# Authorization Info Endpoint ``` POST /authorization-info ``` The Authorization Info Endpoint allows the Relying Party (RP) to retrieve detailed authorization information about the authenticated user. To access this enpdoint, the RP must include a valid Access Token issued by the `/token` endpoint in the `Authorization` header as a Bearer token. {% hint style="danger" %} In the previous minor version (2.0), the practice of appending the `scope` in the request body was supported. This behavior has been removed in the current version. The `scope` parameter should now be assessed at the **Authorize Endpoint** rather than the **Authorization Info Endpoint**. Therefore, appending `scope` in the request body is no longer supported. While this change will not impact RPs (Relying Parties) who are still appending `scope` in the request body, we strongly encourage RPs to deprecate this implementation to simplify the network calls and ensure compatibility with the updated version. {% endhint %} #### Request Headers

Field Required Description

Authorization

Yes

Field	Required	Description
Authorization	Yes	The Access Token issued by the `/token` endpoint, passed as a Bearer token in the header. Example: `Authorization: Bearer <Access-Token>`

The Access Token issued by the /token endpoint, passed as a Bearer token in the header.

Example:

Authorization: Bearer <Access-Token>

#### Response The Authorization Info Endpoint returns authorization claims encapsulated in a JWS. The payload contains information about the user's roles, entities, and third-party authorizations. Response Body Example {% code overflow="wrap" %} ```json { "iat": 1624086842, "exp": 1624087442, "aud": "vOIljWVrGyBMK6f31QYq", "iss": "https://stg-id.corppass.gov.sg", "sub": "vOIljWVrGyBMK6f31QYq", "AuthInfo": { "Result_Set": { "ESrvc_Row_Count": 1, "ESrvc_Result": [ { "CPESrvcID": "SD-CPF2FA", "Auth_Result_Set": { "Row_Count": 1, "Row": [ { "CPEntID_SUB": "", "CPRole": "CPF2FAR1", "StartDate": "2020-08-28", "EndDate": "9999-12-31", "Parameter": [ { "name": "Free Text", "value": "" }, ] } ] } } ] } }, "TPAuthInfo": { "Result_Set": { "ESrvc_Row_Count": 1, "ESrvc_Result": [ { "CPESrvcID": "AGM02", "Auth_Set": { "ENT_ROW_COUNT": 1, "TP_Auth": [ { "CP_Clnt_ID": "VBR000036", "CP_ClntEnt_TYPE": "UEN", "Auth_Result_Set": { "Row_Count": 1, "Row": [ { "CP_ClntEnt_SUB": "", "CPRole": "", "StartDate": "2020-07-29", "EndDate": "9999-12-31", "Parameter": [] } ] } } ] } } ] } } } ``` {% endcode %} Response Claims

Claim	Type	Description
aud	String	The client ID of the Relying Party (RP). Refer to Section 4.1.3 of RFC 7519.
iss	String	The issuer of the JWT. Refer to Section 4.1.1 of RFC 7519.
sub	String	The unique user identifier (e.g. client ID) for the authenticated user.
iat	Number	The time the JWT was issued, expressed as a UNIX timestamp. Refer to Section 4.1.6 of RFC 7519.
exp	Number	The expiration time of the JWT. Defaults to 10 minutes from `iat`. Refer to Section 4.1.4 of RFC 7519.
AuthInfo	JSON	Authorization information assigned to the user.
TPAuthInfo	JSON	Third-party authorization information assigned to the user.