Scopes

Scopes define the permissions and claims the client requests from the authorization server during the OIDC flow. The scope parameter is mandatory in the authorization request and must include openid. Additional scopes may be requested to obtain specific claims or access certain resources.

The scope parameter will be mandated in the next major version of the API. Once the scope parameter is mandated, any requested scope that is not recognized or authorized by the authorization server will result in an error. Plan to update your applications to include this parameter. We strongly recommend reviewing the updated API documentation and transitioning to alternative fields as soon as possible to avoid disruptions.

Supported Scopes

Scope

Description

Data Access

openid

Mandatory scope to indicate the request is an OpenID Connect flow.

Required for all requests.

authinfo

View authorization details for the authenticated user.

Auth Info Endpoint

AuthInfo

tpauthinfo

View third-party authorization details for the authenticated user.

Auth Info Endpoint

TPAuthInfo

business_profile.email

View acting user's Corppass registered email address. Note that this scope will be deprecated and replaced by user.corppass.email in the upgraded FAPI 2.0 Security Profile. See FAPI 2.0: Scopes for more details.

ID Token

email
email_verified

Usage Example

When requesting scopes in the authorization URL, include them as a space-separated list in the scope parameter:

Example Request

https://stg-id.corppass.gov.sg/mga/sps/oauth/oauth20/authorize
?client_id=example_client
&response_type=code
&scope=openid authinfo
&redirect_uri=https://example.com/callback
&state=xyz123
&nonce=abc456

PreviousJWKS Endpoint NextCorppass Authorization API (FAPI 2.0)

Last updated 19 hours ago