Auth Info Structure

The auth_info claim provides detailed user authorization information.

This claim will only be provided in the Userinfo Endpoint response if the authinfo scope is present in the access token.

Example

Sample auth_info claim

Auth info payload for a User with two authorisations, one for e-service SAMPLE-ESERVICE and the other for OTHER-ESERVICE .

{
  "auth_info": {
    "Result_Set": {
      "ESrvc_Row_Count": 2,
      "ESrvc_Result": [
        {
          "CPESrvcID": "SAMPLE-ESERVICE",
          "Auth_Result_Set": {
            "Row_Count": 1,
            "Row": [
              {
                "CPEntID_SUB": "",
                "CPRole": "Approver",
                "StartDate": "2017-11-14",
                "EndDate": "9999-12-31",
                "Parameter": [
                  {
                    "name": "Effective YA",
                    "value": "2020"
                  },
                ]
              }
            ]
          }
        },
        {
          "CPESrvcID": "OTHER-ESERVICE",
          "Auth_Result_Set": {
            "Row_Count": 1,
            "Row": [
              {
                "CPEntID_SUB": "",
                "CPRole": "Editor",
                "StartDate": "2017-11-14",
                "EndDate": "9999-12-31",
                "Parameter": []
              }
            ]
          }
        }
      ]
    }
  }
}

Attributes in `auth_info` Claim

The table below provides a detailed description of the attributes included in the auth_info claim.

Mandatory Field: Always present in the object and contain values, which could be a blank string ("") if no data is available.

Non-Mandatory Field: Included only if data is available and not required by the schema.

Field

Description

Data Type

Length

Mandatory

Result_Set

Digital Service authorization result set.

JSON

Yes

ESrvc_Row_Count

This value indicates the number of Digital Services for which the authorizations are present in the Result_Set JSON object. It is possible for this value to be 0.

Integer

Yes

ESrvc_Result

Array of JSON objects, each object contains authorization details for a specific Digital Service. If ESrvc_Row_Count = 0, then ESrvc_Result will be an empty array ([]).

Array of JSON

Yes

CPESrvcID

The readable ID of the Digital Service that is requesting the authorization.

String

Yes

Auth_Result_Set

JSON object contains authorization result for the user for a specific Digital Service.

JSON

Yes

Row

Array of JSON objects, where each JSON object describes a single third-party assignment.

Array of JSON

Yes

Row_Count

The number of rows included in the auth result set (ie. number of assignments the user has for the e-service).

e.g. If the user is granted two separate assignments to the same e-service on behalf of the same entity, this value will be 2 . The following result set will contain then contain two objects, each representing one assignment.

Integer

Yes

CPEntID_SUB

Sub-UEN value of that entity to which the user is assigned the authorization. If the Digital Service requires a mandatory Sub-UEN attribute but no value was supplied, "ERROR_MISSING_VALUE" will be returned for the field.

String

Yes

CPRole

The role assigned to the user in this particular authorisation.

String

Yes

StartDate

The start date for validity of the authorisation.

String (format YYYY-MM-DD)

Yes

EndDate

The end date for validity of the authorisation.

String (format YYYY-MM-DD)

Yes

Parameter

This is optional array of parameters (JSON objects containing only name and value pair attributes) defined by Digital Service administrator. These parameters will be populated as required. These parameters use a name-value pair format. If no parameters are defined this will be returned as empty array. If a parameter is defined as mandatory by the Digital Service administrator but no value was supplied, "ERROR_MISSING_VALUE" will be returned for the field.

Array of JSON

Yes

Parameter.name

Parameter name defined by defined by Digital Service administrator

String

Parameter.value

Parameter value defined by defined by Digital Service administrator

String

PreviousUserinfo Endpoint NextThird-party Auth Info Structure

Last updated 5 days ago