Third-party Auth Info Structure

The tp_auth_info claim provides details about third-party authorizations for the user.

This claim will only be provided in the Userinfo Endpoint response if the following conditions are met:

The tpauthinfo scope is present in the access token
The digital service that the user is logging in to supports third-party functionality on Corppass.
The user has third-party authorisations for the digital service.

Note: A user may have multiple third-party authorizations for a given Digital Service.

Example: For the GST Digital Service, a user from a third-party firm is authorized to file GST on behalf of 5 client entities. In this case, all 5 third-party authorizations will be returned in the tp_auth_info claim.

Example

Sample tp_auth_info claim

Third-Party auth info payload for a User with two third-party authorisations for the e-service SAMPLE-ESERVICE.

One authorisation is to act on behalf of entity T00YY8888X, and the other on behalf of entity T99BB0000A.

{
  "tp_auth_info": {
    "Result_Set": {
      "ESrvc_Row_Count": 1,
      "ESrvc_Result": [
        {
          "CPESrvcID": "SAMPLE-ESERVICE",
          "Auth_Set": {
            "ENT_ROW_COUNT": 2,
            "TP_Auth": [
              {
                "CP_Clnt_ID": "T00YY8888X",
                "CP_ClntEnt_TYPE": "UEN",
                "Auth_Result_Set": {
                  "Row_Count": 1,
                  "Row": [
                    {
                      "CP_ClntEnt_SUB": "",
                      "CPRole": "Maker",
                      "StartDate": "2025-09-05",
                      "EndDate": "9999-12-31",
                      "Parameter": []
                    }
                  ]
                }
              },
              {
                "CP_Clnt_ID": "T99BB0000A",
                "CP_ClntEnt_TYPE": "UEN",
                "Auth_Result_Set": {
                  "Row_Count": 1,
                  "Row": [
                    {
                      "CP_ClntEnt_SUB": "",
                      "CPRole": "Checker",
                      "StartDate": "2025-09-05",
                      "EndDate": "9999-12-31",
                      "Parameter": []
                    }
                  ]
                }
              }
            ]
          }
        }
      ]
    }
  },
}

Attributes in `tp_auth_info` Claim

The table below provides a detailed description of the attributes included in the tp_auth_info claim.

Mandatory Field: Always present in the object and contain values, which could be a blank string ("") if no data is available.

Non-Mandatory Field: Included only if data is available and not required by the schema.

Field

Description

Data Type

Length

Mandatory

Result_Set

Digital Service authorization result set.

JSON

Yes

ESrvc_Row_Count

This value indicates the number of Digital Services for which the authorizations are present in the Result_Set JSON object. For third-party authorisations, this value will always be set to 1.

Integer

Yes

ESrvc_Result

Array with a single JSON object that contains the third-party authorization details for the Digital Service.

Array of JSON

Yes

CPESrvcID

The readable ID of the Digital Service that is requesting the authorization.

String

Yes

Auth_Set

JSON object contains authorization result for the user for a specific Digital Service.

JSON

Yes

ENT_ROW_COUNT

Indicates the number of rows in the third-party assignment. This is equal to the number of client entities that the user is authorized as third party for that Digital Service.

Integer

Yes

TP_Auth

Array of JSON objects, each JSON object represents an third-party authorization of the user for a given client entity.

Array of JSON

Yes

CP_Clnt_ID

Contains the client entity ID (eg. UEN)

String

Yes

CP_ClntEnt_TYPE

Contains the client entity type. The possible values for entity type are:

UEN
NON-UEN (Includes non-UEN entities as well as ASGD/ITR entities)
GSTN

String

Yes

Auth_Result_Set

JSON object containing the third-party authorizations assigned to the user for a given client entity.

JSON

Yes

Row

Array of JSON objects, where each JSON object describes a single third-party assignment.

Array of JSON

Yes

Row_Count

The count of the number of rows included in the result set (ie. number of third-party assignments the user has for the given client entity). e.g. If the user is granted two separate third-party assignments to the same e-service on behalf of the same entity, this value will be 2 . The following result set will contain then contain two objects, each representing one assignment.

Integer

Yes

CP_ClntEnt_SUB

Sub-UEN value of that entity to which the user is assigned the authorization. If the Digital Service requires a mandatory Sub-UEN attribute but no value was supplied, "ERROR_MISSING_VALUE" will be returned for the field.

String

Yes

CPRole

The role assigned to the user in this particular authorisation.

String

Yes

StartDate

The start date for validity of the authorisation.

String (format YYYY-MM-DD)

Yes

EndDate

The end date for validity of the authorisation.

String (format YYYY-MM-DD)

Yes

Parameter

This is optional array of parameters (JSON objects containing only name and value pair attributes) defined by Digital Service administrator. These parameters will be populated as required. These parameters use a name-value pair format. If no parameters are defined this will be returned as empty array. If a parameter is defined as mandatory by the Digital Service administrator but no value was supplied, "ERROR_MISSING_VALUE" will be returned for the field.

Array of JSON

Yes

Parameter.name

Parameter name defined by defined by Digital Service administrator

String

Parameter.value

Parameter value defined by defined by Digital Service administrator

String

PreviousAuth Info Structure NextWell-known Endpoints

Last updated 5 days ago