Test

The client ID of the client

Response type

A self-describing client external ID that is used for internal (billing) purposes

A self-describing client external ID that MyInfo sends to us for internal (fraud analytics) purposes.

Redirect URI

OIDC/OAuth2.0 Scopes. Must minimally include openid for an ID Token

A session-based, unique, and non-guessable value that the RP should generate per auth session. This parameter should ideally be generated and set by the RP’s backend and passed to the frontend. As part of threat modelling, NDI is requesting for the state parameter so as to mitigate replay attacks against the RP’s redirection endpoint (redirectUri). This parameter serves the same purpose as OAuth 2.0’s state parameter.

Maximum of 255 characters. Must match regexp pattern of [A-Za-z0-9/+_-=.]+

A session-based, unique, and non-guessable value that the RP should generate per auth session. This parameter should ideally be generated and set by the RP’s backend and passed to the frontend.

Maximum of 255 characters. May be alphanumeric. We recommend that you use a hex-encoded random number such as java.security.SecureRandom or UUIDv4.

Code challenge

Code challenge method. Currently only S256 is supported.

The app launch URL is for Singpass App to redirect to the partner iOS mobile app. Android has native functionality to support this but iOS does not.

(Required if the redirect_uri used is an app-claimed HTTPS URL) Supported values are app_claimed_https and standard_https (default). This value is ignored if the redirect_uri has a custom scheme.