Redirection on success

Once the user has authenticated successfully, Singpass will redirect the browser to the RP’s registered redirectUri along with the code and state parameters or an interstitial page for users have launched authentication from the RP’s native app.

The interstitial page is required to solicit a user interaction for launching from certain in-app browsers. Singpass will redirect to the interstitial page if the redirectUri is custom-schemed or app-claimed HTTPS. To specify that the redirectUri is an app-claimed HTTPS, the RP must include the query parameter redirect_uri_https_type=app_claimed_https at Authorization endpoint.

Example redirect location: https://partner.gov.sg/redirect?code=XcyzlSeX1hIyJFlstxsSF_UeXC5DtiYkFgJ8VVx52mg&state=NGRlZThmNzQtZDU5YS00YTY1LWFkODItYmE4NDA4Y2UwY2Uw

Parameter Description

Parameter	Description
code	A securely generated random number in base64-url format. This parameter must be sent to the Token endpoint along with others to exchange for the user’s ID token.
state	The same `state` parameter provided to the Authorization endpoint

code

A securely generated random number in base64-url format. This parameter must be sent to the Token endpoint along with others to exchange for the user’s ID token.

state

The same state parameter provided to the Authorization endpoint

Once redirected, the RP should invoke the Token endpoint to obtain an ID token and complete the login process.

Note: The code parameter has a lifetime of 2 minutes. RPs must exchange it for an ID token within this period.

Previous1. Authorization Endpoint NextFor Mobile Developers

Last updated 1 month ago