected behaviour
I expect the device name field to default to something like "Chrome on macOS" .

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: macOS version 10.15.5 (32-bit)
• Browser: Chrome
• Version : version 84.0.4147.105 (32-bit)

Broken link https://phsahealthgatewayapi.azurewebsites.net/swagger/index.html at the bottom of the docs:

https://github.com/bcgov/healthgateway/blob/dev/docs/PHSA_CDC%20LabServices%20Integration.md

Some people don't agree with the google terms of service, to use Google play store the releases should be available on the amazon store,github and also on fdroid. (It would also be good if all open source government apps had their own fdroid repository)

TL;DR

Topics greatly improve the discoverability of repos; please add the short code from the table below to the topics of your repo so that ministries can use GitHub's search to find out what repos belong to them and other visitors can find useful content (and reuse it!).

Why Topic

In short order we'll add our 800th repo. This large number clearly demonstrates the success of using GitHub and our Open Source initiative. This huge success means its critical that we work to make our content as discoverable as possible; Through discoverability, we promote code reuse across a large decentralized organization like the Government of British Columbia as well as allow ministries to find the repos they own.

What to do

Below is a table of abbreviation a.k.a short codes for each ministry; they're the ones used in all @gov.bc.ca email addresses. Please add the short codes of the ministry or organization that "owns" this repo as a topic.

That's in, you're done!!!

How to use

Once topics are added, you can use them in GitHub's search. For example, enter something like org:bcgov topic:citz to find all the repos that belong to Citizens' Services. You can refine this search by adding key words specific to a subject you're interested in. To learn more about searching through repos check out GitHub's doc on searching.

Pro Tip 🤓

• If your org is not in the list below, or the table contains errors, please create an issue here.

• While you're doing this, add additional topics that would help someone searching for "something". These can be the language used javascript or R; something like opendata or data for data only repos; or any other key words that are useful.

• Add a meaningful description to your repo. This is hugely valuable to people looking through our repositories.

• If your application is live, add the production URL.

Ministry Short Codes

NOTE See an error or omission? Please create an issue here to get it remedied.

Describe the bug
Date of Birth shows some JSON data instead of a nicely formatted date.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'BC Vaccine Card'
2. Click on '>' to show details
3. Look at Date of Birth field.
4. See display error

Happens on both desktop and phone.

Expected behavior
Date of Birth should contain a nicely formatted date value.

Screenshots

Desktop (please complete the following information):

• OS: Windows 11
• Browser: Chrome
• Version: 118.0.5993.118

Smartphone (please complete the following information):

• Device: Samsung Galaxy S23
• OS: Android
• Browser: Chrome

Is your feature request related to a problem? Please describe.
As the vaccine mandate rolls out, there is some confusion and frustration about how to save and recall the QR codes without needing to go through the Health Gateway flow every time. Workarounds include printing out the cards, taking screenshots, or downloading PDFs, but these solutions present their own challenges and are not always accessible for technically challenged people nor convenient for everyone.

Describe the solution you'd like
When accessing the QR code on Health Gateway on a mobile device, consider offering the option to save the code as a card to Apple Pay, Google Pay, and if available, other major vendors like Samsung Pay (assuming they offer the means to do so). These apps often include convenience features for users that reduce friction around finding and presenting their cards at points of service.

Describe alternatives you've considered
As above, alternatives do exist in the form of screenshots, printouts, and PDFs. Other more involved alternatives include using 3rd party apps such as Pass2Pay for Android and Pass2U Wallet for iOS. These are effective, but encourage people to pass their health information through untrusted apps outside of PHSA's bubble. This isn't ideal.

Additional context
Samples of other apps offering this functionality are attached, as is a concept of what the card would look like in Google Pay on Android.

Thank you!