Scopes
Scopes are used during authentication to authorise access to a user's details.
In the context of Corppass, each scope grants access to a set of entity or acting user's attributes called claims. Once authorised, these claims are turned in an ID Token (via the Token Endpoint) and/or made available via the Userinfo Endpoint.
Usage
To initiate an OpenID Connect flow, clients must specify the desired permissions as a space-delimited list in the scope parameter of the request.
Refer to the Pushed Authorization Request section for detailed specifications on constructing the request.
Consent Screen
Depending on the requested scopes, a consent screen may be displayed to the end user during authorization. The consent screen informs the user of the data or permissions being requested and allows them to grant or deny access.
For Private Sector relying parties, the consent screen is displayed when authorization requests include user or entity data scopes.
For Government Agencies, the consent screen is not displayed for now. Additional consent policies may be introduced as higher-sensitivity data scopes are onboarded.
Consent screen is not shown when authorization requests include only protocol or authorization scopes (e.g.,
openid,authinfo,tpauthinfo).
Supported Scopes
Protocol Scopes
openid
Mandatory scope to indicate the request is an OpenID Connect flow.
Required for all requests.
Authorization Scopes
Entity Scopes
entity.identity
View entity identity - includes entity type, registration number, and country of incorporation.
sub_attributes
entity_typeentity_reg_numberentity_coi
User Scopes
user.identity
View acting user's identity - includes account type, identity number, and country of issuance.
act.sub_attributes
account_typeidentity_numberidentity_coi
user.corppass.email
View acting user's Corppass registered email address.
act.sub_attributes
corppass_emailcorppass_email_verified
Last updated