Corppass
  • INTRODUCTION
    • About Corppass
    • Corppass Design Guidelines
      • Brand Guidelines
      • Button Guidelines
  • Technical Specifications
    • Corppass Authorization API
      • Key concepts
        • Client JWKS
        • JWS and JWE
        • Client Assertion JWT
        • Proof Key of Code Exchange (PKCE)
      • Staging and Production URLs
      • Well-known Endpoints
        • OpenID Discovery Endpoint
        • JWKS Endpoint
      • Scopes
      • Authorization Endpoint
        • Authorization Code with Proof Key of Code Exchange (PKCE) Flow
        • Pushed Authorization Request (PAR) Flow
      • Token Endpoint
        • ID Token Structure
          • UserInfo Claim Structure
          • EntityInfo Claim Structure
        • Access Token Structure
      • Authorization Info Endpoint
        • AuthInfo Structure
        • TPAuthInfo Structure
      • Pushed Authorization Request (PAR) Endpoint
  • Corppass Developer Portal (CDP)
    • User Guide
      • Getting Started
      • Login to CDP
      • Available Digital Service Settings
        • FAQs
      • Toggle Between Staging and Production Environments
      • Portal Features
        • Updating the Digital Service and Managing Metadata
      • User Roles and Permissions
      • Frequently Asked Questions (FAQ)
        • Login Issues
        • Access and Permissions
        • How is CDP Different from Corppass Agency Admin (AA) Portal?
        • Other Common Issues
  • MORE INFORMATION
    • Is Corppass working?
    • Contact Us
Powered by GitBook
On this page
  1. Technical Specifications

Corppass Authorization API

PreviousButton GuidelinesNextKey concepts

Last updated 3 months ago

This technical specification outlines the web-based Application Programming Interfaces (APIs) designed for use by Relying Parties (RPs) and clients. It specifies the APIs that RPs must invoke to facilitate OpenID Connect (OIDC) authentication and retrieve authorization information for Corppass users.

The following diagram illustrates the OIDC flow between the RP and Corppass, detailing the interactions required to authenticate users and access their authorization information:

All RPs should follow these steps, as illustrated in the above diagram. A short summary of the diagram:

  1. Discover OpenID Provider Configuration

  2. Initiate Authorization Request

  3. User Authentication

    • The user will be prompted to log in with Singpass and authenticate using their Singpass credentials.

  4. Token Exchange

  5. ID Token Encryption

  6. ID Token Signature Validation

  7. Retrieve Authorization Information

Retrieve the details of the OpenID Provider by querying the OpenID Discovery endpoint. Refer to the section.

Send an authorization request to the Corppass Authorization Endpoint to obtain an authorization code. Refer to the section.

Exchange the authorization code and client assertion at the Token Endpoint to obtain the ID token and access token. Refer to the section.

Corppass retrieves the RP's encryption public key from the client’s JWKS during the token issuance process. Refer to the section.

The RP retrieves Corppass's signing public key from the JWKS endpoint to validate the signature of the ID token. Refer to the section.

Use the access token to query the Authorization Info Endpoint and retrieve the Corppass user’s authorization details. Refer to the section

OpenID Discovery Endpoint
Authorization Endpoint
Token Endpoint
Client JWKS
JWKS Endpoint
Authorization Info Endpoint