Overview of Singpass
Singpass is Singapore's national digital identity authentication provider using the OpenID Connect 1.0 protocol. It stores users' identity information and authenticates them for transactions with government agencies and private organizations online.
How Singpass OIDC Works?
OpenID Provider (OP) is the party that issues the ID token. In this case, Singpass serves as the OpenID provider.
Relying Party (RP) is the party that requests the ID token from Singpass, which in this context refers to your mobile or web application.
OpenID Connect 1.0 offers various authentication flows for integrating an OpenID Provider (OP) and a Relying Party (RP). Singpass as the OpenID Provider supports only the authorization code flow. This flow is the most widely used OpenID Connect authentication method, ideal for web applications and native applications that employ a client/server architecture. In this more secure and confidential flow, instead of returning the ID and access tokens directly to the Relying Party, an authorization code is provided. The Relying Party can then exchange the code for the necessary tokens to complete the authentication flow. The token will be used for information exchange if user info is required. The relying Party is required to manage the parsing of JWT used in JWT assertion, as detailed in our Singpass flow guide.
Last updated