Corppass
  • INTRODUCTION
    • About Corppass
    • Corppass Design Guidelines
      • Brand Guidelines
      • Button Guidelines
  • Technical Specifications
    • Corppass Authorization API
      • Key concepts
        • Client JWKS
        • JWS and JWE
        • Client Assertion JWT
        • Proof Key of Code Exchange (PKCE)
      • Staging and Production URLs
      • Well-known Endpoints
        • OpenID Discovery Endpoint
        • JWKS Endpoint
      • Scopes
      • Authorization Endpoint
        • Authorization Code with Proof Key of Code Exchange (PKCE) Flow
        • Pushed Authorization Request (PAR) Flow
      • Token Endpoint
        • ID Token Structure
          • UserInfo Claim Structure
          • EntityInfo Claim Structure
        • Access Token Structure
      • Authorization Info Endpoint
        • AuthInfo Structure
        • TPAuthInfo Structure
      • Pushed Authorization Request (PAR) Endpoint
  • Corppass Developer Portal (CDP)
    • User Guide
      • Getting Started
      • Login to CDP
      • Available Digital Service Settings
        • FAQs
      • Toggle Between Staging and Production Environments
      • Portal Features
        • Updating the Digital Service and Managing Metadata
      • User Roles and Permissions
      • Frequently Asked Questions (FAQ)
        • Login Issues
        • Access and Permissions
        • How is CDP Different from Corppass Agency Admin (AA) Portal?
        • Other Common Issues
  • MORE INFORMATION
    • Is Corppass working?
    • Contact Us
Powered by GitBook
On this page
  • Third-Party Authorization Scenarios
  • Attributes in TPAuthInfo Claim
  1. Technical Specifications
  2. Corppass Authorization API
  3. Authorization Info Endpoint

TPAuthInfo Structure

PreviousAuthInfo StructureNextPushed Authorization Request (PAR) Endpoint

Last updated 2 months ago

The TPAuthInfo claim provides details about third-party authorizations for the user. This claim is included in the response only for scenarios where the user is associated with the third-party functionality within a Digital Service.

Third-Party Authorization Scenarios

For Digital Services that support third-party functionality, if a third-party user logs in using Corppass, an additional TPAuthInfo object will be shared alongside the AuthInfo object.

A user may have multiple authorizations for a given Digital Service as a third party.

  • Example: For a GST Digital Service, a third-party entity may have 5 clients. If the user is authorized to file GST for all 5 clients, the ser will have 5 third-party authorizations.

Attributes in TPAuthInfo Claim

The table below provides a detailed description of the attributes included in the TPAuthInfo claim. The TPAuthInfo object is optional and only present for third-party scenarios.

Field
Description
Data Type
Length
Mandatory

Auth_Result_Set

JSON object contains authorization assigned for that client entity for the user

JSON

-

Yes

Auth_Set

JSON object contains authorization result for the user for a specific Digital Service.

JSON

-

Yes

CP_Clnt_ID

Contains the client entity ID

String

10

Yes

CP_ClntEnt_SUB

Sub-UEN value of that entity to which the user is assigned the authorization. Sub-UEN is an optional attribute for a Digital Service and therefore can be blank.

String

32

Yes

CP_ClntEnt_TYPE

Contains the client entity type. The possible values for entity type are:

  • UEN

  • NON-UEN (Includes non-UEN entities as well as ASGD/ITR entities)

  • GSTN

String

10

Yes

CPESrvcID

ID of the Digital Service that is requesting the authorization.

String

25

Yes

CPRole

The role assigned to the user for that particular Sub-UEN

String

20

Yes

EndDate

The end date for validity of the role i.e. the date at which this role is no longer valid for the user for that Digital Service

String (format YYYY-MM-DD)

10

Yes

ENT_ROW_COUNT

Indicates the number of rows in the third-party assignment. This is equal to the number of clients that the user is authorized as third party for that Digital Service

Integer

10

Yes

ESrvc_Result

JSON object contains authorization details for a specific Digital Service.

JSON

-

Yes

ESrvc_Row_Count

This value indicates the number of Digital Services for which the authorizations are present in the Result_Set JSON object. This value will be set to 1.

Integer

10

Yes

name

Parameter name defined by defined by Digital Service administrator

String

30

No

Parameter

This is optional array of parameters (JSON objects containing only name and value pair attributes) defined by Digital Service administrator. These parameters will be populated as required. These parameters use a name-value pair format and will contain the "Digital Service defined name" from Corppass in the name field. If no parameters are defined this will be returned as empty array. If a parameter is defined as mandatory by the Digital Service administrator but no value was supplied, "ERROR_MISSING_VALUE" will be returned for the field.

Array of JSON

-

Yes

Result_Set

Digital Service authorization result set.

JSON

-

Yes

Row

Array of JSON objects, each JSON object represents actual authorization values for a given sub-UEN for a user.

Array of JSON

-

Yes

Row_Count

The count of the number of rows included in the result set e.g. If the user access to two sub-UENs within the same entity, the result set will contain two rows with the role information for each sub-UEN in one individual row.

Integer

10

Yes

StartDate

The start date for validity of the role i.e. the date from which this role is valid for the user for that Digital Service

String (format YYYY-MM-DD)

10

Yes

TP_Auth

Array of JSON objects, each JSON object represents authorization of the user for one client only.

Array of JSON

-

Yes

value

Parameter value defined by defined by Digital Service administrator

String

66

No

Authorization Info Endpoint