Redirection on success
Once the user has authenticated successfully, Singpass will redirect the browser to the RP’s registered redirectUri along with the code and state parameters or an interstitial page for users have launched authentication from the RP’s native app.
The interstitial page is required to solicit a user interaction for launching from certain in-app browsers. Singpass will redirect to the interstitial page if the redirectUri is custom-schemed or app-claimed HTTPS. To specify that the redirectUri is an app-claimed HTTPS, the RP must include the query parameter redirect_uri_https_type=app_claimed_https at Authorization endpoint.
Example redirect location: https://partner.gov.sg/redirect?code=XcyzlSeX1hIyJFlstxsSF_UeXC5DtiYkFgJ8VVx52mg&state=NGRlZThmNzQtZDU5YS00YTY1LWFkODItYmE4NDA4Y2UwY2Uw
code | A securely generated random number in base64-url format. This parameter must be sent to the Token endpoint along with others to exchange for the user’s ID token. |
state | The same |
Once redirected, the RP should invoke the Token endpoint to obtain an ID token and complete the login process.
Note: The
codeparameter has a lifetime of 2 minutes. RPs must exchange it for an ID token within this period.
Last updated