Singpass Developer Docs
Legacy Myinfo v3/v4
Legacy Myinfo v3/v4
  • Legacy Myinfo v3/v4
  • Data Catalog
  • Key Principles
  • Technical Specifications
    • Myinfo v4
      • Difference between v3 and v4
      • Technical Guidelines
      • Technical Concepts
        • OAuth 2.1 Concepts
        • Proof of Key Code Exchange (PKCE)
        • JSON Web Token (JWT)
        • Client Assertions
        • JSON Web Key Store (JWKS)
        • Demonstration of Proof-of-Possession (DPoP)
      • API Specifications
      • Tutorials
        • Tutorial 1: Myinfo Person sample Data
        • Tutorial 2: End-to-end Integration with Myinfo v4 APIs
      • Resources
        • Myinfo Connectors
        • Error Codes
      • FAQ
    • Myinfo v3
      • Technical Guidelines
      • API Specifications
      • Latest X.509 Public Key Certificate
      • Tutorials
        • Tutorial 1: Basic Person API
        • Tutorial 2: Using OAuth2
        • Tutorial 3: Implementing PKI Digital Signature
      • Resources
        • Myinfo Connectors
        • Error Codes
      • FAQ
Powered by GitBook
On this page
  • Authorize API
  • Token API
  • Person API

Was this helpful?

  1. Technical Specifications
  2. Myinfo v4
  3. Resources

Error Codes

PreviousMyinfo ConnectorsNextFAQ

Last updated 1 month ago

Was this helpful?

During implementation, you may encounter various errors with Myinfo API. This can be caused by various reasons such as implementation issues, wrong input or environmental differences.

All Myinfo APIs will return a standard HTTP error code together with an error message. The error code/message may change from time to time but it can be used for debugging.

Troubleshooting and debugging of the APIs can be done in the following steps.

  1. Identification of which API is not working and an error is being returned from Myinfo Servers (e.g /authorize, /token, /person) Errors cound also occur due to

    • Connectivity errors (ensure there is no firewall blocking)

    • Incorrect urls and path parameters

  2. Once an error is returned from Myinfo API, note down the error message and status code and utilise below table to debug

  3. If issue persists or unable to resolve the issue, please submit a request at


Authorize API

Error Code

Error Message

Reason

Remediation

302

Possible to have the following error codes in the 'error' attribute.

  • invalid_scope : Invalid scope was requested in authorize URL

  • access_denied: When user did not give consent

400

Invalid parameters sent in authorize URL

404

Invalid client_id sent in authorize URL

Verify if client_id used has been set to live in DPP and correct client_id was passed in url

440

You are not logged in, or your previous session has expired.

Verify session is still valid, expiry of 2mins and also verify that browser is passing session cookie during redirect

500

Unexpected error.


Token API

Error Code

Error Message

Reason

Remediation

400

No body found for POST request

Body was not sent in request

Verify body was sent in request

  • Invalid client_assertion

  • Missing jti in client_assertion

  • Missing sub in client_assertion

  • Invalid sub in client_assertion

  • Missing aud in client_assertion

  • Missing iat in client_assertion

  • Missing exp in client_assertion

  • Invalid exp in client_assertion

  • Duplicate client_assertion

Format of client_assertion is incorrect

Invalid client_assertion_type

Invalid client_assertion_type value passed in

Verify value is "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"

Error Retrieving JWKS

Error retrieving JWKS from Myinfo Servers

Ensure correct JWKS endpoint is configured onto DPP and is a public URL

  • Invalid JWKS

  • Missing valid sig key in JWKS

  • Missing valid enc key in JWKS

JWKS format is incorrect

Missing DPoP Proof

DPoP Proof JWT is missing in headers

Ensure DPoP Proof JWT is passed in correctly in HTTP headers

Missing {param} from headers

Missing mandatory param in the HTTP header

Missing {param} from body

Missing mandatory param in the HTTP body

401

Unauthorized.

App does not have access to this API

Ensure App is configured correctly and is live on DPP

  • Invalid DPoP Proof

  • Missing jkt in DPoP Proof

  • Invalid jkt in DPoP Proof

  • Missing htm in DPoP Proof

  • Invalid htm in DPoP Proof

  • Missing htu in DPoP Proof

  • Invalid htu in DPoP Proof

Invalid DPoP Proof JWT format

Invalid JWS Verification

Signature of DPoP or client_assertion is invalid

  • Verify private key used to sign client_assertion matches the sig key in JWKS

  • Verify kid in client_assertion header matches the corresponding kid in JWKS

  • Verify JWK in DPoP Proof header is the correct public key to verify the private key

404

Not found.

Invalid client_id passed to API

Verify App is configured correctly on DPP and correct client_id(ensure correct id is used in the correct environment) is used

500

Internal server error.

Unexpected error.


Person API

Error Code

Error Message

Reason

Remediation

400

Invalid Encyption key

Encryption key is of an Invalid format

Ensure JWKS has at least 1 encryption key with alg = 'ECDH-ES +A256KW' and use = 'enc'

Missing DPoP Proof

DPoP Proof JWT is missing in headers

Ensure DPoP Token is passed in correctly in HTTP headers

Duplicated DPoP-bound access_token

access_token has already been used

access_token is a one time use, ensure a new access_token is retrieved for every API call

Missing {param} from query parameters

Missing mandatory param in the query parameters

Missing {param} from headers

Missing mandatory param in the HTTP headers

401

  • Invalid DPoP Proof

  • Missing ath in DPoP Proof

  • Invalid ath in DPoP Proof

  • Missing jkt in DPoP Proof

  • Invalid jkt in DPoP Proof

  • Missing htm in DPoP Proof

  • Invalid htm in DPoP Proof

  • Missing htu in DPoP Proof

  • Invalid htu in DPoP Proof

Invalid DPoP Proof JWT format

403

DPoP-bound access_token aud doesn't match with requested url

access_token aud does not match resource being called

Verify correct access_token matching service being called is used

DPoP-bound access_token realm doesn't match with requested realm

access_token realm does not match resource being called

Verify correct access_token matching service being called is used

DPoP-bound access_token subject doesn't match with requested sub

access_token sub does not match uuid being requested in API

Verify the same uuid is requested as provided in access_token

DPoP-bound access_token scope doesn't match with requested attributes

access_token scope does not match scope being requested in API

Verify the same scope is requested as provided in access_token

DPoP-bound access_token invalid

access_token is of an invalid format

Verify the access_token passed in API request is correct and from /token response

404

Requested sub's data may not be available

Verify the access_token passed in API request is correct and from /token response

500

Internal server error.

Unexpected error.

Verify querystring parameters are correct as per specifications()

Verify client_assertion format are correct as per specifications() Utilize client_assertion Ensure client_assertion is signature is correct (Need to be signed with private key corresponding to sign key configured in JWKS) Ensure client_assertion is used only once per transactiont

Ensure JWKS is returned as a JSON object with this format () Ensure JWKS has at least 1 sign key with alg = 'ES256' and use = 'sig Ensure JWKS has at least 1 encryption key with alg = 'ECDH-ES +A256KW' and use = 'enc' Utilize

Verify specified mandatory param is passed in the HTTP header as per specifications ()

Verify specified mandatory param is passed in the HTTP header as per specifications ()

Verify DPoP Token format is correct as per specifications( Utilize Ensure DPoP is signature is correct (Need to be signed with private key corresponding to public key embedded in JWT header)

Utilize Ensure DPoP is signature is correct (Need to be signed with private key corresponding to public key embedded in JWT header)

Verify specified mandatory param is passed in the query parameters as per specifications ()

Verify specified mandatory param is passed in the query parameters as per specifications ()

Verify DPoP Token format is correct as per specifications( Utilize Ensure DPoP is signature is correct (Need to be signed with private key corresponding to public key embedded in JWT header) Ensure DPoP is signed with the same private key used to create DPoP in /token call.

partnersupport.singpass.gov.sg
https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v4.0.0.html#operation/getauthorize
https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v4.0.0.html#section/Security/Client-Assertion
Generator/Verifier
https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v4.0.0.html#section/Security/Enhancements-in-v4
JWKS verifier
https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v4.0.0.html#operation/gettoken
https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v4.0.0.html#operation/gettoken
https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v4.0.0.html#section/Security/Demonstration-of-Proof-of-Possesion-(DPoP)
DPoP verifier
DPoP verifier
https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v4.0.0.html#operation/getperson
https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v4.0.0.html#operation/getperson
https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v4.0.0.html#section/Security/Demonstration-of-Proof-of-Possesion-(DPoP)
DPoP verifier