Access Token Structure

The Access Token is a signed JWS consumed by Corppass resource servers.

Relying Parties (RPs) must treat the Access Token as opaque and must not attempt to parse or interpret its content.

JWT Payload Example:

{
  "iat": 1716451740,
  "exp": 1716452339,
  "iss": "https://stg-id.corppass.gov.sg",
  "scope": "authinfo tpauthinfo",
  "aud": ["https://stg-id.corppass.gov.sg/authorization-info"],
  "client_id": "97ZZnLxUfzzVz50kfCwB",
  "sub": "s=S1234567P,uuid=0f14a2fc-09c2-4780-95f0-8c28347f2780,u=CP192,c=SG",
  "jti": "vhC0eLzU-ol8IQ0RuFL5f"
}

The JWS payload includes the following claims:

Claim
Type
Description

aud

Array

The URI of the resource server(s) for which the Access Token is intended. Refer to Section 4.1.3 of RFC 7519.

iss

String

The issuer of the Access Token. Refer to Section 4.1.1 of RFC 7519.

iat

Number

The time at which the Access Token was issued, expressed as a UNIX timestamp. Refer to Section 4.1.6 of RFC 7519.

exp

Number

The expiration time on or after which the Access Token MUST NOT be accepted for processing. Defaults to 10 minutes since iat. Refer to Section 4.1.4 of RFC 7519.

scope

String

A space-separated list of scopes granted by the token, which defines the permissions for the resource server.

sub

String

The principal that is the subject of the JWT. It contains a comma-separated list of key=value pairs that uniquely identify the user, which may include multiple alternate identifiers.

client_id

String

The client ID of the Relying Party for which the Access Token is intended.

jti

String

The unique identifier of the token.

PreviousEntityInfo Claim StructureNextAuthorization Info Endpoint

Last updated