| Claim | Description | Data Type |
|---|---|---|
sub | The principal that is the subject of the JWT. Contains a globally unique identifier for the user. | String |
sub_type | A property to describe what is the type of the subject of the JWT. | For Singpass, this is always the string "user" |
sub_attributes | This contains some information related to the user's identifiers. This is only returned if the user.identity , name, email, or mobileno scope is requested. | Object containing key-value pairs. See the section below for full details. |
act | An object describing actor acting on behalf of the sub. This is currently unused, but this may be used in the future for delegation (e.g. a child acting on behalf of their parent, or vice-versa).This object will contain a sub claim, which contains the UUID of the actor. If the user.identity , name, email, or mobileno scope is requested, it will also contain the respective data for the actor in the sub_attributes claim.If the sub_attributes claim is returned, the format of sub_attributes is described in the section below. | An object containing sub and sub_attributes (if requested). |
aud | The client ID of your registered client, provided by Singpass during app onboarding. | A 32-character case-sensitive alphanumeric string. |
iss | The issuer identifier of our authorization server. | String |
iat | The unix timestamp, in seconds, at which we issued this JWT. | Number |
exp | The unix timestamp, in seconds, on or after which this JWT must not be accepted for processing. | Number |
amr | An array of authentication method references. This refers to the form factors used by the user to authenticate themselves. The array will contain all the form factors used for this authentication. For example, if the user authenticated themselves using their password and SMS OTP, then this array will contain both pwd and otp-sms. | Array of strings. The possible values are:
Note that this list is non-exhaustive, and we reserve the right to introduce new values without prior notice to you. |
acr | The authentication class reference value used for this transaction. This identifies the level of assurance that this authentication satisfied. | One of the following values:
|
nonce | This is the same nonce that you used in your authorization request. | String |
| Property | Description | Data Type |
|---|---|---|
account_type | The Singpass account type for this user. For Singpass Foreign Account (SFA) holders, this will be For all other Singpass accounts (i.e. those belonging to Singapore Citizens, Permanent Residents, or FIN holders), this will be | A string, which is either "foreign" or "standard". This is only present if the user.identity scope was requested. |
identity_number | A string which contains a referencable identifier for the user. For Singapore Citizens and Permanent residents, this will be their NRIC. For FIN holders, this will be their FIN. For Singpass Foreign Account holders, this will be their foreign ID. | String. This is only present if the user.identity scope was requested. |
identity_coi | The country code for the of issuance of the identity. For Singapore Citizens, Permanent Residents, and FIN holders, this will be "SG".For Singpass Foreign Account holders, this will be the country code of the country which issued the user's foreign ID. | 2-letter country code. This is only present if the user.identity scope was requested. |
name | The user's principal name | Non-empty string. This will only be present if the name scope is requested. |
email | The user's email address | String. This will only be present if the email scope is requested, and if the user has an email registered with Singpass. |
mobileno | The user's mobile number. This will always be a Singapore mobile number, and it will not include the country code. | Numeric string. This will only be present if the moibleno scope is requested, and if the user has a mobile number registered with Singpass.For Singpass Foreign Account (SFA) users, this will always be absent. |