Access Token Structure
The Access Token is a signed JWS consumed by Corppass resource servers.
Relying Parties (RPs) must treat the Access Token as opaque and must not attempt to parse or interpret its content.
JWT Payload Example:
{
"iat": 1716451740,
"exp": 1716452339,
"iss": "https://stg-id.corppass.gov.sg",
"scope": "authinfo tpauthinfo",
"aud": ["https://stg-id.corppass.gov.sg/authorization-info"],
"client_id": "97ZZnLxUfzzVz50kfCwB",
"sub": "s=S1234567P,uuid=0f14a2fc-09c2-4780-95f0-8c28347f2780,u=CP192,c=SG",
"jti": "vhC0eLzU-ol8IQ0RuFL5f"
}
The JWS payload includes the following claims:
aud
Array
The URI of the resource server(s) for which the Access Token is intended. Refer to Section 4.1.3 of RFC 7519.
iat
Number
The time at which the Access Token was issued, expressed as a UNIX timestamp. Refer to Section 4.1.6 of RFC 7519.
exp
Number
The expiration time on or after which the Access Token MUST NOT be accepted for processing. Defaults to 10 minutes since iat
. Refer to Section 4.1.4 of RFC 7519.
scope
String
A space-separated list of scopes granted by the token, which defines the permissions for the resource server.
sub
String
The principal that is the subject of the JWT. It contains a comma-separated list of key=value
pairs that uniquely identify the user, which may include multiple alternate identifiers.
client_id
String
The client ID of the Relying Party for which the Access Token is intended.
jti
String
The unique identifier of the token.
Last updated