Corppass
  • INTRODUCTION
    • About Corppass
    • Corppass Design Guidelines
      • Brand Guidelines
      • Button Guidelines
  • Technical Specifications
    • Corppass Authorization API
      • Key concepts
        • Client JWKS
        • JWS and JWE
        • Client Assertion JWT
        • Proof Key of Code Exchange (PKCE)
      • Staging and Production URLs
      • Well-known Endpoints
        • OpenID Discovery Endpoint
        • JWKS Endpoint
      • Scopes
      • Authorization Endpoint
        • Authorization Code with Proof Key of Code Exchange (PKCE) Flow
        • Pushed Authorization Request (PAR) Flow
      • Token Endpoint
        • ID Token Structure
          • UserInfo Claim Structure
          • EntityInfo Claim Structure
        • Access Token Structure
      • Authorization Info Endpoint
        • AuthInfo Structure
        • TPAuthInfo Structure
      • Pushed Authorization Request (PAR) Endpoint
  • Corppass Developer Portal (CDP)
    • User Guide
      • Getting Started
      • Login to CDP
      • Available Digital Service Settings
        • FAQs
      • Toggle Between Staging and Production Environments
      • Portal Features
        • Updating the Digital Service and Managing Metadata
      • User Roles and Permissions
      • Frequently Asked Questions (FAQ)
        • Login Issues
        • Access and Permissions
        • How is CDP Different from Corppass Agency Admin (AA) Portal?
        • Other Common Issues
  • MORE INFORMATION
    • Is Corppass working?
    • Contact Us
Powered by GitBook
On this page
  1. Technical Specifications
  2. Corppass Authorization API

Authorization Info Endpoint

POST /authorization-info 

The Authorization Info Endpoint allows the Relying Party (RP) to retrieve detailed authorization information about the authenticated user. To access this enpdoint, the RP must include a valid Access Token issued by the /token endpoint in the Authorization header as a Bearer token.

In the previous minor version (2.0), the practice of appending the scope in the request body was supported. This behavior has been removed in the current version. The scope parameter should now be assessed at the Authorize Endpoint rather than the Authorization Info Endpoint. Therefore, appending scope in the request body is no longer supported.

While this change will not impact RPs (Relying Parties) who are still appending scope in the request body, we strongly encourage RPs to deprecate this implementation to simplify the network calls and ensure compatibility with the updated version.

Request

Headers

Field
Required
Description

Authorization

Yes

The Access Token issued by the /token endpoint, passed as a Bearer token in the header.

Example:

Authorization: Bearer <Access-Token>

Response

The Authorization Info Endpoint returns authorization claims encapsulated in a JWS. The payload contains information about the user's roles, entities, and third-party authorizations.

Response Body Example

{
  "iat": 1624086842,
  "exp": 1624087442,
  "aud": "vOIljWVrGyBMK6f31QYq",
  "iss": "https://stg-id.corppass.gov.sg",
  "sub": "vOIljWVrGyBMK6f31QYq",
  "AuthInfo": {
    "Result_Set": {
      "ESrvc_Row_Count": 1,
      "ESrvc_Result": [
        {
          "CPESrvcID": "SD-CPF2FA",
          "Auth_Result_Set": {
            "Row_Count": 1,
            "Row": [
              {
                "CPEntID_SUB": "",
                "CPRole": "CPF2FAR1",
                "StartDate": "2020-08-28",
                "EndDate": "9999-12-31",
                "Parameter": [
                  { "name": "Free Text", "value": "" },
                ]
              }
            ]
          }
        }
      ]
    }
  },
  "TPAuthInfo": {
    "Result_Set": {
      "ESrvc_Row_Count": 1,
      "ESrvc_Result": [
        {
          "CPESrvcID": "AGM02",
          "Auth_Set": {
            "ENT_ROW_COUNT": 1,
            "TP_Auth": [
              {
                "CP_Clnt_ID": "VBR000036",
                "CP_ClntEnt_TYPE": "UEN",
                "Auth_Result_Set": {
                  "Row_Count": 1,
                  "Row": [
                    {
                      "CP_ClntEnt_SUB": "",
                      "CPRole": "",
                      "StartDate": "2020-07-29",
                      "EndDate": "9999-12-31",
                      "Parameter": []
                    }
                  ]
                }
              }
            ]
          }
        }
      ]
    }
  }
}

Response Claims

Claim
Type
Description

aud

String

iss

String

sub

String

The unique user identifier (e.g. client ID) for the authenticated user.

iat

Number

exp

Number

AuthInfo

JSON

Authorization information assigned to the user.

TPAuthInfo

JSON

Third-party authorization information assigned to the user.

PreviousAccess Token StructureNextAuthInfo Structure

Last updated 2 months ago

The client ID of the Relying Party (RP). Refer to .

The issuer of the JWT. Refer to .

The time the JWT was issued, expressed as a UNIX timestamp. Refer to .

The expiration time of the JWT. Defaults to 10 minutes from iat. Refer to .

Section 4.1.3 of RFC 7519
Section 4.1.1 of RFC 7519
Section 4.1.6 of RFC 7519
Section 4.1.4 of RFC 7519