search

Authorization Info Endpoint

POST /authorization-info 

The Authorization Info Endpoint allows the Relying Party (RP) to retrieve detailed authorization information about the authenticated user. To access this enpdoint, the RP must include a valid Access Token issued by the /token endpoint in the Authorization header as a Bearer token.

triangle-exclamation

In the previous minor version (2.0), the practice of appending the scope in the request body was supported. This behavior has been removed in the current version. The scope parameter should now be assessed at the Authorize Endpoint rather than the Authorization Info Endpoint. Therefore, appending scope in the request body is no longer supported.

While this change will not impact RPs (Relying Parties) who are still appending scope in the request body, we strongly encourage RPs to deprecate this implementation to simplify the network calls and ensure compatibility with the updated version.

hashtag
Request

Headers

Field
Required
Description

Authorization

Yes

The Access Token issued by the /token endpoint, passed as a Bearer token in the header.

Example:

Authorization: Bearer <Access-Token>

hashtag
Response

The Authorization Info Endpoint returns authorization claims encapsulated in a JWS. The payload contains information about the user's roles, entities, and third-party authorizations.

Response Body Example

{
  "iat": 1624086842,
  "exp": 1624087442,
  "aud": "vOIljWVrGyBMK6f31QYq",
  "iss": "https://stg-id.corppass.gov.sg",
  "sub": "vOIljWVrGyBMK6f31QYq",
  "AuthInfo": {
    "Result_Set": {
      "ESrvc_Row_Count": 1,
      "ESrvc_Result": [
        {
          "CPESrvcID": "SD-CPF2FA",
          "Auth_Result_Set": {
            "Row_Count": 1,
            "Row": [
              {
                "CPEntID_SUB": "",
                "CPRole": "CPF2FAR1",
                "StartDate": "2020-08-28",
                "EndDate": "9999-12-31",
                "Parameter": [
                  { "name": "Free Text", "value": "" },
                ]
              }
            ]
          }
        }
      ]
    }
  },
  "TPAuthInfo": {
    "Result_Set": {
      "ESrvc_Row_Count": 1,
      "ESrvc_Result": [
        {
          "CPESrvcID": "AGM02",
          "Auth_Set": {
            "ENT_ROW_COUNT": 1,
            "TP_Auth": [
              {
                "CP_Clnt_ID": "VBR000036",
                "CP_ClntEnt_TYPE": "UEN",
                "Auth_Result_Set": {
                  "Row_Count": 1,
                  "Row": [
                    {
                      "CP_ClntEnt_SUB": "",
                      "CPRole": "",
                      "StartDate": "2020-07-29",
                      "EndDate": "9999-12-31",
                      "Parameter": []
                    }
                  ]
                }
              }
            ]
          }
        }
      ]
    }
  }
}

Response Claims

Claim
Type
Description

aud

String

The client ID of the Relying Party (RP). Refer to Section 4.1.3 of RFC 7519arrow-up-right.

iss

String

The issuer of the JWT. Refer to Section 4.1.1 of RFC 7519arrow-up-right.

sub

String

The unique user identifier (e.g. client ID) for the authenticated user.

iat

Number

The time the JWT was issued, expressed as a UNIX timestamp. Refer to Section 4.1.6 of RFC 7519arrow-up-right.

exp

Number

The expiration time of the JWT. Defaults to 10 minutes from iat. Refer to Section 4.1.4 of RFC 7519arrow-up-right.

AuthInfo

JSON

Authorization information assigned to the user.

TPAuthInfo

JSON

Third-party authorization information assigned to the user.

PreviousAccess Token StructureNextAuthInfo Structure

Last updated