Corppass
  • INTRODUCTION
    • About Corppass
    • Corppass Design Guidelines
      • Brand Guidelines
      • Button Guidelines
  • Technical Specifications
    • Corppass Authorization API
      • Key concepts
        • Client JWKS
        • JWS and JWE
        • Client Assertion JWT
        • Proof Key of Code Exchange (PKCE)
      • Staging and Production URLs
      • Well-known Endpoints
        • OpenID Discovery Endpoint
        • JWKS Endpoint
      • Scopes
      • Authorization Endpoint
        • Authorization Code with Proof Key of Code Exchange (PKCE) Flow
        • Pushed Authorization Request (PAR) Flow
      • Token Endpoint
        • ID Token Structure
          • UserInfo Claim Structure
          • EntityInfo Claim Structure
        • Access Token Structure
      • Authorization Info Endpoint
        • AuthInfo Structure
        • TPAuthInfo Structure
      • Pushed Authorization Request (PAR) Endpoint
  • Corppass Developer Portal (CDP)
    • User Guide
      • Getting Started
      • Login to CDP
      • Available Digital Service Settings
        • FAQs
      • Toggle Between Staging and Production Environments
      • Portal Features
        • Updating the Digital Service and Managing Metadata
      • User Roles and Permissions
      • Frequently Asked Questions (FAQ)
        • Login Issues
        • Access and Permissions
        • How is CDP Different from Corppass Agency Admin (AA) Portal?
        • Other Common Issues
  • MORE INFORMATION
    • Is Corppass working?
    • Contact Us
Powered by GitBook
On this page
  • JSON Web Signature (JWS)
  • JSON Web Encryption (JWE)
  1. Technical Specifications
  2. Corppass Authorization API
  3. Key concepts

JWS and JWE

The Corppass Authorization API leverages JSON Web Signature (JWS) and JSON Web Encryption (JWE) to secure data integrity, authenticity, and confidentiality during token exchanges.

JSON Web Signature (JWS)

JWS ensures the integrity and authenticity of a payload by digitally signing it. A JWS consists of three components, each base64url-encoded and concatenated with periods (.):

  1. Header: Contains metadata such as the signing algorithm (alg) and key identifier (kid).

  2. Payload: Contains the data or claims to be signed.

  3. Signature: A cryptographic signature ensuring the payload and header have not been tampered with.

JWS Structure Example

<Header>.<Payload>.<Signature>

JWS Header Example

{ 
  "alg": "ES256", 
  "kid": "d591e152-886e-46cc-aa70-36a4431162a6", 
  "typ": "JWT" 
}

JSON Web Encryption (JWE)

JWE secures the confidentiality of data by encrypting it. A JWE consists of five base64url-encoded parts, separated by periods (.):

  1. Protected Header: Contains metadata about the encryption algorithm (alg) and encryption key.

  2. Encrypted Key: The key used to encrypt the payload.

  3. Initialisation Vector (IV): Ensures randomness in encryption.

  4. Cipher Text: The encrypted payload.

  5. Authentication Tag: Ensures integrity of the encrypted data.

JWE Structure Example

<Protected Header>.<Encrypted Key>.<IV>.<Ciphertext>.<Authentication Tag>

JWE Header Example

{ 
  "alg": "ECDH-ES+A256KW", 
  "kid": "nxiJJNNVxxnTkU2wL65TI2PkILIJOURSTQSABLuH2kE", 
  "enc": "A256CBC-HS512", 
  "typ": "JWT" 
}
PreviousClient JWKSNextClient Assertion JWT

Last updated 3 months ago