# 2. Token Endpoint

{% hint style="danger" %}
All Login and Myinfo apps must follow Singpass' [FAPI 2.0-compliant authentication API](https://docs.developer.singpass.gov.sg/docs/technical-specifications/integration-guide) by 31 Dec 2026.

The specifications on this page apply to you only if you are maintaining an existing Login / Myinfo (v5) integration. We encourage you to [migrate](https://docs.developer.singpass.gov.sg/docs/technical-specifications/migration-guides/login-myinfo-v5-apps) early to avoid service disruptions.
{% endhint %}

Endpoint to obtain an ID token and access token. The ID token is a signed JWT that contains user information in the `sub` claim, and is signed by Singpass ASP. RPs will be able to verify the ID token’s JWT signature with our [JWKS endpoint](https://docs.developer.singpass.gov.sg/docs/technical-specifications/singpass-authentication-api/.well-known-endpoints/jwks-endpoint). RPs are expected to validate the ID token as per [OpenID connect specs](https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).

For the OIDC authentication flow, only the following grant(s) is supported:

* `authorization_code` (see the [Authentication using the Authorization Code Flow](https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth) in the OpenID connect specs for more details)

In the below sections, we are going to describe the API contract:

* [Authorization Code Grant](https://docs.developer.singpass.gov.sg/docs/technical-specifications/singpass-authentication-api/2.-token-endpoint/authorization-code-grant)
* [Client JWK Requirements](https://docs.developer.singpass.gov.sg/docs/technical-specifications/singpass-authentication-api/2.-token-endpoint/client-jwk-requirements)