Skip to main content

[3 Oct 2024] Issue with Incorrect Application Dependency on Corppass Access Token

Wei Lai
Updated

*the following email was broadcasted to all recipients in our contact list on 3 Oct 2024. 

 

Dear Corppass Partners,

This email informs you about upcoming changes to the Access Token used for fetching data from the Corppass AuthInfo endpoint.

Background

In the OpenID Connect (OIDC) protocol, an Access Token is a temporary credential that allows the Relying Party (RP) to access specific resources or data on a server or API. For Corppass OIDC, the Access Token is used to exchange data from the AuthInfo endpoint.

The Access Token is not intended to be read by the RP's application for interpreting information within it or validating its payload.

As part of our ongoing feature development and system maintenance, we will continually update the Access Token. This will enable us to unlock more use cases that benefit both RPs and entities.

The problem

Recently, some RPs contacted us after we made changes to the Access Token in the Staging (STG) environment. They reported that their OIDC flow was disrupted due to existing dependencies their applications placed on the Access Token.

What's next

We will be making changes to the structure and content of the Access Token over time. These changes may occur without advance notice and will be implemented in both the STG and Production (PRD) environments. We have already started making these changes in STG since mid-September, and we will begin doing so in PRD from 21 Oct 2024 onwards.

Action Required

Please review your applications and identify any areas where you are imposing dependencies on the Access Token. This includes parsing or relying on specific attributes within the token.

Where applicable, update your code to remove these dependencies as soon as possible. You can verify these changes in the STG environment, as we have already started implementing them there.

We understand that this change may require some effort on your part, and we appreciate your cooperation in ensuring a smooth transition.

Support

As always, thank you for your continued support in making Corppass better for everyone. Feel free to raise a ticket at our Help Center if you have any questions.

Thank you.


Best Regards,

The Corppass Team


p.s. Please forward this to your colleagues where relevant. If you know of anyone who should be receiving this but isn’t, please advise them to join our mailing list by filling up the form here.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk